Machete Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Sequenza temporale

Linguaggio

en104
ru12
es4
fr4
zh4

Nazione

us74
ru20
ca8
es4
fr2

Attori

Machete7
RagnarLocker1
Bashlite1
DPRK1
Mirai1

Attività

Interesse

Sequenza temporale

Genere

Not Defined48
Content Management System16
Web Browser10
Programming Language Software10
Operating System8

Fornitore

Not Defined36
Microsoft10
Oracle6
Google6
Pearlinger4

Prodotto

Microsoft Windows8
Google Chrome6
Oracle Java SE4
Pearlinger Products4
Microsoft Internet Explorer2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1WordPress Access Restriction user-new.php escalazione di privilegi7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
2Apple iOS/iPadOS Kernel rivelazione di un 'informazione3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.007780.00CVE-2020-27950
3Joe Depasquale Bannermatic Ban File rivelazione di un 'informazione5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002310.00CVE-2002-2342
4PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
5Skrypty Ppa Gallery functions.inc.php buffer overflow7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.02CVE-2005-2199
6Lighthouse Development Squirrelcart cart_content.php escalazione di privilegi6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
7Oracle GoldenGate denial of service7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015680.00CVE-2021-3749
8Microsoft Windows Asynchronous RPC Request escalazione di privilegi9.08.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.905410.01CVE-2013-3175
9vBulletin visitormessage.php escalazione di privilegi7.57.4$0-$5k$0-$5kHighUnavailable0.031570.02CVE-2014-9463
10phpBB startup.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431
11PHPizabi index.php directory traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.04CVE-2008-3723
12Pharmacy Sales and Inventory System manage_user.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-30407
13Hospital Patient Record Management System escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-24232
14Zentrack index.php directory traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.08
15Zentrack index.php escalazione di privilegi7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
16PhotoPost PhotoPost vBGallery File Upload upload.php escalazione di privilegi6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.04CVE-2008-7088
17Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
18Cutephp CuteNews URL comments.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018490.01CVE-2003-1240
19myWebland myEvent event.php escalazione di privilegi7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.404760.06CVE-2006-1890
20myEvent event.php escalazione di privilegi7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
131.207.44.72Machete31/03/2022verifiedAlto
269.64.43.33falcon207.startdedicated.comMachete17/12/2020verifiedAlto
3XXX.XX.XXX.XXxxx-xx-xxx-xx.xxx.xxxx.xxXxxxxxx17/12/2020verifiedAlto
4XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxx17/12/2020verifiedAlto
5XXX.XX.XXX.XXXxxxxxx17/12/2020verifiedAlto
6XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxx17/12/2020verifiedAlto
7XXX.X.X.XXXxxxxxx.xxx.x.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx17/12/2020verifiedAlto
8XXX.XXX.XXX.XXXxxxxxx17/12/2020verifiedAlto
9XXX.XX.XX.XXXxx-xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxx17/12/2020verifiedAlto
10XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxxXxxxxxx17/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/config.php?display=backuppredictiveAlto
2File/pharmacy-sales-and-inventory-system/manage_user.phppredictiveAlto
3File/proc/self/cwdpredictiveAlto
4File/Side.phppredictiveMedia
5File/textpattern/index.phppredictiveAlto
6Fileaccount.asppredictiveMedia
7Fileadmin.phppredictiveMedia
8FileadminAttachments.phppredictiveAlto
9FileadminBoards.phppredictiveAlto
