theMx0nday Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Zeitverlauf

Sprache

en20
zh2

Land

us18
id2
cn2

Akteure

theMx0nday3
RedLine Stealer1
Nobelium1
REvil1
Quasar RAT1

Aktivitäten

Interesse

Zeitverlauf

Typ

Operating System8
Not Defined6
Office Suite Software2
Programming Language Software2
Mail Server Software2

Hersteller

Microsoft10
Not Defined6
Dahua2
JFrog2

Produkt

Microsoft Windows8
XenForo2
Dahua DHI-HCVR7216A-S32
JFrog Artifactory2
Microsoft Office2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1PRTG Network Monitor login.htm erweiterte Rechte8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002880.04CVE-2018-19410
2nginx erweiterte Rechte6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.15CVE-2020-12440
3Microsoft Windows SMB Information Disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.008760.00CVE-2021-36960
4Microsoft Windows SMB erweiterte Rechte7.77.1$25k-$100k$0-$5kHighOfficial Fix0.974270.06CVE-2017-0144
5Microsoft Windows SMB Client Security Feature Information Disclosure4.33.8$25k-$100k$0-$5kUnprovenOfficial Fix0.005720.00CVE-2021-31205
6Microsoft Office PowerPoint Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.003390.03CVE-2022-37962
7Python Directory Traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.021020.05CVE-2007-4559
8Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash erweiterte Rechte6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
9Microsoft Windows TIFF Image erweiterte Rechte9.08.6$25k-$100k$0-$5kHighOfficial Fix0.970250.02CVE-2013-3906
10PHP EXIF exif_process_IFD_in_MAKERNOTE Pufferüberlauf7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.004770.02CVE-2019-9639
11WBCE CMS Cross Site Scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001180.00CVE-2017-2118
12Tapatalk Plugin XML-RPC classTTForum.php SQL Injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002270.00CVE-2017-14652
13XenForo Admin Panel Cross Site Scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-43032
14JFrog Artifactory upload erweiterte Rechte8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.113830.02CVE-2016-10036
15Kyland KPS2204 webadminget.cgi Information Disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.004110.05CVE-2020-25011
16TP-LINK TL-WR840N v4 traceroute erweiterte Rechte7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002870.03CVE-2019-15060
17osTicket main.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010600.00CVE-2005-1438
18Exim EHLO Command string.c string_vformat Pufferüberlauf8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.914660.00CVE-2019-16928
19FileZilla bis 2.2.23 unspezifizierte Format String Schwachstelle7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.033390.04CVE-2007-2318
20Joomla CMS weblinks-categories SQL Injection7.37.1$5k-$25k$0-$5kHighUnavailable0.001000.02CVE-2014-7981

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • Ukraine Universities

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1159.223.64.156theMx0ndayUkraine Universities05.03.2022verifiziertHigh
2XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxxxXxxxxxx Xxxxxxxxxxxx05.03.2022verifiziertHigh
3XXX.XX.XXX.XXXxxxx.xxxx.xxx.xxXxxxxxxxxxXxxxxxx Xxxxxxxxxxxx05.03.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/cgi-bin/webadminget.cgiprädiktivHigh
2File/index.php/weblinks-categoriesprädiktivHigh
3File/xxxxxx/xxxxx.xxxprädiktivHigh
4Filexxxx.xxxprädiktivMedium
5Filexxxxxx.xprädiktivMedium
6Filexx/xxxxxxxx/xxxxxxprädiktivHigh
7Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxprädiktivHigh
8Argumentxxxx_xxxprädiktivMedium
9ArgumentxxprädiktivLow
10Argumentxxxxxxx_xxxprädiktivMedium
11Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxprädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!