Maze Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (164)

Linguaggio

en	122
de	10
pl	8
zh	8
es	8

Nazione

us	52
cn	16
ru	14
pl	10
es	8

Attori

FIN6	11
Cobalt Strike	2
IcedID	2
Mirai	2
RedLine Stealer	1

Interesse

Genere

Not Defined	68
Content Management System	20
Router Operating System	14
Web Server	8
Smartphone Operating System	6

Fornitore

Not Defined	74
MikroTik	8
Cisco	4
Dasan	4
DivideConcept	2

Prodotto

MikroTik RouterOS	8
nginx	6
WordPress	6
CodeIgniter	4
ASP Portal	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.79	CVE-2007-0354
2	WordPress WP_Query sql injection	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.93536	0.04	CVE-2022-21661
3	Chipmunk Scripts CMScore index.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00217	0.02	CVE-2005-0368
4	ampleShop category.cfm sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00621	0.02	CVE-2006-2038
5	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.13	CVE-2017-0055
6	Dasan GPON Home Router menu.html autenticazione debole	8.5	8.4	$0-$5k	$0-$5k	High	Workaround	0.97083	0.00	CVE-2018-10561
7	lighttpd mod_evhost/mod_simple_vhost directory traversal	5.3	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.14448	0.00	CVE-2013-2324
8	libssh SSH2_MSG_USERAUTH_SUCCESS Message autenticazione debole	8.5	8.4	$25k-$100k	$0-$5k	High	Official Fix	0.14233	0.00	CVE-2018-10933
9	libxml2 Entity Expansion parser.c xmlParserHandlePEReference denial of service	5.3	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02360	0.00	CVE-2014-0191
10	Gin-Vue-Admin Download Module directory traversal	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00154	0.09	CVE-2022-47762
11	pomelo-monitor escalazione di privilegi	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00371	0.00	CVE-2020-7620
12	CodeIgniter DB_query_builder.php or_where sql injection	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00153	0.04	CVE-2022-40824
13	CodeIgniter HTTP Request escalazione di privilegi	8.3	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00195	0.02	CVE-2022-24711
14	Rakuten Viber Secret Chat rivelazione di un 'informazione	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00051	0.00	CVE-2018-3987
15	Plesk Obsidian Login Page escalazione di privilegi	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.07	CVE-2023-24044
16	SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php sql injection	4.7	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.09	CVE-2024-1928
17	Elastic Elasticsearch Simulate Pipeline API escalazione di privilegi	6.1	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.03	CVE-2023-46673
18	Microsoft SQL Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00762	0.04	CVE-2023-21713
19	70mai a500s Recording escalazione di privilegi	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.02	CVE-2023-43271
20	MikroTik RouterOS Web Server buffer overflow	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00320	0.03	CVE-2017-20149

Campagne (1)

These are the campaigns that can be associated with the actor:

