Roaming Mantis Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en158
zh5
sv2
pl2
de1

Country

cn142
us21
de1

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1WordPress Metadata deserialization8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-20148
2Drupal File file access5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2017-6922
3UpdraftPlus Plugin admin.php updraft_ajax_handler server-side request forgery6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2017-16870
4RoundCube Webmail Config Setting rcube_image.php argument injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-12641
5Revive Adserver asyncspc.php Reflected 7pk security7.16.3$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2016-9470
6Cisco ASA ASDM improper authentication6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2013-5511
7Open Webmail openwebmail-main.pl cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.04CVE-2007-4172
8ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-12815
9Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2014-2120
10WordPress URL server-side request forgery8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-17670
11Joomla CMS index.php sql injection7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2010-4166
12Apache Tomcat FORM Authentication session fixiation8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2019-17563
13DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2017-17731
14Joomla CMS index.php sql injection7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2010-4696
15Odoo Community/Enterprise Discuss App access control6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2018-15631
16Apache HTTP Server LuaAuthzProvider mod_lua.c access control5.34.6$25k-$100k$0-$5kUnprovenOfficial Fix0.03CVE-2014-8109
17WordPress Login Page redirect6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-10100
18Microsoft Windows TCP/IP Stack access control6.35.7$25k-$100k$0-$5kHighOfficial Fix0.04CVE-2014-4076
19Site Editor Plugin path traversal6.45.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.00CVE-2018-7422
20Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.06CVE-2009-2814

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Asia Mobile Devices

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (87)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/+CSCOE+/logon.htmlHigh
2File/addnews.htmlHigh
3File/admin/system/database/filedown.phpHigh
4File/bin/boaMedium
5File/cgi-bin/upload_vpntarHigh
6File/cgi-bin/user/Config.cgiHigh
7File/MTFWULow
8File/okm:rootMedium
9File/wp-content/plugins/updraftplus/admin.phpHigh
10Fileactions/authenticate.phpHigh
11Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxHigh
12Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxHigh
13Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xHigh
14Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxHigh
15Filexxxxxxxxxxxxxxxx.xxxHigh
16Filexxx.xxxLow
17Filexxxxx/xxxxxxx/xxxxxxxxxxxxxHigh
18Filexxxx/xxxxxx/xxxxx.xxxHigh
19Filexxxx.xxxMedium
20Filexxxxxxxx/xxxxxxx/xxxxx.xxxxx.xxxHigh
21Filexxxxx.xxxMedium
22Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxHigh
23Filexxxxxxx.xxxMedium
24Filexxxxxx.xMedium
25Filexxxxxx.xxMedium
26Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxHigh
27Filexxxx/xxxxxx/xxxxx.xxxHigh
28Filexxxxxxxx.xxxMedium
29Filexxxxxxxx.xxxMedium
30Filexxx_xxx.xMedium
31Filexxxxxxxxxxx-xxxx.xxHigh
32Filexxxx/xxxxxxxxx.xxxHigh
33Filexxxxx_xxxxx.xxxHigh
34Filexxxxxxxx.xxxMedium
35Filexxxxx.xxxMedium
36Filexxxxx-xxxxxxxxxxxx.xxxHigh
37Filexxxxxx.xxxMedium
38Filexxxx/xxxxxxxx/xxxxxxxx.xxxxHigh
39Filexxxx/xxxx/xxxxx.xxxHigh
40Filexxxx_xxx_xxx_xxxx.xxxHigh
41Filexxxxx.xxxMedium
42Filexxx/xxxxxx-xxxxxxx.xxxHigh
43Filexxxxx.xxxMedium
44Filexx-xxxxx/xxxx-xxx.xxxHigh
45Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
46Filexx-xxxxxxxx/xxxxxxxxx.xxxHigh
47Filexxx/xxxxxxxx/xxxxxxxx.xxxHigh
48Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xHigh
49Filexxxx_xxxxxxx_xxxxxxxxx.xHigh
50Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxHigh
51Argument$_xxxxxLow
52Argument$_xxxxxxx['xxxx']High
53Argumentxx_xxxxx_xxx_xxxxHigh
54ArgumentxxxxxxLow
55ArgumentxxxxxxLow
56Argumentxxxxxxxxxx_xxxxHigh
57ArgumentxxxxxxxxMedium
58ArgumentxxxLow
59ArgumentxxxxLow
60ArgumentxxxxxxLow
61ArgumentxxxxxxxLow
62ArgumentxxxxxxxxMedium
63ArgumentxxxxxxxxxMedium
64Argumentxxxxxx_xxxxx_xxxHigh
65ArgumentxxxxxLow
66ArgumentxxxxxxxLow
67ArgumentxxxxLow
68ArgumentxxLow
69ArgumentxxxxxxxxxxxxxHigh
70Argumentxxxxxxx_xxxxxxHigh
71ArgumentxxxLow
72ArgumentxxxxLow
73Argumentxxxxxx_xxxx_xxxxHigh
74ArgumentxxxxxxxxxxxxxHigh
75ArgumentxxxxLow
76ArgumentxxxxxxxxxxxxxxHigh
77ArgumentxxxxxxLow
78Argumentxxxxxxx[]Medium
79Argumentxxxxxxxxxx[xxxx]High
80ArgumentxxxxLow
81ArgumentxxxxLow
82Argumentxxxxxxxx/xxxxxxxxHigh
83ArgumentxxxLow
84Argumentxxxx->xxxxxxxHigh
85Argument_xxxxxxxMedium
86Input Value..\Low
87Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!