Monarchy Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Linguaggio

ru	26
en	12
fr	6

Nazione

ru	40
us	4

Attori

Monarchy	3
Cobalt Strike	1

Interesse

Genere

Web Browser	12
Not Defined	10
Jenkins Plugin	4
Social Network Software	2
Smartphone Operating System	2

Fornitore

Google	14
Not Defined	8
Twitter	2
D-Link	2
sjqzhang	2

Prodotto

Google Chrome	12
OTCMS	4
Twitter Recommendation Algorithm	2
D-Link Go-RT-AC750	2
Google Android	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Fluent Fluentd/Fluent-ui autenticazione debole	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.03	CVE-2020-21514
2	SourceCodester E-Commerce System setDiscount.php sql injection	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.14	CVE-2023-1505
3	Zoom Client for IT race condition	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2023-22883
4	Google Chrome Browser History buffer overflow	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00268	0.00	CVE-2023-1820
5	Google Chrome WebShare Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00160	0.04	CVE-2023-1821
6	D-Link Go-RT-AC750 soapcgi.main escalazione di privilegi	7.6	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00645	0.04	CVE-2023-26822
7	Convert To Pipeline Plugin Freestyle Project Configuration escalazione di privilegi	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.00	CVE-2023-28677
8	Keycloak autenticazione debole	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.04	CVE-2023-0264
9	WellinTech KingHistorian Network Packet SORBAx64.dll Remote Code Execution	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00154	0.00	CVE-2022-43663
10	Adobe Animate buffer overflow	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06677	0.02	CVE-2023-22243
11	unpoly-rails Gem Header denial of service	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00237	0.02	CVE-2023-28846
12	Twitter Recommendation Algorithm denial of service	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00111	0.02	CVE-2023-29218
13	OTCMS apiRun.php AutoRun cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.17	CVE-2023-1635
14	OTCMS escalazione di privilegi	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00119	0.09	CVE-2023-1797
15	Huawei EMUI/HarmonyOS WLAN Module escalazione di privilegi	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2022-39009
16	TP-Link AX1800 Firmware Parser buffer overflow	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02	CVE-2023-27346
17	NoMachine escalazione di privilegi	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.03	CVE-2022-34043
18	sjqzhang go-fastdfs File Upload uploa upload Remote Code Execution	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00176	0.14	CVE-2023-1800
19	Google Chrome FedCM Privilege Escalation	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00206	0.04	CVE-2023-1823
20	Google Chrome Intents Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00206	0.00	CVE-2023-1817

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	45.76.47.218	45.76.47.218.vultr.com	Monarchy	22/07/2021	verified	Media
2	XXX.XXX.XX.XXX		Xxxxxxxx	22/07/2021	verified	Alto
3	XXX.XXX.XXX.XXX	xxxxxxxxxxxxxxxxx-xxxxxxx.xxxxxx.xx	Xxxxxxxx	22/07/2021	verified	Alto
4	XXX.XXX.XXX.XXX		Xxxxxxxx	22/07/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CWE-24	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/ecommerce/admin/settings/setDiscount.php	predictive	Alto
2	File	/group1/uploa	predictive	Alto
3	File	apiRun.php	predictive	Media
4	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
5	File	xxxxxxx.xxxx	predictive	Media
6	File	xxxxxxxxxxxx.xxx?xxxx=xxx	predictive	Alto
7	Library	xxxxxxxx.xxx	predictive	Media
8	Argument	xx	predictive	Basso
9	Argument	xxxx	predictive	Basso
10	Argument	xx	predictive	Basso
11	Argument	xxxxxxx	predictive	Basso
12	Argument	xxx	predictive	Basso
13	Argument	x-xx-xxxxxxxx	predictive	Alto
14	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	Alto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!