Machete Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Chronologie

Langue

en108
ru10
fr4
zh2
it2

De campagne

us78
ca12
ru12
fr2

Acteurs

Machete6
Donot1
RagnarLocker1
Bashlite1
DPRK1

Activités

Intérêt

Chronologie

Taper

Not Defined42
Content Management System16
Forum Software12
Programming Language Software10
Web Browser8

Fournisseur

Not Defined40
Apple8
DUware4
Oracle4
Google4

Produit

vBulletin4
Jetbox One CMS4
Google Chrome4
Splunk Enterprise2
DUware DUpaypal2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1WordPress Access Restriction user-new.php elévation de privilèges7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
2Apple iOS/iPadOS Kernel divulgation de l'information3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.007780.00CVE-2020-27950
3Joe Depasquale Bannermatic Ban File divulgation de l'information5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002310.00CVE-2002-2342
4PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
5Skrypty Ppa Gallery functions.inc.php buffer overflow7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.02CVE-2005-2199
6Lighthouse Development Squirrelcart cart_content.php elévation de privilèges6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
7Oracle GoldenGate dénie de service7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015680.00CVE-2021-3749
8Microsoft Windows Asynchronous RPC Request elévation de privilèges9.08.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.905410.01CVE-2013-3175
9vBulletin visitormessage.php elévation de privilèges7.57.4$0-$5k$0-$5kHighUnavailable0.031040.02CVE-2014-9463
10phpBB startup.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431
11PHPizabi index.php directory traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.00CVE-2008-3723
12Pharmacy Sales and Inventory System manage_user.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-30407
13Hospital Patient Record Management System elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-24232
14Zentrack index.php directory traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.08
15Zentrack index.php elévation de privilèges7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
16PhotoPost PhotoPost vBGallery File Upload upload.php elévation de privilèges6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.04CVE-2008-7088
17Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
18Cutephp CuteNews URL comments.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018490.01CVE-2003-1240
19myWebland myEvent event.php elévation de privilèges7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.404760.06CVE-2006-1890
20myEvent event.php elévation de privilèges7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
131.207.44.72Machete31/03/2022verifiedÉlevé
269.64.43.33falcon207.startdedicated.comMachete17/12/2020verifiedÉlevé
3XXX.XX.XXX.XXxxx-xx-xxx-xx.xxx.xxxx.xxXxxxxxx17/12/2020verifiedÉlevé
4XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxx17/12/2020verifiedÉlevé
5XXX.XX.XXX.XXXxxxxxx17/12/2020verifiedÉlevé
6XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxx17/12/2020verifiedÉlevé
7XXX.X.X.XXXxxxxxx.xxx.x.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx17/12/2020verifiedÉlevé
8XXX.XXX.XXX.XXXxxxxxx17/12/2020verifiedÉlevé
9XXX.XX.XX.XXXxx-xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxx17/12/2020verifiedÉlevé
10XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxxXxxxxxx17/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/config.php?display=backuppredictiveÉlevé
2File/pharmacy-sales-and-inventory-system/manage_user.phppredictiveÉlevé
3File/proc/self/cwdpredictiveÉlevé
4File/Side.phppredictiveMoyen
5File/textpattern/index.phppredictiveÉlevé
6Fileaccount.asppredictiveMoyen
7Fileadmin.phppredictiveMoyen
8FileadminAttachments.phppredictiveÉlevé
9FileadminBoards.phppredictiveÉlevé
10FileadminPolls.phppredictiveÉlevé
11Fileal_initialize.phppredictiveÉlevé
