MATA Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (323)

Cronología

Idioma

en256
zh46
de6
fr6
es4

País

la206
us70
gb12
cn12
me12

Actores

Cobalt Strike15
Ave Maria9
Lazarus8
RedLine Stealer8
MATA6

Ocupaciones

Interesar

Cronología

Escribe

Not Defined100
Content Management System32
WordPress Plugin18
Operating System18
Groupware Software12

Proveedor

Not Defined126
Microsoft34
Apache10
Revive8
Alt-N4

Producto

Microsoft Windows16
WordPress10
Revive Adserver8
Microsoft Exchange Server6
Apache Tomcat6

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1TikiWiki tiki-register.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.63CVE-2006-6168
2Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 escalada de privilegios5.35.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000470.07CVE-2023-1453
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.67
4Tiki Admin Password tiki-login.php autenticación débil8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.01CVE-2020-15906
5WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.17CVE-2008-0507
6Primetek Primefaces cifrado débil8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.970130.04CVE-2017-1000486
7Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
8Microsoft Windows HMAC Key Derivation Local Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.03CVE-2023-36400
9LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
10WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
11ipTIME NAS-I Bulletin Manage escalada de privilegios7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
12RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.443730.03CVE-2023-38831
13request-baskets API Request {name} escalada de privilegios6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
14DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.95CVE-2010-0966
15PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.00CVE-2007-1287
16nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.26CVE-2020-12440
17Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
18NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
19DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd escalada de privilegios4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.09CVE-2022-41479
20Basilix Webmail login.php3 escalada de privilegios7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
12.4.17.15lfbn-mon-1-592-15.w2-4.abo.wanadoo.frMata2020-07-25verifiedAlto
223.227.199.5323-227-199-53.static.hvvc.usMATA2022-03-31verifiedAlto
323.227.199.6923-227-199-69.static.hvvc.usMATA2022-03-31verifiedAlto
423.254.119.12MATA2022-03-31verifiedAlto
5XX.XX.XXX.XXXXxxx2022-03-31verifiedAlto
6XX.XXX.XXX.XXXxxx2022-03-31verifiedAlto
7XXX.XXX.XX.XXxxx2022-03-31verifiedAlto
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx2022-03-31verifiedAlto
9XXX.XXX.XX.XXxxxxxxx.xxx-xxxxxxxxxxx.xxxxXxxx2022-03-31verifiedAlto
10XXX.XX.XXX.XXXxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxXxxx2022-03-31verifiedAlto
11XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx2022-03-31verifiedAlto
12XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxx2022-03-31verifiedAlto
13XXX.XX.XXX.XXXxxx2022-03-31verifiedAlto
14XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxx2022-03-31verifiedAlto
15XXX.XX.XX.XXXXxxx2022-03-31verifiedAlto
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxxXxxx2022-03-31verifiedAlto
17XXX.XXX.XXX.XXxxx2022-03-31verifiedAlto
18XXX.XX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx2022-03-31verifiedAlto
19XXX.XXX.XX.XXXxxxxxxx.xx-xxxx-xxx-xxxx.xxxXxxx2022-03-31verifiedAlto

