Xanthe Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Idioma

en	24
zh	18
ja	6

País

cn	26
us	8
jp	6
gb	4

Actores

LoggerMiner	2
Xanthe	2
Rhadamanthys	1
Cobalt Strike	1
PhotoLoader	1

Interesar

Escribe

Not Defined	18
Continuous Integration Software	4
Web Server	2
Router Operating System	2
Application Server Software	2

Proveedor

Not Defined	24
Microsoft	4
Apache	4
MikroTik	2
Google	2

Producto

Jenkins	4
nginx	2
BusyBox	2
MikroTik RouterOS	2
Weblogicnet	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Apache Archiva File Upload Service cross site scripting	5.1	5.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00108	0.00	CVE-2023-28158
2	Splunk Enterprise Forwarder Bundle escalada de privilegios	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.00	CVE-2022-32158
3	Microsoft Windows 16-bit Compatibility divulgación de información	3.3	3.3	$25k-$100k	$0-$5k	Not Defined	Workaround	0.00000	0.02
4	virglrenderer IOCTL desbordamiento de búfer	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2022-0135
5	EQdkp dbal.php escalada de privilegios	6.5	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03188	0.04	CVE-2006-2256
6	MikroTik RouterOS HTTP Server denegación de servicio	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00078	0.00	CVE-2019-13955
7	Dreamer CMS cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00047	0.00	CVE-2023-29774
8	Weblogicnet es_desp.php escalada de privilegios	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.08879	0.00	CVE-2007-4715
9	PrestaShop sql injection	8.0	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.83896	0.05	CVE-2021-3110
10	Oracle MySQL Server Compiling denegación de servicio	7.2	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2021-22570
11	Microsoft Outlook autenticación débil	9.0	8.6	$5k-$25k	$0-$5k	Functional	Official Fix	0.92645	0.05	CVE-2023-23397
12	Apache Dubbo Generic Invoke escalada de privilegios	5.0	5.0	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01479	0.00	CVE-2023-23638
13	Grafana Authentication Cookies divulgación de información	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00101	0.02	CVE-2022-39201
14	Hugo Pandoc Document exec escalada de privilegios	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00228	0.02	CVE-2020-26284
15	GNU C Library Call Graph Monitor gmon.c __monstartup desbordamiento de búfer [Disputa]	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00121	0.30	CVE-2023-0687
16	nginx escalada de privilegios	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	5.26	CVE-2020-12440
17	Google Chrome denegación de servicio	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00989	0.02	CVE-2011-2796
18	Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout denegación de servicio	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00270	0.00	CVE-2022-40279
19	Microsoft Internet Explorer FTP Server desbordamiento de búfer	6.3	6.3	$25k-$100k	$0-$5k	High	Unavailable	0.96973	0.07	CVE-2009-3023
20	Microsoft Windows Shell Shortcut Parser escalada de privilegios	10.0	9.5	$100k y más	$0-$5k	High	Official Fix	0.97223	0.05	CVE-2010-2568

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	34.92.166.158	158.166.92.34.bc.googleusercontent.com	Xanthe	2022-02-02	verified	Medio
2	XX.XXX.XX.XX		Xxxxxx	2022-02-02	verified	Alto
3	XXX.XX.XX.XX	xxxxxxx.xxx	Xxxxxx	2022-02-02	verified	Alto
4	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxx	2022-02-02	verified	Alto
5	XXX.XX.XX.XXX		Xxxxxx	2022-02-02	verified	Alto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1040	CAPEC-102	CWE-294	Authentication Bypass by Capture-replay	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	auth2-gss.c	predictive	Medio
2	File	category.php	predictive	Medio
3	File	es_desp.php	predictive	Medio
4	File	xxxx.x	predictive	Bajo
5	File	xxxxxxxx/xxxx.xxx	predictive	Alto
6	File	xx/xxxx	predictive	Bajo
7	File	xxxxxx.xxx	predictive	Medio
8	File	xxxx-xxxxxx.x	predictive	Alto
9	File	xxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
10	File	xxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.x	predictive	Alto
11	Argument	xxxxx_xxxx_xxxx	predictive	Alto
12	Argument	xxxxx_xxx	predictive	Medio
13	Argument	xxxx/xx	predictive	Bajo
14	Argument	xx_xxxxxxxx	predictive	Medio
15	Argument	xxxx	predictive	Bajo
16	Argument	xxxx	predictive	Bajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!