12Filease.phppredictiveFaible
13Filebb_usage_stats.phppredictiveÉlevé
14Filecart_content.phppredictiveÉlevé
15Filexxxxx.xxxxx.xxxpredictiveÉlevé
16Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
17Filexxxxxxx.xxxpredictiveMoyen
18Filexxxxxx.xxxpredictiveMoyen
19Filexxxxxxxx.xxx.xxxpredictiveÉlevé
20Filexxxxx.xxxpredictiveMoyen
21Filexxxxxxxxxxx.xxxxx.xxxpredictiveÉlevé
22Filexxxx_xxxxxxxx.xxxpredictiveÉlevé
23Filexxxxxxxxx_xxx_xxxx.xxxpredictiveÉlevé
24Filexxxx.xxxpredictiveMoyen
25Filexxxxxxxxxx.xxxpredictiveÉlevé
26Filexxxxxxxxx.xxxpredictiveÉlevé
27Filexxx/xxxxxxxxx.xxx.xxxpredictiveÉlevé
28Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveÉlevé
29Filexxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
30Filexxxxx.xxxpredictiveMoyen
31Filexxxxx.xxx?xx=xxxxxxxxxpredictiveÉlevé
32Filexxxx.xxxpredictiveMoyen
33Filexxx_xxxxxxxx.xxxpredictiveÉlevé
34Filexxx.xxxpredictiveFaible
35Filexxxxxxxx.xxxpredictiveMoyen
36Filexxxxxxx/xxx/xxxxx.xxxpredictiveÉlevé
37Filexxxxxx_xx.xxxpredictiveÉlevé
38Filexxxxxxxxx.xxx.xxxpredictiveÉlevé
39Filexxxxxxx.xxxpredictiveMoyen
40Filexxxxxxxxxx.xxxpredictiveÉlevé
41Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveÉlevé
42Filexxxxxxxxxx.xxxx.xxxpredictiveÉlevé
43Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveÉlevé
44Filexxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveÉlevé
45Filexxxxxx.xxxpredictiveMoyen
46Filexxxx.xxxpredictiveMoyen
47Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveÉlevé
48Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveÉlevé
49Filexxxxxxxxxxx.xxxpredictiveÉlevé
50Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveÉlevé
51Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
52Filexxxxxx.xxxpredictiveMoyen
53Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveÉlevé
54Filexxxxxxx.xxxpredictiveMoyen
55Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
56Filexx-xxxxx/xxxx-xxx.xxxpredictiveÉlevé
57Filexxxxxxxxxxxx.xxxpredictiveÉlevé
58Libraryxxxxxxxx-xx.xxxpredictiveÉlevé
59Libraryxxx xxxxxxxxxxpredictiveÉlevé
60Libraryxxxx.xxx.xxxpredictiveMoyen
61ArgumentxxxxxxpredictiveFaible
62ArgumentxxxxpredictiveFaible
63ArgumentxxxxpredictiveFaible
64Argumentxxxx_xxx_xxxxpredictiveÉlevé
65ArgumentxxxpredictiveFaible
66Argumentxxx_xxpredictiveFaible
67ArgumentxxxxxxxxxxxxxxxpredictiveÉlevé
68ArgumentxxxxxxxxxxpredictiveMoyen
69Argumentxxxxxx[xxx_xxxx_xxxx]predictiveÉlevé
70ArgumentxxxxxxxpredictiveFaible
71ArgumentxxxxxxxxpredictiveMoyen
72ArgumentxxxxxxxxpredictiveMoyen
73Argumentxx_xxxxx_xxpredictiveMoyen
74Argumentxx_xxxxxxxpredictiveMoyen
75ArgumentxxxxxxxxpredictiveMoyen
76Argumentxxxx_xxpredictiveFaible
77ArgumentxxxxxxxpredictiveFaible
78Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveÉlevé
79Argumentxxxx[xxxxxxx]predictiveÉlevé
80ArgumentxxpredictiveFaible
81ArgumentxxxxxxxxxpredictiveMoyen
82ArgumentxxxxpredictiveFaible
83ArgumentxxxxxxpredictiveFaible
84Argumentxxxx_xxxxpredictiveMoyen
85ArgumentxxxxxxxpredictiveFaible
86Argumentxxx_xxxx_xxxxpredictiveÉlevé
87Argumentxx_xxxxxxxxpredictiveMoyen
88Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveÉlevé
89Argumentxxxxxxx_xxxxpredictiveMoyen
90Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveÉlevé
91ArgumentxxxxxpredictiveFaible
92ArgumentxxxxpredictiveFaible
93Argumentxxxx_xx_xx_xxxpredictiveÉlevé
94ArgumentxxxxxxxxxpredictiveMoyen
95Argumentxxxxx_xxxx_xxxxpredictiveÉlevé
96ArgumentxxxxxpredictiveFaible
97Argumentxxxxxxxxxx[x]predictiveÉlevé
98Argumentxx_xxxxpredictiveFaible
99Argumentxxxxxx_xxxxpredictiveMoyen
100ArgumentxxxxxpredictiveFaible
101ArgumentxxxxxxxxxxpredictiveMoyen
102ArgumentxxxxxxxxpredictiveMoyen
103Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveÉlevé
104Input Value\xxx../../../../xxx/xxxxxxpredictiveÉlevé
105Patternxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxpredictiveÉlevé
106Pattern|xx xx xx xx|predictiveÉlevé

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!