xmrig.pe Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Zeitverlauf

Sprache

en96
zh16
it6
ru4
jp2

Land

us74
cn18
gb4
br2
ru2

Akteure

xmrig.pe5
Cobalt Strike2

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined42
Operating System10
Chip Software6
Content Management System6
Database Software6

Hersteller

Not Defined32
Qualcomm8
Microsoft8
Cisco6
Linux6

Produkt

Qualcomm Snapdragon Auto6
Qualcomm Snapdragon Consumer Electronics Connectiv ...6
Qualcomm Snapdragon Consumer IOT6
Qualcomm Snapdragon Industrial IOT6
Qualcomm Snapdragon Mobile6

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.800.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Cisco Wireless LAN Controller 802.11v erweiterte Rechte5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00102CVE-2017-12275
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable5.300.00000
5Cisco Wireless LAN Controller ANQP Pufferüberlauf5.24.9$5k-$25kWird berechnetNot DefinedOfficial Fix0.000.00102CVE-2017-12282
6jeecg-boot qurestSql SQL Injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.08680CVE-2023-1454
7Webmin erweiterte Rechte7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.97224CVE-2022-0824
8Atlassian Jira Server/Jira Data Center Mobile Plugin erweiterte Rechte6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.03312CVE-2022-26135
9SPIP spip.php Cross Site Scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.480.00132CVE-2022-28959
10Jetty Login Password.java Information Disclosure5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00299CVE-2017-9735
11FileRun index.php SQL Injection7.37.1$0-$5k$0-$5kHighUnavailable0.030.00649CVE-2007-2469
12I-O DATA DEVICE LAN DISK Connect Pufferüberlauf6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00080CVE-2017-10875
13Cisco Wireless LAN Controller SNMP Denial of Service5.35.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00143CVE-2017-12278
14D-Link DIR-850L LAN Traffic erweiterte Rechte5.95.9$0-$5k$5k-$25kNot DefinedNot Defined0.000.00277CVE-2017-14430
15Apple iOS/iPadOS Attachment BLASTPASS erweiterte Rechte7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.030.00070CVE-2023-41061
16MikroTik RouterOS igmp-proxy Denial of Service4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.050.00201CVE-2020-20219
17TIBCO Spotfire Statistics Services Splus Server erweiterte Rechte9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00140CVE-2023-29268
18Google Chrome V8 erweiterte Rechte7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.040.03794CVE-2023-2033
19Tenda W30E editUserName Pufferüberlauf6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00075CVE-2022-45508
20Traefik Information Disclosure4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00095CVE-2022-23469

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • Log4Shell

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
118.228.7.109ec2-18-228-7-109.sa-east-1.compute.amazonaws.comxmrig.peLog4Shell09.02.2022verifiziertMedium
231.220.58.29xmrig.peLog4Shell09.02.2022verifiziertHigh
3XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx.xxXxxxxxxxx09.02.2022verifiziertMedium
4XX.XXX.XXX.XXxx.xxx.xxx.xx.xxx.xxXxxxx.xx26.04.2022verifiziertHigh
5XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx.xxXxxxxxxxx09.02.2022verifiziertHigh
6XXX.XXX.XX.XXXxxxx.xx26.04.2022verifiziertHigh
7XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx.xx26.04.2022verifiziertHigh
8XXX.XXX.XXX.XXxxxxx.xxxx.xxxXxxxx.xx26.04.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-21, CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
8TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
12TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
13TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/.ssh/authorized_keysprädiktivHigh
2File/forum/away.phpprädiktivHigh
3File/goform/delFileNameprädiktivHigh
4File/goform/editUserNameprädiktivHigh
5File/index/user/upload_img.htmlprädiktivHigh
6File/xxxxx/xxxx/xxxx_xxxx.xxxxprädiktivHigh
7File/xxxx/xxx/xxxx-xxxxxprädiktivHigh
8File/xxxx.xxxprädiktivMedium
9File/xxxxxxx/prädiktivMedium
10Filexxxxx.xxxprädiktivMedium
11Filexxxxxxxx.xxxprädiktivMedium
12Filexxxxxx/xxxxxx/xxx_xxxx.xprädiktivHigh
13Filex_xxxxxxprädiktivMedium
14Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
15Filexxxx.xxxprädiktivMedium
16Filexxx/xxxxxx.xxxprädiktivHigh
17Filexxxxx.xxxprädiktivMedium
18Filexxxx.xxxprädiktivMedium
19Filexxxxxxxx/xxxxxxxxxprädiktivHigh
20Filexxxxxx/xxx/xxxxxxxx.xprädiktivHigh
21Filexxxxx.xxxprädiktivMedium
22Filexxx_xxxxx_xxxxx.xprädiktivHigh
23Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xprädiktivHigh
24Filexxxxxxxx.xxxprädiktivMedium
25Filexxxx/xxxxxxxx/xxxxxxxx.xxxxprädiktivHigh
26Filexxxxxxxxxxxxxxx.xxxxprädiktivHigh
27ArgumentxxxxxxxxxxxprädiktivMedium
28Argumentxxx_xxxprädiktivLow
29ArgumentxxxxxxxxprädiktivMedium
30ArgumentxxxxxxxprädiktivLow
31Argumentxxxxxxx-xxxx/xxxxxxx-xxxxxxxx-xxxxxxxxprädiktivHigh
32Argumentxx_xxxxx_xxprädiktivMedium
33ArgumentxxxprädiktivLow
34ArgumentxxxxprädiktivLow
35ArgumentxxxxxxxxxxxprädiktivMedium
36Argumentxxxx/xxx/xxx_xxprädiktivHigh
37ArgumentxxxxxxxxprädiktivMedium
38Argumentxxx_xxxxxxxxxxxprädiktivHigh
39ArgumentxxxxxxprädiktivLow
40Argumentxxx_xxxxxxxprädiktivMedium
41ArgumentxxxprädiktivLow
42ArgumentxxxxxxxxprädiktivMedium
43Input Value../prädiktivLow
44Input Valuexxxxxxxxx' xxx 'x'='xprädiktivHigh

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!