Metamorfo Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Sprache

en	16
de	6
fr	2
es	2

Land

us	16
tr	4
pl	4

Akteure

Metamorfo	3
Cobalt Strike	1

Interesse

Typ

Not Defined	8
Programming Language Software	4
Operating System	4
Forum Software	2
Log Management Software	2

Hersteller

Not Defined	14
Microsoft	4
Virtual Programming	2
Apple	2
Kaotik	2

Produkt

PHP	2
Virtual Programming VP-ASP	2
vBulletin	2
Apple macOS	2
Microsoft Windows	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Apple macOS MediaRemote erweiterte Rechte	7.6	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00377	CVE-2018-4310
2	Green Hills INTEGRITY RTOS Interpeak IPCOMShell TELNET Server Pufferüberlauf	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00308	CVE-2019-7713
3	phpGroupWare login.php SQL Injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00361	CVE-2009-4414
4	ImageMagick cache.c PersistPixelCache Denial of Service	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00103	CVE-2017-14325
5	Symphony content.blueprintspages.php Cross Site Scripting	5.2	5.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00070	CVE-2018-12043
6	Microsoft Windows MS XML XML External Entity	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.03103	CVE-2019-0791
7	MC Coming Soon Script launch_message.php erweiterte Rechte	6.3	5.7	$0-$5k	Wird berechnet	Proof-of-Concept	Not Defined	0.00	0.00000
8	Microsoft Internet Explorer JsArraySlice Pufferüberlauf	7.1	6.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.75899	CVE-2017-11855
9	Microsoft Windows VBScript/JScript erweiterte Rechte	7.4	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02	0.10806	CVE-2016-3206
10	PHP var_unserializer.c erweiterte Rechte	9.8	9.6	$5k-$25k	Wird berechnet	Not Defined	Official Fix	0.00	0.02767	CVE-2016-7124
11	Microsoft XML Core Services erweiterte Rechte	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.02	0.00431	CVE-2009-0419
12	AXIS 2110 Network Camera virtualinput.cgi erweiterte Rechte	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.05684	CVE-2004-2425
13	Augeas Escape String Pufferüberlauf	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.03158	CVE-2017-7555
14	Google Android SSID Hotlist API erweiterte Rechte	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00044	CVE-2017-11074
15	Cacti graph_settings.php SQL Injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00412	CVE-2014-5262
16	cacti SQL Injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00454	CVE-2013-5589
17	Woltlab Burning Board Lite thread.php decode_cookie SQL Injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00931	CVE-2006-6237
18	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.23	0.00141	CVE-2018-6200
19	Kaotik Kshop product_details.php SQL Injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.03	0.00886	CVE-2007-1810
20	MidiCart PHP Shopping Cart item_show.php SQL Injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00000

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	5.83.162.24	cloud8732397.nitrado.cloud	Metamorfo	25.04.2018	verifiziert	High
2	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxx	09.02.2022	verifiziert	Medium
3	XX.XXX.XXX.XXX		Xxxxxxxxx	25.10.2021	verifiziert	High
4	XX.XXX.XXX.XX	xxxxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxx.xx	Xxxxxxxxx	31.05.2021	verifiziert	High
5	XXX.XX.XXX.XXX		Xxxxxxxxx	25.04.2018	verifiziert	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059.007	CWE-79	Cross Site Scripting	prädiktiv	High
2	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
3	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/admin/launch_message.php	prädiktiv	High
2	File	content/content.blueprintspages.php	prädiktiv	High
3	File	ext/standard/var_unserializer.c	prädiktiv	High
4	File	xxxxx_xxxxxxxx.xxx	prädiktiv	High
5	File	xxxxx.xxx	prädiktiv	Medium
6	File	xxxx_xxxx.xxx	prädiktiv	High
7	File	xxxxx.xxx	prädiktiv	Medium
8	File	xxxxxx/xxxxx.x	prädiktiv	High
9	File	xxxxxxx_xxxxxxx.xxx	prädiktiv	High
10	File	xxxxxxxxxx.xxx	prädiktiv	High
11	File	xxxxxxxxxxxx.xxx	prädiktiv	High
12	File	xxxxxx.xxx	prädiktiv	Medium
13	File	xxxxxxxxxxxx.xxx	prädiktiv	High
14	Argument	xxx	prädiktiv	Low
15	Argument	xxxx_xx	prädiktiv	Low
16	Argument	xxxxxx	prädiktiv	Low
17	Argument	xx	prädiktiv	Low
18	Argument	xxxx	prädiktiv	Low
19	Argument	xxxxxx	prädiktiv	Low
20	Argument	xxx	prädiktiv	Low

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!