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22, CWE-24Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (172)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/dl_sendmail.phppredictiveAlto
2File/adminPage/conf/reloadpredictiveAlto
3File/api/baskets/{name}predictiveAlto
4File/api/v2/cli/commandspredictiveAlto
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveAlto
6File/DXR.axdpredictiveMedio
7File/forum/away.phppredictiveAlto
8File/mfsNotice/pagepredictiveAlto
9File/novel/bookSetting/listpredictiveAlto
10File/novel/userFeedback/listpredictiveAlto
11File/out.phppredictiveMedio
12File/owa/auth/logon.aspxpredictiveAlto
13File/phppath/phppredictiveMedio
14File/spip.phppredictiveMedio
15File/systemrw/predictiveMedio
16File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveAlto
17File/zm/index.phppredictiveAlto
18Fileadclick.phppredictiveMedio
19Fileadmin.jcomments.phppredictiveAlto
20Fileadmin/gv_mail.phppredictiveAlto
21Fileapplication/modules/admin/views/ecommerce/products.phppredictiveAlto
22Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxx.xxxpredictiveMedio
24Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveAlto
25Filexxxx_xxxxxxx.xxxpredictiveAlto
26Filexxxxxxxx.xxxpredictiveMedio
27Filexxxxxx.xxxpredictiveMedio
28Filexxxxx.xxxpredictiveMedio
29Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveAlto
30Filexxxxx-xxxxxxx.xxxpredictiveAlto
31Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
32Filexxxxxxxxxx\xxxx.xxxpredictiveAlto
33Filexxxxxxxxxxx.xxxpredictiveAlto
34Filexxxx-xxxxxx.xxxpredictiveAlto
35Filexxxx.xxxpredictiveMedio
36Filexxx/xxxx/xxxx_xxxxxx.xpredictiveAlto
37Filexxxxxxxxxxx.xxxxx.xxxpredictiveAlto
38Filexxxxxxx.xxxpredictiveMedio
39Filexxxxx.xxxpredictiveMedio
40Filexxxx.xxxpredictiveMedio
41Filexxxxx_xxxx.xxxpredictiveAlto
42Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
43Filexxx/xxxxxx.xxxpredictiveAlto
44Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveAlto
45Filexxxxx.xxxxpredictiveMedio
46Filexxxxx.xxxpredictiveMedio
47Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveAlto
48Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveAlto
49Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveAlto
50Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveAlto
51Filexxxx_xxxx.xxxpredictiveAlto
52Filexxxx_xxxxxxx.xxxpredictiveAlto
53Filexxxxx.xxxxpredictiveMedio
54Filexxxxx.xxxpredictiveMedio
55Filexxxx.xxxxpredictiveMedio
56Filexxxxxx/xxxxxxxxx.xxxpredictiveAlto
57Filexx_xxxx.xpredictiveMedio
58Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveAlto
59Filexxxxxxx_xxxx.xxxpredictiveAlto
60Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
61Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveAlto
62Filexxxxxxx.xxxpredictiveMedio
63Filexxxxxxxxxxxxx.xxxpredictiveAlto
64Filexxxxxxxxxxxx.xxxpredictiveAlto
65Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveAlto
66Filexxxxx.xxxpredictiveMedio
67Filexxxx.xxxpredictiveMedio
68Filexxxxxxxx.xxxpredictiveMedio
69Filexxxxxxxxxx.xxxpredictiveAlto
70Filexxxxxxxx.xxpredictiveMedio
71Filexxxx_xxxx_xxxxxx.xxxpredictiveAlto
72Filexxxxxxxxxxxxxx.xxxpredictiveAlto
73Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
74Filexxxx_xxxxx.xxxxpredictiveAlto
75Filexxxxxxxxxx_xxxx.xxxpredictiveAlto
76Filexxx/xxxx/xxxxpredictiveAlto
77Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveAlto
78Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
79Filexxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
80Filexxxx_xxxxxx.xxpredictiveAlto
