Xanthe تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

التسلسل الزمني

اللغة

en28
zh18
ja2

البلد

cn34
us6
jp2

الفاعلين

LoggerMiner2
Xanthe1
Rhadamanthys1
Cobalt Strike1
PhotoLoader1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined18
Connectivity Software4
Continuous Integration Software4
Programming Language Software2
Application Server Software2

المجهز

Not Defined20
Apache4
Microsoft4
Google2
HPE2

منتج

OpenSSH4
Jenkins4
Google Go2
Hugo2
Apache Dubbo2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Apache Archiva File Upload Service سكربتات مشتركة5.15.1$5k-$25k$5k-$25kNot DefinedNot Defined0.001080.00CVE-2023-28158
2Splunk Enterprise Forwarder Bundle تجاوز الصلاحيات8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2022-32158
3Microsoft Windows 16-bit Compatibility الكشف عن المعلومات3.33.3$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
4virglrenderer IOCTL تلف الذاكرة7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-0135
5EQdkp dbal.php تجاوز الصلاحيات6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.031880.04CVE-2006-2256
6MikroTik RouterOS HTTP Server الحرمان من الخدمة5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2019-13955
7Dreamer CMS سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.00CVE-2023-29774
8Weblogicnet es_desp.php تجاوز الصلاحيات7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.088790.00CVE-2007-4715
9PrestaShop حقن إس كيو إل8.08.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.838960.05CVE-2021-3110
10Oracle MySQL Server Compiling الحرمان من الخدمة7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-22570
11Microsoft Outlook توثيق ضعيف9.08.6$5k-$25k$0-$5kFunctionalOfficial Fix0.926450.06CVE-2023-23397
12Apache Dubbo Generic Invoke تجاوز الصلاحيات5.05.0$5k-$25k$5k-$25kNot DefinedNot Defined0.014790.00CVE-2023-23638
13Grafana Authentication Cookies الكشف عن المعلومات5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001010.02CVE-2022-39201
14Hugo Pandoc Document exec تجاوز الصلاحيات5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002670.02CVE-2020-26284
15GNU C Library Call Graph Monitor gmon.c __monstartup تلف الذاكرة [متنازع عليه]6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.34CVE-2023-0687
16nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.04CVE-2020-12440
17Google Chrome الحرمان من الخدمة7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.009890.02CVE-2011-2796
18Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout الحرمان من الخدمة5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002700.00CVE-2022-40279
19Microsoft Internet Explorer FTP Server تلف الذاكرة6.36.3$25k-$100k$0-$5kHighUnavailable0.969730.07CVE-2009-3023
20Microsoft Windows Shell Shortcut Parser تجاوز الصلاحيات10.09.5$100k أو أكثر$0-$5kHighOfficial Fix0.972230.05CVE-2010-2568

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
134.92.166.158158.166.92.34.bc.googleusercontent.comXanthe02/02/2022verifiedمتوسط
2XX.XXX.XX.XXXxxxxx02/02/2022verifiedعالي
3XXX.XX.XX.XXxxxxxxx.xxxXxxxxx02/02/2022verifiedعالي
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx02/02/2022verifiedعالي
5XXX.XX.XX.XXXXxxxxx02/02/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1CAPEC-10CWE-20, CWE-73, CWE-119, CWE-120, CWE-287, CWE-288, CWE-306, CWE-352, CWE-399, CWE-400, CWE-404, CWE-416, CWE-444, CWE-502, CWE-610, CWE-611, CWE-769, CWE-787, CWE-835, CWE-862, CWE-863, CWE-918Unknown Vulnerabilitypredictiveعالي
2T1040CAPEC-114CWE-287, CWE-294Authentication Bypass by Capture-replaypredictiveعالي
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath Expressionspredictiveعالي
4TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictiveعالي
10TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
11TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
12TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
13TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1Fileauth2-gss.cpredictiveمتوسط
2Filecategory.phppredictiveمتوسط
3Filees_desp.phppredictiveمتوسط
4Filexxxx.xpredictiveواطئ
5Filexxxxxxxx/xxxx.xxxpredictiveعالي
6Filexx/xxxxpredictiveواطئ
7Filexxxxxx.xxxpredictiveمتوسط
8Filexxxx-xxxxxx.xpredictiveعالي
9Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
10Filexxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.xpredictiveعالي
11Argumentxxxxx_xxxx_xxxxpredictiveعالي
12Argumentxxxxx_xxxpredictiveمتوسط
13Argumentxxxx/xxpredictiveواطئ
14Argumentxx_xxxxxxxxpredictiveمتوسط
15Argumentxxxxpredictiveواطئ
16Argumentxxxxpredictiveواطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!