Monero Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Cronología

Idioma

zh36
en16
ja2

País

cn50
us4

Actores

Cobalt Strike2
Monero2
pupy1
Tofsee1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined18
File Transfer Software4
Database Software4
JavaScript Library4
Content Management System4

Proveedor

Not Defined34
Microsoft4
Aladdin Knowledge Systems2
D-Link2
Cakefoundation2

Producto

Samba4
PostgreSQL4
laravel-jqgrid2
Aladdin Knowledge Systems eSafe Gateway2
Micro Air Vehicle Link2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1CakePHP offset sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.07CVE-2023-22727
2PHPMailer Phar Deserialization addAttachment escalada de privilegios5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
3WordPress Editor divulgación de información4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006560.06CVE-2021-29450
4PostgreSQL escalada de privilegios6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.03CVE-2017-12172
5PbootCMS function.php parserIfLabel escalada de privilegios8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.525510.07CVE-2022-32417
6PHP PHAR phar_dir_read desbordamiento de búfer8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000830.05CVE-2023-3824
7GNUBOARD5 install_db.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.00CVE-2020-18662
8Axios Package Redirect escalada de privilegios5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.002740.03CVE-2020-28168
9Workerman-ThinkPHP-Redis Controller.class.php cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2021-43697
10Aladdin Knowledge Systems eSafe Gateway Filter escalada de privilegios7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.016220.00CVE-2001-0521
11Adminer escalada de privilegios8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006790.00CVE-2018-7667
12QuiXplorer index.php directory traversal7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.085210.00CVE-2013-1641
13Softnext SPAM SQR escalada de privilegios7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.07CVE-2023-24835
14Cakefoundation CakePHP Error Message divulgación de información5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003180.00CVE-2011-3712
15rap2hpoutre Laravel Log Viewer Base64 Encoding escalada de privilegios7.47.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.063600.00CVE-2018-8947
16UniSharp laravel-filemanager download directory traversal5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.106270.03CVE-2022-40734
17exceedone Exment/laravel-admin sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001290.03CVE-2022-37333
18laravel-admin escalada de privilegios5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001560.03CVE-2023-24249
19Laravel destruct escalada de privilegios7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001100.05CVE-2021-28254
20laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.07CVE-2021-4262

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
137.187.154.37ns320368.ip-37-187-154.euMonero2019-12-15verifiedAlto
2XX.XX.XXX.XXXXxxxxx2019-12-15verifiedAlto
3XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx2019-06-10verifiedAlto
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx2019-06-10verifiedAlto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClaseVulnerabilidadVector de accesoEscribeConfianza
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1FileController.class.phppredictiveAlto
2Filedata/gbconfiguration.datpredictiveAlto
3Filedede\co_do.phppredictiveAlto
4FilexxxxxxxxpredictiveMedio
5Filexxxxxxxx.xxxpredictiveMedio
6Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxx.xxxpredictiveMedio
8Filexxxxxxx_xx.xxxpredictiveAlto
9Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveAlto
10Filexxxxxx.xxpredictiveMedio
11Filexxxx-xxxxxx.xpredictiveAlto
12Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
13Filexxxx-xxxxxxxx.xxxpredictiveAlto
14ArgumentxxxxxxpredictiveBajo
15ArgumentxxxpredictiveBajo
16Argumentx/xx/xxxpredictiveMedio
17ArgumentxxxxxxpredictiveBajo
18Argumentxxxxxxxx[]predictiveMedio
19ArgumentxxxxxxpredictiveBajo
20Argumentxxxxx_xxxxxxpredictiveMedio
21ArgumentxxxxxxxxpredictiveMedio
22Argumentxxxxxxx_xxxpredictiveMedio

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!