81Filexxxx-xxxxx.xxxpredictiveAlto
82Filexxxx-xxxxxxxx.xxxpredictiveAlto
83Filexxxxxx_xxxxx.xxxpredictiveAlto
84Filexxxxxx.xxxpredictiveMedio
85Filexxx.xxxpredictiveBajo
86Filexxxxxxx-xxxxx.xxxpredictiveAlto
87Filexxxx_xxxxx.xxxpredictiveAlto
88Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
89Filexxxx.xxxpredictiveMedio
90Filexxxxxxxx.xxxpredictiveMedio
91Filexxxxxxxxx.xxxpredictiveAlto
92Filexx-xxxxx-xxxxxx.xxxpredictiveAlto
93Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
94Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
95Filexx-xxxxxxxxx.xxxpredictiveAlto
96Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
97Filexxxx.xxxpredictiveMedio
98File_xxxxxxxx/xxxx?xxxxpredictiveAlto
99File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveAlto
100File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
101Libraryxxxxxx.xxxpredictiveMedio
102Libraryxxxxxx.xxxpredictiveMedio
103Libraryxxxxxx.xxxpredictiveMedio
104Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveAlto
105Libraryxxxx-xxxxxx.xxxpredictiveAlto
106Argumentxxx_xxxpredictiveBajo
107ArgumentxxxxpredictiveBajo
108ArgumentxxxxxxxxxpredictiveMedio
109ArgumentxxxxxxxxpredictiveMedio
110Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveAlto
111Argumentxxxxx_xxxxpredictiveMedio
112Argumentxxxx_xxx_xxxxpredictiveAlto
113ArgumentxxxpredictiveBajo
114ArgumentxxxxxxxxxpredictiveMedio
115ArgumentxxxxxxxxxxpredictiveMedio
116Argumentxxx_xxpredictiveBajo
117ArgumentxxxpredictiveBajo
118ArgumentxxxpredictiveBajo
119ArgumentxxxxxxxxxxxxxxxpredictiveAlto
120Argumentxxxx_xxpredictiveBajo
121ArgumentxxxpredictiveBajo
122ArgumentxxxxpredictiveBajo
123Argumentxxxxxxxxx_xxxxxxpredictiveAlto
124ArgumentxxxxxxxxxpredictiveMedio
125Argumentxx_xxxxxxxpredictiveMedio
126ArgumentxxxxpredictiveBajo
127ArgumentxxxxxxxxpredictiveMedio
128ArgumentxxxxxpredictiveBajo
129Argumentxxxxxx_xxxxxpredictiveMedio
130ArgumentxxxxxxxxxpredictiveMedio
131Argumentxx_xxpredictiveBajo
132Argumentxxxxxxx[xxxxxxx]predictiveAlto
133ArgumentxxxxxxxpredictiveBajo
134ArgumentxxxxxxpredictiveBajo
135ArgumentxxxxxpredictiveBajo
136ArgumentxxpredictiveBajo
137ArgumentxxxpredictiveBajo
138ArgumentxxxxpredictiveBajo
139ArgumentxxxxpredictiveBajo
140Argumentxxxx/xxxxxxxxpredictiveAlto
141Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveAlto
142ArgumentxxxxxxxxpredictiveMedio
143Argumentxx_xxpredictiveBajo
144Argumentxxxxxx/xxxxx/xxxxpredictiveAlto
145ArgumentxxxxxxxpredictiveBajo
146ArgumentxxxxxxxpredictiveBajo
147ArgumentxxxxpredictiveBajo
148ArgumentxxxxxxxxpredictiveMedio
149Argumentxxxxxx_xxxxxxpredictiveAlto
150Argumentxxxxxxxx_xxpredictiveMedio
151Argumentxxxxxxxx_xxxpredictiveMedio
152Argumentxxxxxx_xxxxxpredictiveMedio
153ArgumentxxxpredictiveBajo
154Argumentxxxx_xxxxpredictiveMedio
155ArgumentxxxxpredictiveBajo
156ArgumentxxxxxxpredictiveBajo
157ArgumentxxxxxxxpredictiveBajo
158Argumentxxx_xxxxpredictiveMedio
159ArgumentxxxpredictiveBajo
160Argumentxx_xxpredictiveBajo
161ArgumentxxxxxpredictiveBajo
162Argumentxxxxx_xxpredictiveMedio
163ArgumentxxxpredictiveBajo
164ArgumentxxxxxxpredictiveBajo
165ArgumentxxxxxxxxpredictiveMedio
166Argument_xxx_xxxxxxxxxxx_predictiveAlto
167Input Value<xxxxxx >xxxxx(xxx)</xxxxxx>predictiveAlto
168Input Valuexxxxxxxxx' xxx 'x'='xpredictiveAlto
169Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
170Pattern|xx xx xx xx|predictiveAlto
171Network PortxxxxxpredictiveBajo
172Network Portxxx/xxxxxpredictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!