Miner Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (366)

Langue

en	318
fr	14
ru	12
de	12
ja	6

De campagne

sc	176
us	78
li	16
de	4

Acteurs

Miner	4
Tor2mine	1
Gafgyt	1
Bashlite	1
EwDoor	1

Intérêt

Taper

Not Defined	144
Content Management System	18
Firewall Software	18
Operating System	16
Router Operating System	12

Fournisseur

Not Defined	126
Microsoft	18
Cisco	14
Siemens	14
Google	12

Produit

Microsoft Windows	8
Google Chrome	8
F5 BIG-IP	8
Cisco ASA	6
Apache HTTP Server	6

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	spring-boot-actuator-logview LogViewEndpoint.view directory traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.05	CVE-2023-29986
2	Apache HTTP Server elévation de privilèges	5.3	5.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00043	0.00	CVE-2023-38709
3	Jetty URI elévation de privilèges	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.47555	0.00	CVE-2021-34429
4	portable SDK for UPnP unique_service_name buffer overflow	10.0	9.5	$0-$5k	$0-$5k	High	Official Fix	0.97445	0.00	CVE-2012-5958
5	jquery-bbq Prototype Object.prototype elévation de privilèges	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00102	0.00	CVE-2021-20086
6	nginx elévation de privilèges	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	0.00	CVE-2020-12440
7	CKFinder File Name elévation de privilèges	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00155	0.06	CVE-2019-15862
8	Asus RT-AC2900 elévation de privilèges	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08597	0.02	CVE-2018-8826
9	GitLab Community Edition/Enterprise Edition Permission elévation de privilèges	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.04	CVE-2019-18446
10	phpMyAdmin PMA_safeUnserialize elévation de privilèges	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00433	0.00	CVE-2016-9865
11	phpMyAdmin Username sql injection	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00326	0.03	CVE-2016-9864
12	Red Hat JBoss Enterprise Application Platform Class elévation de privilèges	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00362	0.00	CVE-2023-3171
13	Red Hat JBoss Core Services httpd directory traversal	3.5	3.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00090	0.04	CVE-2021-3688
14	Ivanti Connect Secure/Policy Secure Web elévation de privilèges	8.6	8.6	$0-$5k	$0-$5k	High	Workaround	0.97322	0.00	CVE-2024-21887
15	Ivanti Endpoint Manager sql injection	9.2	9.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.02	CVE-2023-39336
16	Ivanti Sentry elévation de privilèges	9.2	9.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.02	CVE-2023-41724
17	Ivanti Connect Secure/Policy Secure IPSec buffer overflow	7.7	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.06	CVE-2024-21894
18	F5 BIG-IP Configuration Utility directory traversal	9.3	9.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00321	0.07	CVE-2023-41373
19	F5 BIG-IP Configuration Utility authentification faible	8.9	8.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97135	0.00	CVE-2023-46747
20	F5 BIG-IP iControl REST Endpoint elévation de privilèges	6.7	6.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2024-22093

