Magniber Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (44)

Chronologie

Langue

en32
zh8
ru2
es2

De campagne

us26
cn8
gb2
ir2
zw2

Acteurs

Magniber6
Space Pirates1
Qakbot1
Fareit1
Arid Viper1

Activités

Intérêt

Chronologie

Taper

Not Defined18
Chat Software4
Operating System4
Database Administration Software2
Firewall Software2

Fournisseur

Not Defined14
Tencent4
Microsoft4
Forcepoint2
Thomas R. Pasawicz2

Produit

Microsoft Windows4
firefly-iii4
Freeciv2
Tencent WeChat Desktop2
Server2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Apache RocketMQ Broker directory traversal6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000580.04CVE-2019-17572
3Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.60
4firefly-iii elévation de privilèges6.86.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001660.00CVE-2023-1789
5Nacos Access Control elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001260.02CVE-2020-19676
6firefly-iii authentification faible6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001660.02CVE-2023-1788
7RainLoop Webmail XSS Protection Mechanism cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2019-13389
8Freeciv Packet dénie de service6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.019330.00CVE-2012-6083
9Cisco IOS XE Web-based User Interface elévation de privilèges7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.777970.00CVE-2019-12650
10ThinkPHP elévation de privilèges7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001770.02CVE-2022-45982
11F5 BIG-IP Configuration Utility authentification faible8.98.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.971350.02CVE-2023-46747
12Ivanti Pulse Connect Secure Push Configuration targets.cgi divulgation de l'information2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.04CVE-2021-44720
13Pulse Secure Pulse Connect Secure Applet tncc.jar authentification faible8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.001840.00CVE-2020-11580
14Oracle Database Server Remote Code Execution7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.105030.00CVE-2009-1019
15WordPress Pingback elévation de privilèges5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
16KubeOperator System API elévation de privilèges7.37.3$0-$5k$0-$5kNot DefinedOfficial Fix0.014870.02CVE-2023-22480
17Umbraco FeedProxy.aspx.cs Page_Load elévation de privilèges7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005110.04CVE-2015-8813
18Adobe Connect Server AMF Message elévation de privilèges8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014360.02CVE-2021-40719
19WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
20e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.32.170.3845.32.170.38.vultrusercontent.comMagniber18/03/2024verifiedÉlevé
251.68.238.215Magniber18/03/2024verifiedÉlevé
3XX.XXX.XXX.XXXXxxxxxxx18/03/2024verifiedÉlevé
4XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxxxx28/07/2022verifiedÉlevé
5XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxx28/07/2022verifiedÉlevé
6XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx09/12/2022verifiedÉlevé
7XXX.XX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx18/03/2024verifiedÉlevé
8XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxXxxxxxxx28/07/2022verifiedÉlevé
9XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxXxxxxxxx28/07/2022verifiedÉlevé
10XXX.XXX.XXX.XXXxxxxxxx18/03/2024verifiedÉlevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/controller/Index.phppredictiveÉlevé
2File/menu.htmlpredictiveMoyen
3Filexxxxx.xxxpredictiveMoyen
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
5Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
6Filexxxxxxx.xxxpredictiveMoyen
7Filexxxx.xxxpredictiveMoyen
8Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveÉlevé
9Argument?xxxxxxpredictiveFaible
10ArgumentxxxxxxxxxxpredictiveMoyen
11ArgumentxxxxxxxxxpredictiveMoyen
12ArgumentxxxpredictiveFaible

Références (5)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!