MATA Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (323)

Język

en	252
zh	46
fr	10
de	8
es	4

Kraj

la	224
us	58
gb	12
me	12
cn	10

Aktorzy

Cobalt Strike	17
Ave Maria	10
RedLine Stealer	8
Lazarus	8
MATA	6

Wysiłek

Rodzaj

Not Defined	108
Content Management System	26
Operating System	18
WordPress Plugin	10
Programming Language Software	10

Sprzedawca

Not Defined	118
Microsoft	22
Apache	8
Atlassian	6
Sophos	4

Produkt

Microsoft Windows	16
WordPress	10
Moodle	8
phpMyAdmin	6
CodeIgniter	4

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	TikiWiki tiki-register.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.02	CVE-2006-6168
2	Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 privilege escalation	5.3	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00047	0.04	CVE-2023-1453
3	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	1.93
4	Tiki Admin Password tiki-login.php weak authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	3.13	CVE-2020-15906
5	WordPress AdServe adclick.php sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.08	CVE-2008-0507
6	Primetek Primefaces weak encryption	8.5	8.3	$0-$5k	$0-$5k	High	Not Defined	0.97013	0.07	CVE-2017-1000486
7	Drupal Sanitization API cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00056	0.02	CVE-2020-13672
8	Microsoft Windows HMAC Key Derivation Local Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00048	0.03	CVE-2023-36400
9	LiteSpeed Cache Plugin Shortcode cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00051	0.03	CVE-2023-4372
10	WebTitan Appliance Extensions Persistent cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02
11	ipTIME NAS-I Bulletin Manage privilege escalation	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00988	0.03	CVE-2020-7847
12	RARLabs WinRAR ZIP Archive Remote Code Execution	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.44373	0.03	CVE-2023-38831
13	request-baskets API Request {name} privilege escalation	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08109	0.00	CVE-2023-27163
14	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.44	CVE-2010-0966
15	PHP phpinfo cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
16	nginx privilege escalation	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.13	CVE-2020-12440
17	Microsoft Windows Scripting Engine Remote Code Execution	5.9	5.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.37113	0.00	CVE-2021-34480
18	NotificationX Plugin SQL Statement sql injection	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02414	0.04	CVE-2022-0349
19	DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd privilege escalation	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00183	0.06	CVE-2022-41479
20	Basilix Webmail login.php3 privilege escalation	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	2.4.17.15	lfbn-mon-1-592-15.w2-4.abo.wanadoo.fr	Mata	2020-07-25	verified	Wysoki
2	23.227.199.53	23-227-199-53.static.hvvc.us	MATA	2022-03-31	verified	Wysoki
3	23.227.199.69	23-227-199-69.static.hvvc.us	MATA	2022-03-31	verified	Wysoki
4	23.254.119.12		MATA	2022-03-31	verified	Wysoki
5	XX.XX.XXX.XXX		Xxxx	2022-03-31	verified	Wysoki
6	XX.XXX.XXX.XX		Xxxx	2022-03-31	verified	Wysoki
7	XXX.XXX.XX.X		Xxxx	2022-03-31	verified	Wysoki
8	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	2022-03-31	verified	Wysoki
9	XXX.XXX.XX.XX	xxxxxxx.xxx-xxxxxxxxxxx.xxxx	Xxxx	2022-03-31	verified	Wysoki
10	XXX.XX.XXX.XXX	xxxx.xxxxxxxxxxxxxxxxxxxxx.xxx	Xxxx	2022-03-31	verified	Wysoki
11	XXX.XX.XXX.XXX	xxxxxxx.xxxxx.xx	Xxxx	2022-03-31	verified	Wysoki
12	XXX.XX.XXX.XX	xx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxx	Xxxx	2022-03-31	verified	Wysoki
13	XXX.XX.XXX.XX		Xxxx	2022-03-31	verified	Wysoki
14	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx.xxxxxxx-xxx	Xxxx	2022-03-31	verified	Wysoki
15	XXX.XX.XX.XXX		Xxxx	2022-03-31	verified	Wysoki
16	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx	Xxxx	2022-03-31	verified	Wysoki
17	XXX.XXX.XXX.X		Xxxx	2022-03-31	verified	Wysoki
18	XXX.XX.XXX.XX	xxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxx	Xxxx	2022-03-31	verified	Wysoki
19	XXX.XXX.XX.XXX	xxxxxxx.xx-xxxx-xxx-xxxx.xxx	Xxxx	2022-03-31	verified	Wysoki