IOC - Indicator of Compromise (29)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	5.9.116.27	static.27.116.9.5.clients.your-server.de	Miner	14/04/2022	verified	Élevé
2	5.9.175.19	static.19.175.9.5.clients.your-server.de	Miner	14/04/2022	verified	Élevé
3	5.9.176.3	static.3.176.9.5.clients.your-server.de	Miner	14/04/2022	verified	Élevé
4	5.9.198.83	static.83.198.9.5.clients.your-server.de	Miner	14/04/2022	verified	Élevé
5	13.107.21.200		Miner	14/04/2022	verified	Élevé
6	23.6.70.227	a23-6-70-227.deploy.static.akamaitechnologies.com	Miner	14/04/2022	verified	Élevé
7	XX.XX.XXX.XX	xxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
8	XX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
9	XX.XX.XXX.XX	xxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
10	XX.XXX.XX.XX	xxx-xx-xxx-xx-xx.xx-xxxxxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Moyen
11	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Moyen
12	XX.XXX.XXX.XX	xx.xxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
13	XX.XXX.XXX.XX	xx.xxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
14	XX.XX.XX.XX	xx.xxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
15	XX.XXX.XXX.XX	xxx.xxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
16	XX.XXX.XX.XX		Xxxxx	11/03/2022	verified	Élevé
17	XX.X.XX.XXX	xxx-x-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
18	XX.X.XX.XX	xxx-x-xx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
19	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
20	XXX.XX.XXX.XX		Xxxxx	09/07/2022	verified	Élevé
21	XXX.XXX.X.X		Xxxxx	14/04/2022	verified	Élevé
22	XXX.XXX.XX.X		Xxxxx	14/04/2022	verified	Élevé
23	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
24	XXX.XXX.XX.XX	xxxx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
25	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé
26	XXX.X.XX.XXX	xxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx	14/04/2022	verified	Élevé
27	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xx.xxx.xx	Xxxxx	11/03/2022	verified	Élevé
28	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xx.xxx.xx	Xxxxx	11/03/2022	verified	Élevé
29	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxx	14/04/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22, CWE-23	Path Traversal	predictive	Élevé
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Élevé
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
4	T1059	CWE-94	Argument Injection	predictive	Élevé
5	T1059.007	CWE-79	Cross Site Scripting	predictive	Élevé
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Élevé
13	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
14	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
15	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	predictive	Élevé
16	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Élevé
17	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
18	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Élevé
19	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
20	TXXXX.XXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Élevé
21	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/admin.php/pic/admin/type/pl_save	predictive	Élevé
2	File	/admin/sysmon.php	predictive	Élevé
3	File	/api/content/posts/comments	predictive	Élevé
4	File	/app/sys1.php	predictive	Élevé
5	File	/churchcrm/WhyCameEditor.php	predictive	Élevé
6	File	/debug/pprof	predictive	Moyen
7	File	/example/editor	predictive	Élevé
8	File	/goform/aspForm	predictive	Élevé
9	File	/Home/GetAttachment	predictive	Élevé
10	File	/index.php?page=search/rentals	predictive	Élevé
11	File	/members/view_member.php	predictive	Élevé
12	File	/mgmt/tm/util/bash	predictive	Élevé
13	File	/modules/projects/vw_files.php	predictive	Élevé
14	File	/xxx_xxxx_xxxxxxx.xxx	predictive	Élevé
15	File	/xxxx.xxx	predictive	Moyen
16	File	/xxxxxxxx/xxxx	predictive	Élevé
17	File	/xxx/xxx/xxxxxxx/	predictive	Élevé
18	File	xxxxx.xxx	predictive	Moyen
19	File	xxxxx/xxxxxx.xxx	predictive	Élevé
20	File	xxxxx.xxx	predictive	Moyen
21	File	xxx-xxx/xxxx_xxx.xxx	predictive	Élevé
22	File	xxx.xxx	predictive	Faible
