Xanthe Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Langue

en	30
zh	12
ja	6

De campagne

cn	28
us	6
jp	6
gb	4

Acteurs

LoggerMiner	2
Xanthe	1
Rhadamanthys	1
Cobalt Strike	1
PhotoLoader	1

Intérêt

Taper

Not Defined	18
Web Browser	4
Groupware Software	2
Continuous Integration Software	2
Content Management System	2

Fournisseur

Not Defined	16
Google	4
Microsoft	4
Apache	4
Dreamer	2

Produit

Google Chrome	4
Microsoft Outlook	2
virglrenderer	2
Jenkins	2
Dreamer CMS	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Apache Archiva File Upload Service cross site scripting	5.1	5.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00108	0.00	CVE-2023-28158
2	Splunk Enterprise Forwarder Bundle elévation de privilèges	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.04	CVE-2022-32158
3	Microsoft Windows 16-bit Compatibility divulgation de l'information	3.3	3.3	$25k-$100k	$0-$5k	Not Defined	Workaround	0.00000	0.02
4	virglrenderer IOCTL buffer overflow	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2022-0135
5	EQdkp dbal.php elévation de privilèges	6.5	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03188	0.02	CVE-2006-2256
6	MikroTik RouterOS HTTP Server dénie de service	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00078	0.00	CVE-2019-13955
7	Dreamer CMS cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2023-29774
8	Weblogicnet es_desp.php elévation de privilèges	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.08879	0.02	CVE-2007-4715
9	PrestaShop sql injection	8.0	8.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.83896	0.04	CVE-2021-3110
10	Oracle MySQL Server Compiling dénie de service	7.2	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.03	CVE-2021-22570
11	Microsoft Outlook authentification faible	9.0	8.6	$5k-$25k	$0-$5k	Functional	Official Fix	0.92645	0.06	CVE-2023-23397
12	Apache Dubbo Generic Invoke elévation de privilèges	5.0	5.0	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01479	0.00	CVE-2023-23638
13	Grafana Authentication Cookies divulgation de l'information	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00101	0.02	CVE-2022-39201
14	Hugo Pandoc Document exec elévation de privilèges	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00267	0.02	CVE-2020-26284
15	GNU C Library Call Graph Monitor gmon.c __monstartup buffer overflow [Contesté]	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00121	0.08	CVE-2023-0687
16	nginx elévation de privilèges	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.31	CVE-2020-12440
17	Google Chrome dénie de service	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00989	0.02	CVE-2011-2796
18	Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout dénie de service	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00270	0.00	CVE-2022-40279
19	Microsoft Internet Explorer FTP Server buffer overflow	6.3	6.3	$25k-$100k	$0-$5k	High	Unavailable	0.96973	0.07	CVE-2009-3023
20	Microsoft Windows Shell Shortcut Parser elévation de privilèges	10.0	9.5	$100k et plus	$0-$5k	High	Official Fix	0.97223	0.04	CVE-2010-2568

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	34.92.166.158	158.166.92.34.bc.googleusercontent.com	Xanthe	02/02/2022	verified	Moyen
2	XX.XXX.XX.XX		Xxxxxx	02/02/2022	verified	Élevé
3	XXX.XX.XX.XX	xxxxxxx.xxx	Xxxxxx	02/02/2022	verified	Élevé
4	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxx	02/02/2022	verified	Élevé
5	XXX.XX.XX.XXX		Xxxxxx	02/02/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	T1059	CWE-94	Argument Injection	predictive	Élevé
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
12	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Élevé

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	auth2-gss.c	predictive	Moyen
2	File	category.php	predictive	Moyen
3	File	es_desp.php	predictive	Moyen
4	File	xxxx.x	predictive	Faible
5	File	xxxxxxxx/xxxx.xxx	predictive	Élevé
6	File	xx/xxxx	predictive	Faible
7	File	xxxxxx.xxx	predictive	Moyen
8	File	xxxx-xxxxxx.x	predictive	Élevé
9	File	xxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
10	File	xxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.x	predictive	Élevé
11	Argument	xxxxx_xxxx_xxxx	predictive	Élevé
12	Argument	xxxxx_xxx	predictive	Moyen
13	Argument	xxxx/xx	predictive	Faible
14	Argument	xx_xxxxxxxx	predictive	Moyen
15	Argument	xxxx	predictive	Faible
16	Argument	xxxx	predictive	Faible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Interested in the pricing of exploits?

See the underground prices here!