Manjusaka تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (55)

التسلسل الزمني

اللغة

en30
zh24
it2

البلد

cn44
ru8
us4

الفاعلين

Manjusaka4
Cobalt Strike1
Mirai1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined26
Web Server4
Operating System4
Cloud Software4
Database Software2

المجهز

Not Defined16
Apache6
Microsoft4
VMware4
Acumos2

منتج

Apache HTTP Server4
Microsoft Windows4
Acumos Design Studio2
PostgreSQL2
Oracle Storage Cloud Software Appliance2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1vsftpd deny_file ثغرات غير معروفة3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
2Oracle Storage Cloud Software Appliance Management Console Remote Code Execution10.09.5$100k أو أكثر$5k-$25kNot DefinedOfficial Fix0.000.00576CVE-2021-2256
3VMware Spring Framework تجاوز الصلاحيات4.54.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00079CVE-2021-22096
4nginx ngx_http_mp4_module الكشف عن المعلومات5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00198CVE-2018-16845
5Python libraries تجاوز الصلاحيات6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
6Totolink X2000R HTTP POST Request boa formTmultiAP تلف الذاكرة8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00060CVE-2023-7222
7SAP GUI Connector for Microsoft Edge الكشف عن المعلومات6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.00087CVE-2024-22125
8Cool Plugins Events Shortcodes for the Events Calendar Plugin حقن إس كيو إل7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00050CVE-2023-52142
9Acumos Design Studio سكربتات مشتركة4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00052CVE-2018-25097
10Google Android ion.c ion_ioctl تلف الذاكرة5.35.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00042CVE-2022-20118
11Qualcomm Snapdragon Compute XPU Re-Configuration تجاوز الصلاحيات8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00044CVE-2021-30276
12Epic Games Psyonix Rocket League UPK Object تلف الذاكرة5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00300CVE-2021-32238
13Microsoft Windows IIS تلف الذاكرة7.97.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.070.00182CVE-2019-1365
14MailEnable Enterprise Premium اجتياز الدليل7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.030.00061CVE-2019-12925
15Microsoft ISA Server H.323/H.225.0/Q.931 تلف الذاكرة7.57.2$0-$5kجاري الحسابNot DefinedOfficial Fix0.020.31188CVE-2003-0819
16Dahua DHI-HCVR7216A-S3 MD5 تجاوز الصلاحيات5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.020.31255CVE-2017-6343
17aaPanel Websocket webssh تجاوز الصلاحيات4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00288CVE-2021-37840
18Siemens LOGO!8 BM Service Port 135 توثيق ضعيف8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00131CVE-2020-7589
19Microsoft Windows SMB Processor EducatedScholar الحرمان من الخدمة7.37.0$5k-$25k$0-$5kHighOfficial Fix0.020.97288CVE-2009-3103
20Dahua IP Camera/PTZ Dome Camera تجاوز الصلاحيات5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00236CVE-2021-33046

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
139.104.90.45Manjusaka02/08/2022verifiedعالي
245.137.117.219Manjusaka19/03/2024verifiedعالي
3XX.XXX.XXX.XXXxxxx-xx-xxx-xxx-xxx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxxxx19/03/2024verifiedعالي
4XX.XXX.XXX.XXxxxxxx.xxxxxxx.xxxxXxxxxxxxx19/03/2024verifiedعالي
5XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxx.xxxXxxxxxxxx19/03/2024verifiedعالي
6XXX.XX.XXX.XXXXxxxxxxxx19/03/2024verifiedعالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3TXXXXCWE-XXXxxxxxxx Xxxxxxxxxpredictiveعالي
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/bin/boapredictiveمتوسط
2File/usr/bin/pkexecpredictiveعالي
3File/websshpredictiveواطئ
4Filexxxxx.xxxpredictiveمتوسط
5Filexxx.xpredictiveواطئ
6Filexx-xxxxx.xxxpredictiveمتوسط
7Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
8Libraryxxxxxxxxxpredictiveمتوسط
9Argumentxxpredictiveواطئ
10Argumentxxpredictiveواطئ
11Argumentxxxxxpredictiveواطئ
12Argumentxxxxxx-xxxpredictiveمتوسط
13Argumentxxxxxpredictiveواطئ
14Input Value===predictiveواطئ
15Network Portxxx/xxxpredictiveواطئ

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!