MosaicRegressor تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

التسلسل الزمني

اللغة

en22
zh16
fr2

البلد

cn32
us2

الفاعلين

MosaicRegressor5
Cobalt Strike1
Winnti1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined12
Content Management System6
Web Server4
Endpoint Management Software2
Ruby Gem2

المجهز

Not Defined10
Intel2
Synology2
Kentico2
Ubiquiti2

منتج

Intel McAfee ePolicy Orchestrator2
Synology SSO Server2
Kentico CMS2
omniauth-weibo-oauth2 Gem2
nginx2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Zhong Bang CRMEB PublicController.php get_image_base64 تجاوز الصلاحيات7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00061CVE-2023-3233
2Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00441CVE-2016-9924
3MikroTik RouterOS Resolver تلف الذاكرة4.34.1$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00201CVE-2020-20249
4Oracle Secure Backup Remote Code Execution9.89.8$25k-$100k$0-$5kNot DefinedNot Defined0.000.95514CVE-2011-2261
5Oracle Secure Backup توثيق ضعيف5.35.3$5k-$25kجاري الحسابHighNot Defined0.000.10855CVE-2010-0904
6OpenProject Public Project robots.txt الكشف عن المعلومات6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00060CVE-2023-33960
7Synology SSO Server WebAPI اجتياز الدليل4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00068CVE-2022-27620
8All-in-One WP Migration Plugin class-ai1wm-backups.php اجتياز الدليل5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00097CVE-2022-1476
9Joomla CMS حقن إس كيو إل7.37.0$5k-$25k$0-$5kHighOfficial Fix0.020.84848CVE-2015-7857
10CKeditor FCKeditor print_textinputs_var سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00467CVE-2012-4000
11webTareas New Profile طلب تزوير مشترك3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00177CVE-2021-41916
12WordPress wp_crop_image اجتياز الدليل5.95.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.040.95884CVE-2019-8943
13Concrete CMS File Manager تجاوز الصلاحيات5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00945CVE-2021-22968
14WordPress WP_Query حقن إس كيو إل6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.93536CVE-2022-21661
15Linux Kernel msr تجاوز الصلاحيات5.14.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00196CVE-2013-0268
16HP Printer/MFP طلب تزوير مشترك6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000.00073CVE-2018-5921
17Plesk Obsidian Reflected سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00151CVE-2020-11583
18FreePBX index_amp.php سكربتات مشتركة8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00773CVE-2012-4870
19Thycotic Secret Server Remote Desktop Launcher Temporary تجاوز الصلاحيات7.57.2$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00222CVE-2014-4861
20ZyXEL VMG3312-B10B default.cfg تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00194CVE-2018-18754

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
143.252.228.75MosaicRegressor10/08/2022verifiedعالي
243.252.228.84MosaicRegressor10/08/2022verifiedعالي
343.252.228.179MosaicRegressor10/08/2022verifiedعالي
443.252.228.252MosaicRegressor10/08/2022verifiedعالي
5XX.XXX.XXX.XXXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
6XX.XXX.XXX.XXXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
7XXX.XX.XXX.XXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
8XXX.XX.XX.XXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
9XXX.XX.XX.XXXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
10XXX.XXX.XX.XXXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
11XXX.XX.X.XXxxxxxxxxxxxxxx10/08/2022verifiedعالي
12XXX.XX.XX.XXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
13XXX.XX.XXX.XXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
14XXX.XX.XXX.XXXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
15XXX.XXX.XX.XXXxxxxxxxxxxxxxx10/08/2022verifiedعالي
16XXX.XXX.XXX.XXXxxxxxxxxxxxxxx10/08/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3TXXXXCWE-XXXxxxxxxx Xxxxxxxxxpredictiveعالي
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/dev/cpu/*/msrpredictiveعالي
2File/index_amp.phppredictiveعالي
3File/xxxxxx.xxxpredictiveمتوسط
4File/xxx/xxx/xxxxxpredictiveعالي
5Filexxx/xxxxxxxxxx/xx/xxxxxxxxxxxxxxxx.xxxpredictiveعالي
6Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveعالي
7Filexxx/xxxxxxx.xxxpredictiveعالي
8Filexxx/xxxx/xxx.xpredictiveعالي
9Library~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxxpredictiveعالي
10Argumentxxxxxxxpredictiveواطئ
11Argumentxxxxpredictiveواطئ
12Argumentxxxxxxxxxpredictiveمتوسط
13Input Value.xxx?/../../xxxx.xxxpredictiveعالي
14Input Valuexxxx+x@!xxxx+predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!