MosaicRegressor Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Idioma

en	24
zh	16

País

cn	30
us	2

Actores

MosaicRegressor	5
Cobalt Strike	2
Venom RAT	1
Winnti	1

Interesar

Escribe

Not Defined	12
Content Management System	6
Enterprise Resource Planning Software	4
Groupware Software	2
Web Server	2

Proveedor

Not Defined	8
Oracle	6
Synacor	2
Elasticsearch	2
Microsoft	2

Producto

Oracle PeopleSoft Enterprise PeopleTools	4
Synacor Zimbra Collaboration	2
nginx	2
Elasticsearch Kibana	2
Microsoft Edge	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Zhong Bang CRMEB PublicController.php get_image_base64 escalada de privilegios	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00067	0.04	CVE-2023-3233
2	Synacor Zimbra Collaboration XML External Entity	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00441	0.02	CVE-2016-9924
3	MikroTik RouterOS Resolver desbordamiento de búfer	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00201	0.00	CVE-2020-20249
4	Oracle Secure Backup Remote Code Execution	9.8	9.8	$25k-$100k	$0-$5k	Not Defined	Not Defined	0.95514	0.00	CVE-2011-2261
5	Oracle Secure Backup autenticación débil	5.3	5.3	$5k-$25k	$0-$5k	High	Not Defined	0.12570	0.00	CVE-2010-0904
6	OpenProject Public Project robots.txt divulgación de información	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.02	CVE-2023-33960
7	Synology SSO Server WebAPI directory traversal	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2022-27620
8	All-in-One WP Migration Plugin class-ai1wm-backups.php directory traversal	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.04	CVE-2022-1476
9	Joomla CMS sql injection	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.81423	0.02	CVE-2015-7857
10	CKeditor FCKeditor print_textinputs_var cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00467	0.04	CVE-2012-4000
11	webTareas New Profile cross site request forgery	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00177	0.00	CVE-2021-41916
12	WordPress wp_crop_image directory traversal	5.9	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.95884	0.02	CVE-2019-8943
13	Concrete CMS File Manager escalada de privilegios	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00945	0.03	CVE-2021-22968
14	WordPress WP_Query sql injection	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.93536	0.00	CVE-2022-21661
15	Linux Kernel msr escalada de privilegios	5.1	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00196	0.03	CVE-2013-0268
16	HP Printer/MFP cross site request forgery	6.5	6.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00073	0.00	CVE-2018-5921
17	Plesk Obsidian Reflected cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.00	CVE-2020-11583
18	FreePBX index_amp.php cross site scripting	8.8	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00773	0.00	CVE-2012-4870
19	Thycotic Secret Server Remote Desktop Launcher Temporary escalada de privilegios	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.00	CVE-2014-4861
20	ZyXEL VMG3312-B10B default.cfg escalada de privilegios	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00194	0.03	CVE-2018-18754

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Actor	Identified	Escribe	Confianza
1	43.252.228.75	MosaicRegressor	2022-08-10	verified	Alto
2	43.252.228.84	MosaicRegressor	2022-08-10	verified	Alto
3	43.252.228.179	MosaicRegressor	2022-08-10	verified	Alto
4	43.252.228.252	MosaicRegressor	2022-08-10	verified	Alto
5	XX.XXX.XXX.XXX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
6	XX.XXX.XXX.XXX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
7	XXX.XX.XXX.XX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
8	XXX.XX.XX.XX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
9	XXX.XX.XX.XXX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
10	XXX.XXX.XX.XXX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
11	XXX.XX.X.X	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
12	XXX.XX.XX.XX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
13	XXX.XX.XXX.XX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
14	XXX.XX.XXX.XXX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
15	XXX.XXX.XX.XX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto
16	XXX.XXX.XXX.XX	Xxxxxxxxxxxxxxx	2022-08-10	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/dev/cpu/*/msr	predictive	Alto
2	File	/index_amp.php	predictive	Alto
3	File	/xxxxxx.xxx	predictive	Medio
4	File	/xxx/xxx/xxxxx	predictive	Alto
5	File	xxx/xxxxxxxxxx/xx/xxxxxxxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxxxxxx/xxxxxxxxxx.xxxx	predictive	Alto
7	File	xxx/xxxxxxx.xxx	predictive	Alto
8	File	xxx/xxxx/xxx.x	predictive	Alto
9	Library	~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxx	predictive	Alto
10	Argument	xxxxxxx	predictive	Bajo
11	Argument	xxxx	predictive	Bajo
12	Argument	xxxxxxxxx	predictive	Medio
13	Input Value	.xxx?/../../xxxx.xxx	predictive	Alto
14	Input Value	xxxx+x@!xxxx+	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!