10FileadminPolls.phppredictiveAlto
11Fileal_initialize.phppredictiveAlto
12Filease.phppredictiveBasso
13Filebb_usage_stats.phppredictiveAlto
14Filecart_content.phppredictiveAlto
15Filexxxxx.xxxxx.xxxpredictiveAlto
16Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
17Filexxxxxxx.xxxpredictiveMedia
18Filexxxxxx.xxxpredictiveMedia
19Filexxxxxxxx.xxx.xxxpredictiveAlto
20Filexxxxx.xxxpredictiveMedia
21Filexxxxxxxxxxx.xxxxx.xxxpredictiveAlto
22Filexxxx_xxxxxxxx.xxxpredictiveAlto
23Filexxxxxxxxx_xxx_xxxx.xxxpredictiveAlto
24Filexxxx.xxxpredictiveMedia
25Filexxxxxxxxxx.xxxpredictiveAlto
26Filexxxxxxxxx.xxxpredictiveAlto
27Filexxx/xxxxxxxxx.xxx.xxxpredictiveAlto
28Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveAlto
29Filexxxxxxxx/xxxxxxx.xxxpredictiveAlto
30Filexxxxx.xxxpredictiveMedia
31Filexxxxx.xxx?xx=xxxxxxxxxpredictiveAlto
32Filexxxx.xxxpredictiveMedia
33Filexxx_xxxxxxxx.xxxpredictiveAlto
34Filexxx.xxxpredictiveBasso
35Filexxxxxxxx.xxxpredictiveMedia
36Filexxxxxxx/xxx/xxxxx.xxxpredictiveAlto
37Filexxxxxx_xx.xxxpredictiveAlto
38Filexxxxxxxxx.xxx.xxxpredictiveAlto
39Filexxxxxxx.xxxpredictiveMedia
40Filexxxxxxxxxx.xxxpredictiveAlto
41Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveAlto
42Filexxxxxxxxxx.xxxx.xxxpredictiveAlto
43Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveAlto
44Filexxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveAlto
45Filexxxxxx.xxxpredictiveMedia
46Filexxxx.xxxpredictiveMedia
47Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
48Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveAlto
49Filexxxxxxxxxxx.xxxpredictiveAlto
50Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveAlto
51Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
52Filexxxxxx.xxxpredictiveMedia
53Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
54Filexxxxxxx.xxxpredictiveMedia
55Filexxxxxxxxxxxxxx.xxxpredictiveAlto
56Filexx-xxxxx/xxxx-xxx.xxxpredictiveAlto
57Filexxxxxxxxxxxx.xxxpredictiveAlto
58Libraryxxxxxxxx-xx.xxxpredictiveAlto
59Libraryxxx xxxxxxxxxxpredictiveAlto
60Libraryxxxx.xxx.xxxpredictiveMedia
61ArgumentxxxxxxpredictiveBasso
62ArgumentxxxxpredictiveBasso
63ArgumentxxxxpredictiveBasso
64Argumentxxxx_xxx_xxxxpredictiveAlto
65ArgumentxxxpredictiveBasso
66Argumentxxx_xxpredictiveBasso
67ArgumentxxxxxxxxxxxxxxxpredictiveAlto
68ArgumentxxxxxxxxxxpredictiveMedia
69Argumentxxxxxx[xxx_xxxx_xxxx]predictiveAlto
70ArgumentxxxxxxxpredictiveBasso
71ArgumentxxxxxxxxpredictiveMedia
72ArgumentxxxxxxxxpredictiveMedia
73Argumentxx_xxxxx_xxpredictiveMedia
74Argumentxx_xxxxxxxpredictiveMedia
75ArgumentxxxxxxxxpredictiveMedia
76Argumentxxxx_xxpredictiveBasso
77ArgumentxxxxxxxpredictiveBasso
78Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveAlto
79Argumentxxxx[xxxxxxx]predictiveAlto
80ArgumentxxpredictiveBasso
81ArgumentxxxxxxxxxpredictiveMedia
82ArgumentxxxxpredictiveBasso
83ArgumentxxxxxxpredictiveBasso
84Argumentxxxx_xxxxpredictiveMedia
85ArgumentxxxxxxxpredictiveBasso
86Argumentxxx_xxxx_xxxxpredictiveAlto
87Argumentxx_xxxxxxxxpredictiveMedia
88Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
89Argumentxxxxxxx_xxxxpredictiveMedia
90Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveAlto
91ArgumentxxxxxpredictiveBasso
92ArgumentxxxxpredictiveBasso
93Argumentxxxx_xx_xx_xxxpredictiveAlto
94ArgumentxxxxxxxxxpredictiveMedia
95Argumentxxxxx_xxxx_xxxxpredictiveAlto
96ArgumentxxxxxpredictiveBasso
97Argumentxxxxxxxxxx[x]predictiveAlto
98Argumentxx_xxxxpredictiveBasso
99Argumentxxxxxx_xxxxpredictiveMedia
100ArgumentxxxxxpredictiveBasso
101ArgumentxxxxxxxxxxpredictiveMedia
102ArgumentxxxxxxxxpredictiveMedia
103Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveAlto
104Input Value\xxx../../../../xxx/xxxxxxpredictiveAlto
105Patternxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxpredictiveAlto
106Pattern|xx xx xx xx|predictiveAlto

Referenze (4)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!