theMx0nday Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Sequenza temporale

Linguaggio

en16
ru2
sv2
zh2

Nazione

us14
id4
ru2
cn2

Attori

theMx0nday3
RedLine Stealer1
Nobelium1
REvil1
Quasar RAT1

Attività

Interesse

Sequenza temporale

Genere

Not Defined6
Operating System4
Content Management System2
Office Suite Software2
Ticket Tracking Software2

Fornitore

Not Defined10
Microsoft6
Joomla2
Dahua2

Prodotto

Microsoft Windows4
Joomla CMS2
Microsoft Office2
Dahua DHI-HCVR7216A-S32
osTicket2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1PRTG Network Monitor login.htm escalazione di privilegi8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00288CVE-2018-19410
2nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.140.00241CVE-2020-12440
3Microsoft Windows SMB rivelazione di un 'informazione6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00876CVE-2021-36960
4Microsoft Windows SMB escalazione di privilegi7.77.1$25k-$100k$0-$5kHighOfficial Fix0.190.97427CVE-2017-0144
5Microsoft Windows SMB Client Security Feature rivelazione di un 'informazione4.33.8$25k-$100k$0-$5kUnprovenOfficial Fix0.000.00572CVE-2021-31205
6Microsoft Office PowerPoint Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.030.00339CVE-2022-37962
7Python directory traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.02102CVE-2007-4559
8Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash escalazione di privilegi6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.040.00331CVE-2017-6342
9Microsoft Windows TIFF Image escalazione di privilegi9.08.6$25k-$100k$0-$5kHighOfficial Fix0.020.97025CVE-2013-3906
10PHP EXIF exif_process_IFD_in_MAKERNOTE buffer overflow7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00477CVE-2019-9639
11WBCE CMS cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00118CVE-2017-2118
12Tapatalk Plugin XML-RPC classTTForum.php sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00227CVE-2017-14652
13XenForo Admin Panel cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00058CVE-2021-43032
14JFrog Artifactory upload escalazione di privilegi8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.10181CVE-2016-10036
15Kyland KPS2204 webadminget.cgi rivelazione di un 'informazione4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00411CVE-2020-25011
16TP-LINK TL-WR840N v4 traceroute escalazione di privilegi7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00287CVE-2019-15060
17osTicket main.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01152CVE-2005-1438
18Exim EHLO Command string.c string_vformat buffer overflow8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.91466CVE-2019-16928
19Tim Kosse FileZilla Format String7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.03339CVE-2007-2318
20Joomla CMS weblinks-categories sql injection7.37.1$5k-$25k$0-$5kHighUnavailable0.020.00100CVE-2014-7981

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Ukraine Universities

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1159.223.64.156theMx0ndayUkraine Universities05/03/2022verifiedAlto
2XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxxxXxxxxxx Xxxxxxxxxxxx05/03/2022verifiedAlto
3XXX.XX.XXX.XXXxxxx.xxxx.xxx.xxXxxxxxxxxxXxxxxxx Xxxxxxxxxxxx05/03/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/cgi-bin/webadminget.cgipredictiveAlto
2File/index.php/weblinks-categoriespredictiveAlto
3File/xxxxxx/xxxxx.xxxpredictiveAlto
4Filexxxx.xxxpredictiveMedia
5Filexxxxxx.xpredictiveMedia
6Filexx/xxxxxxxx/xxxxxxpredictiveAlto
7Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveAlto
8Argumentxxxx_xxxpredictiveMedia
9ArgumentxxpredictiveBasso
10Argumentxxxxxxx_xxxpredictiveMedia
11Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you know our Splunk app?

Download it now for free!