Manjusaka Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (55)

Sprache

en	26
zh	26
it	4

Land

cn	42
ru	8
us	6

Akteure

Manjusaka	4
Cobalt Strike	1
Mirai	1

Interesse

Typ

Not Defined	20
Web Server	8
Cloud Software	4
File Transfer Software	2
Calendar Software	2

Hersteller

Not Defined	18
VMware	4
Apache	4
Swagger	2
Canvas	2

Produkt

Apache HTTP Server	4
Swagger Parser	2
Swagger Codegen	2
pkexec	2
Canvas LMS	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	vsftpd deny_file unbekannte Schwachstelle	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00312	CVE-2015-1419
2	Oracle Storage Cloud Software Appliance Management Console Remote Code Execution	10.0	9.5	$100k und mehr	$5k-$25k	Not Defined	Official Fix	0.00	0.00576	CVE-2021-2256
3	VMware Spring Framework erweiterte Rechte	4.5	4.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00079	CVE-2021-22096
4	nginx ngx_http_mp4_module Information Disclosure	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00198	CVE-2018-16845
5	Python libraries erweiterte Rechte	6.5	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00000
6	Totolink X2000R HTTP POST Request boa formTmultiAP Pufferüberlauf	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06	0.00060	CVE-2023-7222
7	SAP GUI Connector for Microsoft Edge Information Disclosure	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07	0.00087	CVE-2024-22125
8	Cool Plugins Events Shortcodes for the Events Calendar Plugin SQL Injection	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00050	CVE-2023-52142
9	Acumos Design Studio Cross Site Scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00052	CVE-2018-25097
10	Google Android ion.c ion_ioctl Pufferüberlauf	5.3	5.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00042	CVE-2022-20118
11	Qualcomm Snapdragon Compute XPU Re-Configuration erweiterte Rechte	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00044	CVE-2021-30276
12	Epic Games Psyonix Rocket League UPK Object Pufferüberlauf	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00300	CVE-2021-32238
13	Microsoft Windows IIS Pufferüberlauf	7.9	7.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.07	0.00182	CVE-2019-1365
14	MailEnable Enterprise Premium Directory Traversal	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00061	CVE-2019-12925
15	Verschiedene Produkte H.323 H.225.0 und Q.931 Denial of Service	7.5	7.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.02	0.31188	CVE-2003-0819
16	Dahua DHI-HCVR7216A-S3 MD5 erweiterte Rechte	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.31255	CVE-2017-6343
17	aaPanel Websocket webssh erweiterte Rechte	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00288	CVE-2021-37840
18	Siemens LOGO!8 BM Service Port 135 schwache Authentisierung	8.2	7.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00131	CVE-2020-7589
19	Microsoft Windows SMB Processing Array Indexing Schwachstelle	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.17	0.97288	CVE-2009-3103
20	Dahua IP Camera/PTZ Dome Camera erweiterte Rechte	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00236	CVE-2021-33046

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	39.104.90.45		Manjusaka	02.08.2022	verifiziert	High
2	45.137.117.219		Manjusaka	19.03.2024	verifiziert	High
3	XX.XXX.XXX.XXX	xxxx-xx-xxx-xxx-xxx.xxxxxx.xxxx.xxxxxxx.xxx	Xxxxxxxxx	19.03.2024	verifiziert	High
4	XX.XXX.XXX.XX	xxxxxx.xxxxxxx.xxxx	Xxxxxxxxx	19.03.2024	verifiziert	High
5	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxx.xxx	Xxxxxxxxx	19.03.2024	verifiziert	High
6	XXX.XX.XXX.XXX		Xxxxxxxxx	19.03.2024	verifiziert	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/bin/boa	prädiktiv	Medium
2	File	/usr/bin/pkexec	prädiktiv	High
3	File	/webssh	prädiktiv	Low
4	File	xxxxx.xxx	prädiktiv	Medium
5	File	xxx.x	prädiktiv	Low
6	File	xx-xxxxx.xxx	prädiktiv	Medium
7	Library	/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxxxxxx.xxx	prädiktiv	High
8	Library	xxxxxxxxx	prädiktiv	Medium
9	Argument	xx	prädiktiv	Low
10	Argument	xx	prädiktiv	Low
11	Argument	xxxxx	prädiktiv	Low
12	Argument	xxxxxx-xxx	prädiktiv	Medium
13	Argument	xxxxx	prädiktiv	Low
14	Input Value	===	prädiktiv	Low
15	Network Port	xxx/xxx	prädiktiv	Low

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!