MAZE

IOC - Indicator of Compromise (38)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	5.199.167.188		FIN6	MAZE	16/12/2020	verified	Alto
2	37.1.213.9		FIN6	MAZE	16/12/2020	verified	Alto
3	37.252.7.142		FIN6	MAZE	16/12/2020	verified	Alto
4	54.39.233.188	mail.ov120.slpmt.net	FIN6	MAZE	16/12/2020	verified	Alto
5	91.208.184.174	sell.mybeststore.club	FIN6	MAZE	16/12/2020	verified	Alto
6	91.218.114.4		FIN6	MAZE	16/12/2020	verified	Alto
7	91.218.114.11		Maze		11/03/2022	verified	Alto
8	91.218.114.31		FIN6	MAZE	16/12/2020	verified	Alto
9	XX.XXX.XXX.XX		Xxxx	Xxxx	16/12/2020	verified	Alto
10	XX.XXX.XXX.XX		Xxxx	Xxxx	16/12/2020	verified	Alto
11	XX.XXX.XXX.XX		Xxxx	Xxxx	16/12/2020	verified	Alto
12	XX.XXX.XXX.XX		Xxxx	Xxxx	16/12/2020	verified	Alto
13	XX.XXX.XXX.XX		Xxxx	Xxxx	16/12/2020	verified	Alto
14	XX.XX.X.XX	xx-xx-x-xx.xxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
15	XX.XX.XX.XXX	xx-xx-xx-xxx.xxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
16	XX.XX.XX.X	xx-xx-xx-x.xxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
17	XX.XX.XX.X	xx-xx-xx-x.xxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
18	XX.XX.XX.XXX	xx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
19	XX.XX.XX.XXX	xx.xx.xx.xx.xxx.xx.xxxxx.xxxxxx.xx-xxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
20	XX.XX.XX.X	xxxxxxxx-xx-x.xxx.xx	Xxxx	Xxxx	16/12/2020	verified	Alto
21	XX.XX.XX.XX	xxxx.xxxxxxxxxx.xxxx	Xxxx	Xxxx	16/12/2020	verified	Alto
22	XX.XX.XX.XX	xx-xx-xx-xx.xx.xxx.xx	Xxxx	Xxxx	16/12/2020	verified	Alto
23	XX.XX.XX.XX	xxx.xxxxxxxxxxxxxx.xxx.xx	Xxxx	Xxxx	16/12/2020	verified	Alto
24	XX.XX.XX.XXX	xx-xx-xx-xxx.xx.xxx.xx	Xxxx	Xxxx	16/12/2020	verified	Alto
25	XX.XX.XXX.X	xxxxxxx.xx	Xxxx	Xxxx	16/12/2020	verified	Alto
26	XX.XX.XXX.XX		Xxxx	Xxxx	16/12/2020	verified	Alto
27	XX.XXX.XX.XXX		Xxxx		31/05/2021	verified	Alto
28	XXX.XXX.XXX.XX	xxxxx.xxxxxxxxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
29	XXX.XXX.XXX.XXX	xxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
30	XXX.XXX.XXX.XX	xxxxx-xxxxxx.xxxxxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
31	XXX.XXX.XXX.XX	xxxxx-xxxxxx.xxxxxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
32	XXX.XXX.XXX.XX	xxxxx-xxxxxx.xxxxxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
33	XXX.XX.XXX.XXX		Xxxx	Xxxx	16/12/2020	verified	Alto
34	XXX.XXX.XX.XX		Xxxx	Xxxx	16/12/2020	verified	Alto
35	XXX.XXX.XX.XX		Xxxx		29/04/2022	verified	Alto
36	XXX.XX.XXX.XXX	xxxxx.xx-xxx-xx-xxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
37	XXX.XXX.XXX.XXX	xxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto
38	XXX.XX.XXX.XXX	xxxxxxxxxx.xxx	Xxxx	Xxxx	16/12/2020	verified	Alto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (122)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	//	predictive	Basso
2	File	/admin/edit-admin.php	predictive	Alto
3	File	/ajax-files/postComment.php	predictive	Alto
4	File	/cgi-bin/login_action.cgi	predictive	Alto
5	File	/cgi-bin/webproc	predictive	Alto
6	File	/export	predictive	Basso
7	File	/forum/away.php	predictive	Alto
8	File	/index.php	predictive	Media
9	File	/index.php/weblinks-categories	predictive	Alto
10	File	/menu.html	predictive	Media
11	File	/mics/j_spring_security_check	predictive	Alto
12	File	/mybb_1806/Upload/admin/index.php	predictive	Alto
13	File	/scp/directory.php	predictive	Alto
14	File	/uncpath/	predictive	Media
15	File	/var/log/nginx	predictive	Alto
16	File	account/gallery.php	predictive	Alto
17	File	add_edit_cat.asp	predictive	Alto
18	File	admin.php?mod=user&act=del	predictive	Alto
19	File	xxxxx/xxxxx_xxxxxxx.xxx	predictive	Alto
20	File	xxxxxxxxx.xx	predictive	Media
21	File	xxx.xxx	predictive	Basso
22	File	xxx/xxxxxxxx/xxxxxxxxxxx.xxx	predictive	Alto
23	File	xxx/xxxxxxxx/xxxxx/xxxxx_xxxxx.x	predictive	Alto
24	File	xxx.xxx	predictive	Basso
25	File	xxxxxxxx.xxx	predictive	Media
26	File	xxxxxxxx.xxx	predictive	Media
27	File	xxx-xxx/xxx_xxx_xxxxxx.xxx	predictive	Alto
28	File	xxxxxxxx.xxx	predictive	Media
29	File	xxxxxx/xxxx/x_xxxx.x	predictive	Alto
