Matanbuchus تحليل

IOB - Indicator of Behavior (100)

التسلسل الزمني

اللغة

en90
sv2
it2
de2
es2

البلد

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Apple iOS4
Apple iPadOS4
SourceCodester Simple Student Attendance System4
HPE iLO 52
Star Practice Management Web2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1SonicBOOM riscv-boom تجاوز الصلاحيات5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00055CVE-2020-29561
2SourceCodester Online Tours & Travels Management System email_setup.php prepare حقن إس كيو إل6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.130.00077CVE-2023-6765
3Magento Admin Panel Path الكشف عن المعلومات5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00084CVE-2019-7852
4XenForo تجاوز الصلاحيات8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00000
5United Planet Intrexx Professional سكربتات مشتركة4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00089CVE-2020-24188
6Huawei Mate 20 Digital Balance تجاوز الصلاحيات3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00058CVE-2020-1831
7Aviatrix Controller Web Interface طلب تزوير مشترك5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2020-13416
8Facebook WhatsApp MP4 File تلف الذاكرة7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00078CVE-2019-11931
9Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.00548CVE-2017-0055
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
11IBM Security Verify Access Appliance تشفير ضعيف7.07.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00073CVE-2023-32328
12Totolink LR1200GB cstecgi.cgi setSmsCfg تلف الذاكرة9.18.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00084CVE-2024-0571
13Totolink LR1200GB cstecgi.cgi setOpModeCfg تلف الذاكرة9.18.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00084CVE-2024-0572
14CXBSoft Url-shorting HTTP POST Request short_to_long.php حقن إس كيو إل6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00220CVE-2024-0526
15Blood Bank & Donor Management request-received-bydonar.php حقن إس كيو إل5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00061CVE-2024-0459
16Taokeyun HTTP POST Request User.php login حقن إس كيو إل8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00063CVE-2024-0479
17Tenda W9 httpd formAddSysLogRule تلف الذاكرة9.18.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00386CVE-2024-0541
18code-projects Human Resource Integrated System inc_service_credits.php حقن إس كيو إل7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00063CVE-2024-0470
19Totolink NR1800X cstecgi.cgi loginAuth تلف الذاكرة9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00084CVE-2023-7220
20SourceCodester Simple Student Attendance System actions.class.php save_attendance حقن إس كيو إل6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00130CVE-2023-6771

حملات (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
134.94.151.129129.151.94.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedمتوسط
234.105.89.8282.89.105.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedمتوسط
334.106.243.174174.243.106.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedمتوسط
4XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxXxxxxx Xxxxxx22/07/2022verifiedمتوسط
5XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedعالي
6XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedعالي
7XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedعالي
8XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedعالي
9XXX.XXX.X.XXXxxxxxxxxxxXxxxxx Xxxxxx22/07/2022verifiedعالي
10XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx Xxxxxx22/07/2022verifiedعالي
11XXX.XXX.XXX.XXXxxxxxxxxxx06/07/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22, CWE-425Path Traversalpredictiveعالي
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/?page=user/manage_user&id=3predictiveعالي
2File/admin/attendance_row.phppredictiveعالي
3File/admin/request-received-bydonar.phppredictiveعالي
4File/admin/test_status.phppredictiveعالي
5File/admin_route/inc_service_credits.phppredictiveعالي
6File/cgi-bin/cstecgi.cgipredictiveعالي
7File/cgi-bin/supervisor/PwdGrp.cgipredictiveعالي
8File/edituser.phppredictiveعالي
9File/xxx/xxxxxxpredictiveمتوسط
10File/xxxxxx/xxxxxxxxxxxxpredictiveعالي
11File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveعالي
12File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveعالي
13File/xxxxxpredictiveواطئ
14File/xxxxx/xxxxx_xx_xxxx.xxxpredictiveعالي
15File/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
16File/xxxxxxx/predictiveمتوسط
17Filexxxxxxx.xxxxx.xxxpredictiveعالي
18Filexxxxxxxxxxxx.xxxpredictiveعالي
19Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveعالي
20Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxxx.xxxpredictiveعالي
21Filexxx:.xxxpredictiveمتوسط
22Filexxxxxxxxxx.xxxpredictiveعالي
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
24Filexxxxx_xxxxx.xxxpredictiveعالي
25Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveعالي
26Filexxxxxxx/xxxx.xxxxx.xxxpredictiveعالي
27Filexxxxx.xxxpredictiveمتوسط
28Filexx/xxxxxx.xxx.xxpredictiveعالي
29Filexxxxxxx-xxxx.xxxpredictiveعالي
30Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
31Filexxxxxxxx.xpredictiveمتوسط
32Filexxxxxxxxx.xpredictiveمتوسط
33Filexxxxxxxxxxxx.xxxpredictiveعالي
34Argumentxxxxxxxxpredictiveمتوسط
35Argumentxxxxx_xxpredictiveمتوسط
36Argumentxxxpredictiveواطئ
37Argumentxxxxxxxxxxpredictiveمتوسط
38Argumentxxxxx/xxxxxxpredictiveمتوسط
39Argumentxxxxxxxxxxpredictiveمتوسط
40Argumentxxxxxxxxxxxpredictiveمتوسط
41Argumentxxxxxxxxpredictiveمتوسط
42Argumentxxxxx xxxxpredictiveمتوسط
43Argumentxxxxx xxxxpredictiveمتوسط
44Argumentxxxxxxxxpredictiveمتوسط
45Argumentxxpredictiveواطئ
46Argumentxxxxxxxpredictiveواطئ
47Argumentxxxxpredictiveواطئ
48Argumentxxxxpredictiveواطئ
49Argumentxxxxxxxxpredictiveمتوسط
50Argumentxxxxxxxxxx[x]predictiveعالي
51Argumentxxxxxxxxxpredictiveمتوسط
52Argumentxx_xxxxpredictiveواطئ
53Argumentxx_xxpredictiveواطئ
54Argumentxxxxxx_xxpredictiveمتوسط
55Argumentxxxxxxxpredictiveواطئ
56Argumentxxxxxxxxpredictiveمتوسط
57Argumentxxxpredictiveواطئ
58Argumentxxxxxxxxxxpredictiveمتوسط
59Argumentxxxxpredictiveواطئ
60Argumentxxxxxxxxpredictiveمتوسط
61Input Value-x'%xxxxxxx%xxxxxxxx%xxxx,xxxx(),xxx,xxx--+predictiveعالي
62Input Valuexxxxxxxxx-xxxxxxxx-xxxxxx-xx.x-xxxxxxx-xx.x%x%x%x%xx%x%x%x%x%x%x%x%x%x%x%x%x%x.xxxpredictiveعالي
63Input Value\xxx../../../../xxx/xxxxxxpredictiveعالي
64Pattern() {predictiveواطئ

المصادر (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!