Miori Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (110)

Langue

en	104
ar	4
de	2

De campagne

us	48
il	14
ru	14
de	6
it	2

Acteurs

Miori	3
Mirai	2
Cobalt Strike	2
Rhadamanthys	1
PhotoLoader	1

Intérêt

Taper

Not Defined	32
Mail Server Software	10
Operating System	8
Web Browser	6
Web Server	4

Fournisseur

Not Defined	34
Google	10
Microsoft	6
Oracle	4
Tellabs	2

Produit

Microsoft Windows	6
Google Chrome	6
Exim	4
Google Android	4
Oracle MySQL Server	4

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Vmware Workspace ONE Access/Identity Manager Template elévation de privilèges	9.8	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97436	0.04	CVE-2022-22954
2	IBM Security Access Manager Appliance Advanced Access Control elévation de privilèges	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00167	0.00	CVE-2018-1850
3	Microsoft Windows WLAN AutoConfig Service Remote Code Execution	8.8	7.7	$100k et plus	$5k-$25k	Unproven	Official Fix	0.02293	0.00	CVE-2021-36965
4	Google Chrome Sandbox elévation de privilèges	8.0	7.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03391	0.02	CVE-2019-5782
5	Oracle MySQL Server Encryption divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00173	0.04	CVE-2019-2922
6	Oracle MySQL Server Compiling buffer overflow	9.8	9.4	$100k et plus	$25k-$100k	Not Defined	Official Fix	0.09761	0.04	CVE-2019-5482
7	Procmail Signal elévation de privilèges	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2001-0905
8	CA XCOM Data Transport elévation de privilèges	9.8	9.8	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00403	0.02	CVE-2012-5973
9	OpenSSH Supplemental Group elévation de privilèges	4.6	4.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00056	0.04	CVE-2021-41617
10	WordPress Pingback elévation de privilèges	5.7	5.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00120	0.00	CVE-2022-3590
11	emlog index.php divulgation de l'information	5.5	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00300	0.02	CVE-2021-3293
12	PHPWind sql injection	5.9	5.9	$0-$5k	Calculateur	Not Defined	Not Defined	0.00072	0.03	CVE-2019-6691
13	Microsoft Windows Security Center API Remote Code Execution	8.1	7.4	$100k et plus	$5k-$25k	Unproven	Official Fix	0.02268	0.02	CVE-2022-21874
14	Google Android Privilege Escalation	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00109	0.00	CVE-2021-1049
15	ONLYOFFICE Document Server NSFileDownloader elévation de privilèges	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00847	0.00	CVE-2020-11534
16	Microsoft Office Excel elévation de privilèges	7.3	6.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01336	0.00	CVE-2021-42292
17	VMware ESXi System Call elévation de privilèges	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2020-4005
18	Microsoft Windows WLAN AutoConfig Service Remote Code Execution	8.0	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00056	0.00	CVE-2021-36967
19	D-Link DIR-816 HTTP Request Parameter form2userconfig.cgi elévation de privilèges	4.6	4.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00255	0.00	CVE-2021-39509
20	pac-resolver PAC File Remote Code Execution	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00393	0.01	CVE-2021-23406

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	94.177.226.227	host227-226-177-94.static.arubacloud.de	Miori	27/03/2022	verified	Élevé
2	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxx	27/03/2022	verified	Élevé
3	XXX.XX.XXX.XXX	xxx.xx	Xxxxx	17/07/2022	verified	Élevé
4	XXX.XXX.XX.XX		Xxxxx	17/07/2019	verified	Élevé

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	T1059	CWE-94	Argument Injection	predictive	Élevé
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Élevé
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
12	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (38)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	.procmailrc	predictive	Moyen
2	File	/debian/patches/load_ppp_generic_if_needed	predictive	Élevé
3	File	/etc/fstab	predictive	Moyen
4	File	/forms/nslookupHandler	predictive	Élevé
5	File	/goform/form2userconfig.cgi	predictive	Élevé
6	File	/xxxx/xxxx/xxxxxxxxx	predictive	Élevé
7	File	xxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxx	predictive	Élevé
8	File	xxxxxxxx_xxxxxxxx_xxxxxxx.xxx	predictive	Élevé
9	File	xxxx.xxxx	predictive	Moyen
10	File	xxxxxx.x	predictive	Moyen
11	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
12	File	xxxxxxxx-xxx/xx.xxx	predictive	Élevé
13	File	xxxxxxx.xx	predictive	Moyen
14	File	xxxxxx/xxx/xxxxxxx.xxx	predictive	Élevé
15	File	xxx/xxxxxx.xxx	predictive	Élevé
16	File	xxxxxxxx/xxxxx-xxxxxxxxx.xxx	predictive	Élevé
17	File	xxxxxx-xxxxxxx.xxx	predictive	Élevé
18	File	xxxxxxx.xxx	predictive	Moyen
19	File	xxxxxx.xxx	predictive	Moyen
20	File	xxxxxx.xxx	predictive	Moyen
21	File	x/xxxxx.xxx	predictive	Moyen
22	File	xxxxxxxxx	predictive	Moyen
23	File	xx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxx&xxxxxx=xxxx-xxxxx	predictive	Élevé
24	Argument	-x	predictive	Faible
25	Argument	xxxxxxxx	predictive	Moyen
26	Argument	xxxxxxxxxxx/xxxxxxxxxxx	predictive	Élevé
27	Argument	xx	predictive	Faible
28	Argument	xxxxxxx	predictive	Faible
29	Argument	xxxxxxxxxx	predictive	Moyen
30	Argument	xxxxxxxx_xxxxxxx	predictive	Élevé
31	Argument	xxxxxxxxxxxxxx	predictive	Élevé
32	Argument	xxxxxx	predictive	Faible
33	Argument	xxxx_xx	predictive	Faible
34	Argument	xxxxxxx[]	predictive	Moyen
35	Input Value	..	predictive	Faible
36	Input Value	::$xxxxx_xxxxxxxxxx	predictive	Élevé
37	Input Value	\|xxx${xxx}	predictive	Moyen
38	Network Port	xxx xxxxxx xxxx	predictive	Élevé

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!