Mettle Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Sprache

en	26
fr	2

Land

us	20
vn	8

Akteure

Mettle	1

Interesse

Typ

Content Management System	4
Not Defined	4
Domain Name Software	4
Operating System	2
Programming Language Software	2

Hersteller

Not Defined	20
Microsoft	2
Google	2
TP-LINK	2

Produkt

Dnsmasq	4
Microsoft Windows	2
PHP	2
WordPress	2
Google Android	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Dnsmasq extract_name Pufferüberlauf	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00144	CVE-2021-45954
2	TP-LINK TL-WR841N Firmware Directory Traversal	7.5	7.5	$0-$5k	$0-$5k	High	Not Defined	0.00	0.02952	CVE-2012-5687
3	devise-two-factor Information Disclosure	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00043	CVE-2024-0227
4	pfSense diag_command.php csrf_callback Cross Site Request Forgery	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00180	CVE-2019-16667
5	Apache Superset REST API Get Endpoint erweiterte Rechte	5.8	5.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.00270	CVE-2022-45438
6	WordPress Scheduled Task wp-cron.php Denial of Service	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	0.00080	CVE-2023-22622
7	Dnsmasq fuzz_rfc1035.c resize_packet Pufferüberlauf	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00144	CVE-2021-45955
8	Dnsmasq print_mac Pufferüberlauf	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00144	CVE-2021-45956
9	Dnsmasq rfc1035.c extract_name Pufferüberlauf	7.7	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.10872	CVE-2020-25682
10	Dnsmasq fuzz_rfc1035.c answer_request Pufferüberlauf	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00144	CVE-2021-45957
11	PHP FPM SAPI Pufferüberlauf	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04	0.00148	CVE-2021-21703
12	Magento Deserialization erweiterte Rechte	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00587	CVE-2020-3716
13	Magento SQL Injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00582	CVE-2019-7139
14	Google Android file_input_stream.cc Read Pufferüberlauf	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00105	CVE-2019-2105
15	Google Android TQS App memscpy Pufferüberlauf	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00187	CVE-2015-9173
16	nginx HTTP/2 Denial of Service	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.02974	CVE-2018-16844
17	Moodle Installation Information Disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00187	CVE-2012-4403
18	NoneCms App.php erweiterte Rechte	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.96678	CVE-2018-20062
19	Creolabs Gravity gravity_lexer.c Pufferüberlauf	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00331	CVE-2017-1000172
20	Squid Proxy HTTP Request schwache Authentisierung	8.7	8.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.03	0.52868	CVE-2016-4553

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	118.70.80.143		Mettle		12.02.2022	verifiziert	High
2	XXX.XXX.XX.XXX		Xxxxxx		12.02.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059.007	CWE-80	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	diag_command.php	prädiktiv	High
2	File	file_input_stream.cc	prädiktiv	High
3	File	xxxx_xxxxxxx.x	prädiktiv	High
4	File	xxxxxxx_xxxxx.x	prädiktiv	High
5	File	xxxxxxx.x	prädiktiv	Medium
6	File	xxxxxxxx/xxxxxxxx	prädiktiv	High
7	File	xx-xxxx.xxx	prädiktiv	Medium
8	Library	xxxxxxxx/xxxxxxx/xxxxx/xxx.xxx	prädiktiv	High
9	Argument	xxxxxxxx_xx	prädiktiv	Medium
10	Argument	xxxxxx	prädiktiv	Low
11	Argument	xxxxxxxxxx/xxxxxxxxxxxxxxx	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!