30	File	xxxxxxx.xxx	predictive	Media
31	File	xx/xx_xxxxxxxx.xxx	predictive	Alto
32	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Alto
33	File	xxxxx.xxx	predictive	Media
34	File	xxxxxxx.x	predictive	Media
35	File	xxxx.xxx	predictive	Media
36	File	xxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xx	predictive	Alto
37	File	xxx.xxx	predictive	Basso
38	File	xxxxx.xxx	predictive	Media
39	File	xxxx.xxx	predictive	Media
40	File	xxxxxxxxxx/xxxxxxxxxxx_xxxxxx.xxx	predictive	Alto
41	File	xxxxxxxx/xxxx_xxxx	predictive	Alto
42	File	xxxx.xxx	predictive	Media
43	File	xxxxx.xxx	predictive	Media
44	File	xxxxx.xxx	predictive	Media
45	File	xxxxx.xxx	predictive	Media
46	File	xxxx_xxxxxxxx.xxx	predictive	Alto
47	File	xxx/xxxx_xxx.xxx	predictive	Alto
48	File	xxxxxxx\xxxxxxxxx\xxxxxxx.xxx	predictive	Alto
49	File	xxxx.xxx	predictive	Media
50	File	xxxxxxxx.xxxx/xxxx.xxxx	predictive	Alto
51	File	xxxxxx.x	predictive	Media
52	File	xxxxxxxx.xxx	predictive	Media
53	File	xxxxxxxxxx.xxx	predictive	Alto
54	File	xxxxxxx_xxxx.xxx	predictive	Alto
55	File	xxxxx.xxx	predictive	Media
56	File	xxxx/xxxx.xxx	predictive	Alto
57	File	xxxx_xxxxxxxx.xxx/xxxx_xxxx.xxx	predictive	Alto
58	File	xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx	predictive	Alto
59	File	xxx_xxxxxxx.xxx	predictive	Alto
60	File	xxxxxxxx-x.x	predictive	Media
61	File	xxxxxx.xxx	predictive	Media
62	File	xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	Alto
63	File	xxxxxxxx.xxx	predictive	Media
64	File	xxxx_xxxx.xxx	predictive	Alto
65	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	Alto
66	File	xx-xxxxx/xxxx-xxx.xxx	predictive	Alto
67	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
68	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
69	File	xxxxxx.xxx	predictive	Media
70	Library	xxxxxx.xxx	predictive	Media
71	Library	xxxxxxxxx/xxxxxxx_xxx.xxx.xxx	predictive	Alto
72	Argument	$xxxxx_xxxxxxxxxx	predictive	Alto
73	Argument	?xxxxxx	predictive	Basso
74	Argument	xxx	predictive	Basso
75	Argument	xxxx	predictive	Basso
76	Argument	xxx	predictive	Basso
77	Argument	xxxxx	predictive	Basso
78	Argument	xxx_xx	predictive	Basso
79	Argument	xxx	predictive	Basso
80	Argument	xxxxxxxxxxx	predictive	Media
81	Argument	xxxxxxxxx_xxxxxx/xxxxxxxxx_xxxxxx	predictive	Alto
82	Argument	xxxx	predictive	Basso
83	Argument	xxxx_xxxxxx=xxxx	predictive	Alto
84	Argument	xxx	predictive	Basso
85	Argument	xxxx	predictive	Basso
86	Argument	xxxx/xxxxxx	predictive	Media
87	Argument	xxxxxxxx	predictive	Media
88	Argument	xxxxxxx	predictive	Basso
89	Argument	xxxxxxxx	predictive	Media
90	Argument	xxxxxxx[xxxx_xxx][$xxxx->xxxx][xxxxxxxxxxxxxx	predictive	Alto
91	Argument	xxx	predictive	Basso
92	Argument	xxxx	predictive	Basso
93	Argument	xxxxxxxx	predictive	Media
94	Argument	xx	predictive	Basso
95	Argument	xxxxxx	predictive	Basso
96	Argument	x_xxxxxxxx	predictive	Media
97	Argument	xxxx[*][xxxx]	predictive	Alto
98	Argument	xxx	predictive	Basso
99	Argument	xxxx_xxxxxx_xx	predictive	Alto
100	Argument	xxxx	predictive	Basso
101	Argument	xxxx	predictive	Basso
102	Argument	xxx_xxxxxxx	predictive	Media
103	Argument	xxxxx	predictive	Basso
104	Argument	xxxx	predictive	Basso
105	Argument	xxxx=	predictive	Basso
106	Argument	xxxxxx	predictive	Basso
107	Argument	x_xxxx	predictive	Basso
108	Argument	xxxxx_xx	predictive	Media
109	Argument	xxx	predictive	Basso
110	Argument	xxx	predictive	Basso
111	Argument	xxxxx	predictive	Basso
112	Argument	xxxxxxxxxxxxxx	predictive	Alto
113	Argument	xxxxx_xxxxxxxxx	predictive	Alto
114	Argument	xxxx_xx[]	predictive	Media
115	Argument	xxxxxxxx/xxxx xxxxxx	predictive	Alto
116	Argument	xxx	predictive	Basso
117	Argument	xxxxxxxx	predictive	Media
118	Argument	xxxx_xx[]	predictive	Media
119	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	Alto
120	Input Value	../	predictive	Basso
121	Input Value	x%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xx	predictive	Alto
122	Input Value	xx xxxxxxxxx xxxxxxx(xxxxxxxxxxxx(xxxx(),xxxxxx(xxxx,xxxxxxx())),x);	predictive	Alto

Referenze (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!