Matanbuchus 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

タイムライン

言語

en114
fr6
de6
it2
es2

国・地域

us36
de26
ru6
it4
pt4

アクター

Matanbuchus4
Cobalt Strike3
RedLine Stealer2
Quasar RAT1
Nanocore RAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined58
Network Attached Storage Software14
Web Server6
Cloud Software6
Smartphone Operating System6

ベンダー

Not Defined20
QNAP14
SourceCodester12
Microsoft10
Cisco4

製品

QNAP QTS14
QNAP QuTS hero12
QNAP QuTScloud10
Microsoft IIS6
SourceCodester Simple Student Attendance System4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1QNAP QuTScloud/QTS/QuTS hero 特権昇格5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.07CVE-2023-32967
2QNAP QTS/QuTS hero/QuTScloud 特権昇格6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39302
3QNAP QTS/QuTS hero/QuTScloud 特権昇格8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39297
4SonicBOOM riscv-boom 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2020-29561
5QNAP QTS/QuTS hero/QuTScloud 特権昇格5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-50358
6QNAP QTS/QuTS hero/QuTScloud 特権昇格5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2024-21900
7QNAP Systems Photo Station ディレクトリトラバーサル4.64.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.06CVE-2023-47221
8SourceCodester Online Tours & Travels Management System email_setup.php prepare SQLインジェクション6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.03CVE-2023-6765
9Magento Admin Panel Path 情報の漏洩5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2019-7852
10XenForo 特権昇格8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
11United Planet Intrexx Professional クロスサイトスクリプティング4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2020-24188
12Huawei Mate 20 Digital Balance 特権昇格3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2020-1831
13Aviatrix Controller Web Interface 未知の脆弱性5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2020-13416
14Facebook WhatsApp MP4 File メモリ破損7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000860.07CVE-2019-11931
15Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
17cPanel File Extension 特権昇格8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004320.02CVE-2020-26108
18Western Digital WD My Cloud Session 弱い認証8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.018340.03CVE-2018-9148
19Western Digital My Cloud/WD Cloud 特権昇格8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.006630.00CVE-2022-22995
20QNAP QTS/QuTS hero/QuTScloud 弱い認証6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.04CVE-2023-39303

キャンペーン (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
134.94.151.129129.151.94.34.bc.googleusercontent.comBelialDemonMatanbuchus2021年08月29日verified
234.105.89.8282.89.105.34.bc.googleusercontent.comBelialDemonMatanbuchus2021年08月29日verified
334.106.243.174174.243.106.34.bc.googleusercontent.comBelialDemonMatanbuchus2021年08月29日verified
444.208.127.245ec2-44-208-127-245.compute-1.amazonaws.comMatanbuchusCobalt Strike2022年07月22日verified
5XXX.XX.XX.XXXXxxxxxxxxxx2024年03月08日verified
6XXX.XX.XX.XXXXxxxxxxxxxx2024年03月08日verified
7XXX.XX.XX.XXXXxxxxxxxxxx2024年03月08日verified
8XXX.XX.XX.XXXXxxxxxxxxxx2024年03月08日verified
9XXX.XXX.X.XXXxxxxxxxxxxXxxxxx Xxxxxx2022年07月22日verified
10XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx Xxxxxx2022年07月22日verified
11XXX.XXX.X.XXXXxxxxxxxxxx2024年04月04日verified
12XXX.XXX.X.XXXXxxxxxxxxxx2024年04月05日verified
13XXX.XXX.X.XXXXxxxxxxxxxx2024年04月04日verified
14XXX.XXX.X.XXXXxxxxxxxxxx2024年04月04日verified
15XXX.XX.XXX.XXXxxxxxxxxxx2024年03月31日verified
16XXX.XX.XXX.XXXxxxxxxxxxx2024年03月30日verified
17XXX.XXX.XXX.XXXxxxxxxxxxx2022年07月06日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-425Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4TXXXXCAPEC-242CWE-XXXxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/?page=user/manage_user&id=3predictive
2File/Admin/add-student.phppredictive
3File/admin/attendance_row.phppredictive
4File/admin/request-received-bydonar.phppredictive
5File/admin/test_status.phppredictive
6File/admin_route/inc_service_credits.phppredictive
7File/cgi-bin/cstecgi.cgipredictive
8File/cgi-bin/supervisor/PwdGrp.cgipredictive
9File/xxxxxxxx.xxxpredictive
10File/xxx/xxxxxxpredictive
11File/xxxxxx/xxxxxxxxxxxxpredictive
12File/xxxxxx/xxxxxxxxxxxxxxxxpredictive
13File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
14File/xxxxxpredictive
15File/xxxxx/xxxxx_xx_xxxx.xxxpredictive
16File/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictive
17File/xxxxxxx/predictive
18Filexxxxxxx.xxxxx.xxxpredictive
19Filexxxxxxxxxxxx.xxxpredictive
20Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
21Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxxx.xxxpredictive
22Filexxx:.xxxpredictive
23Filexxxxxxxxxx.xxxpredictive
24Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
26Filexxxxx_xxxxx.xxxpredictive
27Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictive
28Filexxxxxxx/xxxx.xxxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexx/xxxxxx.xxx.xxpredictive
31Filexxxxxxx-xxxx.xxxpredictive
32Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictive
33Filexxxxxxxx.xpredictive
34Filexxxxxxxxx.xpredictive
35Filexxxxxxxxxxxx.xxxpredictive
36Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictive
37Argumentxxxxxxxxpredictive
38Argumentxxxxx_xxpredictive
39Argumentxxxpredictive
40Argumentxxxxxxxxxxpredictive
41Argumentxxxxx/xxxxxxpredictive
42Argumentxxxxxxxxxxpredictive
43Argumentxxxxxxxxxxxpredictive
44Argumentxxxxxxxxpredictive
45Argumentxxxxx xxxxpredictive
46Argumentxxxxx xxxxpredictive
47Argumentxxxxxxxxpredictive
48Argumentxxpredictive
49Argumentxxxxxxxpredictive
50Argumentxxxxpredictive
51Argumentxxxxpredictive
52Argumentxxxxxxxxpredictive
53Argumentxxxxxxxxxx[x]predictive
54Argumentxxxxxxxxxpredictive
55Argumentxx_xxxxpredictive
56Argumentxx_xxpredictive
57Argumentxxxxxx_xxpredictive
58Argumentxxxxxxxpredictive
59Argumentxxxxxxxxpredictive
60Argumentxxxpredictive
61Argumentxxxxxxxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxxxxpredictive
64Input Value-x'%xxxxxxx%xxxxxxxx%xxxx,xxxx(),xxx,xxx--+predictive
65Input Valuexxxxxxxxx-xxxxxxxx-xxxxxx-xx.x-xxxxxxx-xx.x%x%x%x%xx%x%x%x%x%x%x%x%x%x%x%x%x%x.xxxpredictive
66Input Value\xxx../../../../xxx/xxxxxxpredictive
67Pattern() {predictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!