Metamorfo Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Linguaggio

en	12
de	10
es	4

Nazione

us	20
tr	2
pl	2

Attori

Metamorfo	3
Cobalt Strike	1

Interesse

Genere

Not Defined	8
Programming Language Software	4
Log Management Software	2
Groupware Software	2
Operating System	2

Fornitore

Not Defined	14
Microsoft	4
Kaotik	2
Virtual Programming	2
AXIS	2

Prodotto

Cacti	2
Kaotik Kshop	2
phpGroupWare	2
MidiCart PHP Shopping Cart	2
Microsoft Windows	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Apple macOS MediaRemote escalazione di privilegi	7.6	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00377	0.02	CVE-2018-4310
2	Green Hills INTEGRITY RTOS Interpeak IPCOMShell TELNET Server buffer overflow	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00308	0.00	CVE-2019-7713
3	phpGroupWare login.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00361	0.00	CVE-2009-4414
4	ImageMagick cache.c PersistPixelCache denial of service	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2017-14325
5	Symphony content.blueprintspages.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.00	CVE-2018-12043
6	Microsoft Windows MS XML XML External Entity	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.03103	0.00	CVE-2019-0791
7	MC Coming Soon Script launch_message.php escalazione di privilegi	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
8	Microsoft Internet Explorer JsArraySlice buffer overflow	7.1	6.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.75899	0.04	CVE-2017-11855
9	Microsoft Windows VBScript/JScript escalazione di privilegi	7.4	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.10806	0.02	CVE-2016-3206
10	PHP var_unserializer.c escalazione di privilegi	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02767	0.00	CVE-2016-7124
11	Microsoft XML Core Services escalazione di privilegi	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00431	0.02	CVE-2009-0419
12	AXIS 2110 Network Camera virtualinput.cgi escalazione di privilegi	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05684	0.02	CVE-2004-2425
13	Augeas Escape String buffer overflow	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03158	0.00	CVE-2017-7555
14	Google Android SSID Hotlist API escalazione di privilegi	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.04	CVE-2017-11074
15	Cacti graph_settings.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00346	0.00	CVE-2014-5262
16	cacti sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00454	0.00	CVE-2013-5589
17	Woltlab Burning Board Lite thread.php decode_cookie sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00931	0.00	CVE-2006-6237
18	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00122	0.13	CVE-2018-6200
19	Kaotik Kshop product_details.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00886	0.03	CVE-2007-1810
20	MidiCart PHP Shopping Cart item_show.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	5.83.162.24	cloud8732397.nitrado.cloud	Metamorfo	25/04/2018	verified	Alto
2	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxx	09/02/2022	verified	Media
3	XX.XXX.XXX.XXX		Xxxxxxxxx	25/10/2021	verified	Alto
4	XX.XXX.XXX.XX	xxxxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxx.xx	Xxxxxxxxx	31/05/2021	verified	Alto
5	XXX.XX.XXX.XXX		Xxxxxxxxx	25/04/2018	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
2	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
3	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/admin/launch_message.php	predictive	Alto
2	File	content/content.blueprintspages.php	predictive	Alto
3	File	ext/standard/var_unserializer.c	predictive	Alto
4	File	xxxxx_xxxxxxxx.xxx	predictive	Alto
5	File	xxxxx.xxx	predictive	Media
6	File	xxxx_xxxx.xxx	predictive	Alto
7	File	xxxxx.xxx	predictive	Media
8	File	xxxxxx/xxxxx.x	predictive	Alto
9	File	xxxxxxx_xxxxxxx.xxx	predictive	Alto
10	File	xxxxxxxxxx.xxx	predictive	Alto
11	File	xxxxxxxxxxxx.xxx	predictive	Alto
12	File	xxxxxx.xxx	predictive	Media
13	File	xxxxxxxxxxxx.xxx	predictive	Alto
14	Argument	xxx	predictive	Basso
15	Argument	xxxx_xx	predictive	Basso
16	Argument	xxxxxx	predictive	Basso
17	Argument	xx	predictive	Basso
18	Argument	xxxx	predictive	Basso
19	Argument	xxxxxx	predictive	Basso
20	Argument	xxx	predictive	Basso

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!