23	File	xxxxxx\xxx.x	predictive	Moyen
24	File	xxxxxx.x	predictive	Moyen
25	File	xxxxxxx.x	predictive	Moyen
26	File	xxxx/xxxx/xxxxxxxxxxxxxxxx.xxx	predictive	Élevé
27	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
28	File	xxxx/xxxx	predictive	Moyen
29	File	xxxxxxx/xxx/xxx-xxxx.x	predictive	Élevé
30	File	xxxx-xxxxx-xxxxxxxxx.xxx	predictive	Élevé
31	File	xxxxxx_xxx.x	predictive	Moyen
32	File	xxxxxxxxxxxxxx.xx	predictive	Élevé
33	File	xx/xxxxxxx/xxx.x	predictive	Élevé
34	File	xxx/xx/xxxx/xxxx.xxxxx.xxx	predictive	Élevé
35	File	xxxxx.xxx	predictive	Moyen
36	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	Élevé
37	File	xxxxxx.x	predictive	Moyen
38	File	xxxxxxxx.xxx	predictive	Moyen
39	File	xxx.xxx/xxx.xxx	predictive	Élevé
40	File	xx.xxx	predictive	Faible
41	File	xxxxxxxxxxxx/xxx.x	predictive	Élevé
42	File	xxxxx.xxx	predictive	Moyen
43	File	xxx_xxxxxxxxx.x	predictive	Élevé
44	File	xxxxxxx.xxx	predictive	Moyen
45	File	xxx_xxxxx_xxxx.x	predictive	Élevé
46	File	xxxxxxxx.x	predictive	Moyen
47	File	xxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxx	predictive	Élevé
48	File	xxxxxxx/xxxx	predictive	Moyen
49	File	xxxxxxx.xxx	predictive	Moyen
50	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
51	File	xxx_xxxxxxx.x	predictive	Élevé
52	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
53	File	xxxxxxxx.x	predictive	Moyen
54	File	xxxxxx.x	predictive	Moyen
55	File	xxxxxxxx_xxxxxxxxxxxx_xxxxxx.xx	predictive	Élevé
56	File	xxx_xxxxx_xxxxxxxxx.x	predictive	Élevé
57	File	xxxxxx.xx	predictive	Moyen
58	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	predictive	Élevé
59	File	xxxxxxxxxxxxxxx.xxx	predictive	Élevé
60	File	xxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxx	predictive	Élevé
61	File	xxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxx	predictive	Élevé
62	File	xxxxx.x	predictive	Faible
63	File	xxxx.xxx	predictive	Moyen
64	File	xxx xxxx xxxxxxx	predictive	Élevé
65	File	xxxxx/xxx_xxxxxx.x	predictive	Élevé
66	File	xxx_xxx.xxxx	predictive	Moyen
67	File	xxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxx	predictive	Élevé
68	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Élevé
69	File	xxxxx-xxxxxx.xxx	predictive	Élevé
70	Library	xxx-xx-xxx-xxxx-xxxx-xx-x-x.xxx	predictive	Élevé
71	Library	xxxxx.xxx	predictive	Moyen
72	Library	xxxxx.xxx	predictive	Moyen
73	Argument	-x	predictive	Faible
74	Argument	xxxxxxxxxxxxxx	predictive	Élevé
75	Argument	xxxxxxxx	predictive	Moyen
76	Argument	xxx	predictive	Faible
77	Argument	xxxxxx_xxx	predictive	Moyen
78	Argument	xxxxxxx-xxxx	predictive	Moyen
79	Argument	xxxxxx/xxxxxxxxxx	predictive	Élevé
80	Argument	xxxx	predictive	Faible
81	Argument	xxxxxx/xxxxxxx	predictive	Élevé
82	Argument	xxxxxxxx[xxxx_xxx]	predictive	Élevé
83	Argument	xxxxx	predictive	Faible
84	Argument	xxxxxxxx	predictive	Moyen
85	Argument	xxxx xxxx	predictive	Moyen
86	Argument	xxxxx	predictive	Faible
87	Argument	xxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxx	predictive	Élevé
88	Argument	xxxxxx	predictive	Faible
89	Argument	xxxx_xxx_xxxx_xxxx	predictive	Élevé
90	Argument	xx	predictive	Faible
91	Argument	xxx_xxxxxxx	predictive	Moyen
92	Argument	xxxxxxxx	predictive	Moyen
93	Argument	xxxxxxxx_xxxxxx_xxx	predictive	Élevé
94	Argument	xxxxxxxxxx	predictive	Moyen
95	Argument	xxxx_xxx_xxxxxxxx_xxx	predictive	Élevé
96	Argument	xxxxxxx	predictive	Faible
97	Argument	xxxxxxxx	predictive	Moyen
98	Argument	xxxxxxxx	predictive	Moyen
99	Argument	xxxxxxx/xxxxx	predictive	Élevé
100	Argument	xxxxx/xxxxxxxx	predictive	Élevé
101	Argument	xxxxx	predictive	Faible
102	Argument	xxxxxxxxxxxxxxxxxxx	predictive	Élevé
103	Argument	xx_xxx_xxxxx	predictive	Moyen
104	Input Value	../	predictive	Faible
105	Input Value	xxxxxxxx	predictive	Moyen
106	Input Value	xx	predictive	Faible
107	Input Value	\x	predictive	Faible
108	Network Port	xxxxx xxx-xxx	predictive	Élevé
109	Network Port	xxx/xx	predictive	Faible
110	Network Port	xxx/xxx	predictive	Faible
111	Network Port	xxx/xxxx	predictive	Moyen

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you need the next level of professionalism?

Upgrade your account now!