xmrig.pe Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Sequenza temporale

Linguaggio

en80
zh28
ru6
de4
pl4

Nazione

us72
cn26
ir4
gb4
br2

Attori

xmrig.pe6
Cobalt Strike2

Attività

Interesse

Sequenza temporale

Genere

Not Defined48
Operating System14
Database Software10
Content Management System10
Web Server6

Fornitore

Not Defined36
Microsoft16
Qualcomm6
Linux4
Apache4

Prodotto

Microsoft Windows8
Microsoft SQL Server6
Linux Kernel4
Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Consumer Electronics Connectiv ...4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.84CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25kCalcoloHighWorkaround0.020160.02CVE-2007-1192
3Cisco Wireless LAN Controller 802.11v escalazione di privilegi5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2017-12275
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.97
5Cisco Wireless LAN Controller ANQP buffer overflow5.24.9$5k-$25kCalcoloNot DefinedOfficial Fix0.001020.00CVE-2017-12282
6jeecg-boot qurestSql sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.113110.13CVE-2023-1454
7Webmin escalazione di privilegi7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.971820.04CVE-2022-0824
8Atlassian Jira Server/Jira Data Center Mobile Plugin escalazione di privilegi6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.033120.03CVE-2022-26135
9SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.54CVE-2022-28959
10Jetty Login Password.java rivelazione di un 'informazione5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002990.04CVE-2017-9735
11FileRun index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.006490.04CVE-2007-2469
12I-O DATA DEVICE LAN DISK Connect buffer overflow6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000800.03CVE-2017-10875
13Cisco Wireless LAN Controller SNMP denial of service5.35.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2017-12278
14D-Link DIR-850L LAN Traffic escalazione di privilegi5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.002770.00CVE-2017-14430
15Apple iOS/iPadOS Attachment BLASTPASS escalazione di privilegi7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.000700.03CVE-2023-41061
16MikroTik RouterOS igmp-proxy denial of service4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002010.05CVE-2020-20219
17TIBCO Spotfire Statistics Services Splus Server escalazione di privilegi9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2023-29268
18Google Chrome V8 escalazione di privilegi7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.026350.00CVE-2023-2033
19Tenda W30E editUserName buffer overflow6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-45508
20Traefik rivelazione di un 'informazione4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.00CVE-2022-23469

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Log4Shell

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
118.228.7.109ec2-18-228-7-109.sa-east-1.compute.amazonaws.comxmrig.peLog4Shell09/02/2022verifiedMedia
231.220.58.29xmrig.peLog4Shell09/02/2022verifiedAlto
3XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx.xxXxxxxxxxx09/02/2022verifiedMedia
4XX.XXX.XXX.XXxx.xxx.xxx.xx.xxx.xxXxxxx.xx26/04/2022verifiedAlto
5XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx.xxXxxxxxxxx09/02/2022verifiedAlto
6XXX.XXX.XX.XXXxxxx.xx26/04/2022verifiedAlto
7XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx.xx26/04/2022verifiedAlto
8XXX.XXX.XXX.XXxxxxx.xxxx.xxxXxxxx.xx26/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
11TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
13TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/.ssh/authorized_keyspredictiveAlto
2File/forum/away.phppredictiveAlto
3File/goform/delFileNamepredictiveAlto
4File/goform/editUserNamepredictiveAlto
5File/index/user/upload_img.htmlpredictiveAlto
6File/xxxxx/xxxx/xxxx_xxxx.xxxxpredictiveAlto
7File/xxxx/xxx/xxxx-xxxxxpredictiveAlto
8File/xxxx.xxxpredictiveMedia
9File/xxxxxxx/predictiveMedia
10Filexxxxx.xxxpredictiveMedia
11Filexxxxxxxx.xxxpredictiveMedia
12Filexxxxxx/xxxxxx/xxx_xxxx.xpredictiveAlto
13Filex_xxxxxxpredictiveMedia
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
15Filexxxx.xxxpredictiveMedia
16Filexxx/xxxxxx.xxxpredictiveAlto
17Filexxxxx.xxxpredictiveMedia
18Filexxxx.xxxpredictiveMedia
19Filexxxxxxxx/xxxxxxxxxpredictiveAlto
20Filexxxxxx/xxx/xxxxxxxx.xpredictiveAlto
21Filexxxxx.xxxpredictiveMedia
22Filexxx_xxxxx_xxxxx.xpredictiveAlto
23Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveAlto
24Filexxxxxxxx.xxxpredictiveMedia
25Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
26Filexxxxxxxxxxxxxxx.xxxxpredictiveAlto
27ArgumentxxxxxxxxxxxpredictiveMedia
28Argumentxxx_xxxpredictiveBasso
29ArgumentxxxxxxxxpredictiveMedia
30ArgumentxxxxxxxpredictiveBasso
31Argumentxxxxxxx-xxxx/xxxxxxx-xxxxxxxx-xxxxxxxxpredictiveAlto
32Argumentxx_xxxxx_xxpredictiveMedia
33ArgumentxxxpredictiveBasso
34ArgumentxxxxpredictiveBasso
35ArgumentxxxxxxxxxxxpredictiveMedia
36Argumentxxxx/xxx/xxx_xxpredictiveAlto
37ArgumentxxxxxxxxpredictiveMedia
38Argumentxxx_xxxxxxxxxxxpredictiveAlto
39ArgumentxxxxxxpredictiveBasso
40Argumentxxx_xxxxxxxpredictiveMedia
41ArgumentxxxpredictiveBasso
42ArgumentxxxxxxxxpredictiveMedia
43Input Value../predictiveBasso
44Input Valuexxxxxxxxx' xxx 'x'='xpredictiveAlto

Referenze (4)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!