xmrig.pe Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en80
zh26
de6
sv4
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us60
cn32
ir4
gb4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

xmrig.pe6
Cobalt Strike2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Operating System12
Database Software6
Web Server6
Chip Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Microsoft12
Qualcomm8
Apache6
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Qualcomm Snapdragon Auto6
Qualcomm Snapdragon Consumer Electronics Connectiv ...6
Qualcomm Snapdragon Consumer IOT6
Qualcomm Snapdragon Industrial IOT6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.11CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3Cisco Wireless LAN Controller 802.11v input validation5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2017-12275
4LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.00
5Cisco Wireless LAN Controller ANQP memory corruption5.24.9$5k-$25kCalculatingNot DefinedOfficial Fix0.001020.00CVE-2017-12282
6jeecg-boot qurestSql sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.086800.09CVE-2023-1454
7Webmin access control7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.971960.02CVE-2022-0824
8Atlassian Jira Server/Jira Data Center Mobile Plugin server-side request forgery6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.033120.03CVE-2022-26135
9SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.55CVE-2022-28959
10Jetty Login Password.java information disclosure5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002990.04CVE-2017-9735
11FileRun index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.006490.03CVE-2007-2469
12I-O DATA DEVICE LAN DISK Connect memory corruption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000800.03CVE-2017-10875
13Cisco Wireless LAN Controller SNMP resource management5.35.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2017-12278
14D-Link DIR-850L LAN Traffic input validation5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.002770.00CVE-2017-14430
15Apple iOS/iPadOS Attachment BLASTPASS behavioral workflow7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.000700.03CVE-2023-41061
16MikroTik RouterOS igmp-proxy null pointer dereference4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002010.05CVE-2020-20219
17TIBCO Spotfire Statistics Services Splus Server unrestricted upload9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2023-29268
18Google Chrome V8 type confusion7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.037940.04CVE-2023-2033
19Tenda W30E editUserName stack-based overflow6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-45508
20Traefik debug log file4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.02CVE-2022-23469

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Log4Shell

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
118.228.7.109ec2-18-228-7-109.sa-east-1.compute.amazonaws.comxmrig.peLog4Shell02/09/2022verifiedMedium
231.220.58.29xmrig.peLog4Shell02/09/2022verifiedHigh
3XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx.xxXxxxxxxxx02/09/2022verifiedMedium
4XX.XXX.XXX.XXxx.xxx.xxx.xx.xxx.xxXxxxx.xx04/26/2022verifiedHigh
5XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx.xxXxxxxxxxx02/09/2022verifiedHigh
6XXX.XXX.XX.XXXxxxx.xx04/26/2022verifiedHigh
7XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx.xx04/26/2022verifiedHigh
8XXX.XXX.XXX.XXxxxxx.xxxx.xxxXxxxx.xx04/26/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.ssh/authorized_keyspredictiveHigh
2File/forum/away.phppredictiveHigh
3File/goform/delFileNamepredictiveHigh
4File/goform/editUserNamepredictiveHigh
5File/index/user/upload_img.htmlpredictiveHigh
6File/xxxxx/xxxx/xxxx_xxxx.xxxxpredictiveHigh
7File/xxxx/xxx/xxxx-xxxxxpredictiveHigh
8File/xxxx.xxxpredictiveMedium
9File/xxxxxxx/predictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxx/xxxxxx/xxx_xxxx.xpredictiveHigh
13Filex_xxxxxxpredictiveMedium
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexxx/xxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxxxxxxx/xxxxxxxxxpredictiveHigh
20Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxx_xxxxx_xxxxx.xpredictiveHigh
23Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
26Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
27ArgumentxxxxxxxxxxxpredictiveMedium
28Argumentxxx_xxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxpredictiveLow
31Argumentxxxxxxx-xxxx/xxxxxxx-xxxxxxxx-xxxxxxxxpredictiveHigh
32Argumentxx_xxxxx_xxpredictiveMedium
33ArgumentxxxpredictiveLow
34ArgumentxxxxpredictiveLow
35ArgumentxxxxxxxxxxxpredictiveMedium
36Argumentxxxx/xxx/xxx_xxpredictiveHigh
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxx_xxxxxxxxxxxpredictiveHigh
39ArgumentxxxxxxpredictiveLow
40Argumentxxx_xxxxxxxpredictiveMedium
41ArgumentxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43Input Value../predictiveLow
44Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!