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-21, CWE-22, CWE-24	Path Traversal	predictive	Wysoki
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	T1059	CAPEC-137	CWE-88, CWE-94, CWE-1321	Argument Injection	predictive	Wysoki
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Wysoki
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX.XXX	CAPEC-16	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
9	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
10	TXXXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Wysoki
11	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
12	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Wysoki
13	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
14	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
15	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Wysoki
16	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
17	TXXXX.XXX	CAPEC-0	CWE-XX	Xxxxxxxxxxxxx	predictive	Wysoki
18	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki
19	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Wysoki
20	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (172)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/admin/dl_sendmail.php	predictive	Wysoki
2	File	/adminPage/conf/reload	predictive	Wysoki
3	File	/api/baskets/{name}	predictive	Wysoki
4	File	/api/v2/cli/commands	predictive	Wysoki
5	File	/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=	predictive	Wysoki
6	File	/DXR.axd	predictive	Medium
7	File	/forum/away.php	predictive	Wysoki
8	File	/mfsNotice/page	predictive	Wysoki
9	File	/novel/bookSetting/list	predictive	Wysoki
10	File	/novel/userFeedback/list	predictive	Wysoki
11	File	/out.php	predictive	Medium
12	File	/owa/auth/logon.aspx	predictive	Wysoki
13	File	/phppath/php	predictive	Medium
14	File	/spip.php	predictive	Medium
15	File	/systemrw/	predictive	Medium
16	File	/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3	predictive	Wysoki
17	File	/zm/index.php	predictive	Wysoki
18	File	adclick.php	predictive	Medium
19	File	admin.jcomments.php	predictive	Wysoki
20	File	admin/gv_mail.php	predictive	Wysoki
21	File	application/modules/admin/views/ecommerce/products.php	predictive	Wysoki
22	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Wysoki
23	File	xxxx.xxx	predictive	Medium
24	File	xx_xxxx_xx_xxxx_xxxx.xxx	predictive	Wysoki
25	File	xxxx_xxxxxxx.xxx	predictive	Wysoki
26	File	xxxxxxxx.xxx	predictive	Medium
27	File	xxxxxx.xxx	predictive	Medium
28	File	xxxxx.xxx	predictive	Medium
29	File	xxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxx	predictive	Wysoki
30	File	xxxxx-xxxxxxx.xxx	predictive	Wysoki
31	File	xxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxx	predictive	Wysoki
32	File	xxxxxxxxxx\xxxx.xxx	predictive	Wysoki
33	File	xxxxxxxxxxx.xxx	predictive	Wysoki
34	File	xxxx-xxxxxx.xxx	predictive	Wysoki
35	File	xxxx.xxx	predictive	Medium
36	File	xxx/xxxx/xxxx_xxxxxx.x	predictive	Wysoki
37	File	xxxxxxxxxxx.xxxxx.xxx	predictive	Wysoki
38	File	xxxxxxx.xxx	predictive	Medium
39	File	xxxxx.xxx	predictive	Medium
40	File	xxxx.xxx	predictive	Medium
41	File	xxxxx_xxxx.xxx	predictive	Wysoki
42	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	Wysoki
43	File	xxx/xxxxxx.xxx	predictive	Wysoki
44	File	xxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxx	predictive	Wysoki
45	File	xxxxx.xxxx	predictive	Medium
46	File	xxxxx.xxx	predictive	Medium
47	File	xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx	predictive	Wysoki
48	File	xxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxx	predictive	Wysoki
49	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	Wysoki
50	File	xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx	predictive	Wysoki
51	File	xxxx_xxxx.xxx	predictive	Wysoki
52	File	xxxx_xxxxxxx.xxx	predictive	Wysoki
53	File	xxxxx.xxxx	predictive	Medium
54	File	xxxxx.xxx	predictive	Medium
55	File	xxxx.xxxx	predictive	Medium
56	File	xxxxxx/xxxxxxxxx.xxx	predictive	Wysoki
57	File	xx_xxxx.x	predictive	Medium
58	File	xxx/xxxx/xxxx_xxxxxxxxx.x	predictive	Wysoki
59	File	xxxxxxx_xxxx.xxx	predictive	Wysoki
60	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
61	File	xxxxx_xxxxxx_xxxxxxxx.xxx	predictive	Wysoki
62	File	xxxxxxx.xxx	predictive	Medium
63	File	xxxxxxxxxxxxx.xxx	predictive	Wysoki
64	File	xxxxxxxxxxxx.xxx	predictive	Wysoki
65	File	xxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxx	predictive	Wysoki
66	File	xxxxx.xxx	predictive	Medium
67	File	xxxx.xxx	predictive	Medium
68	File	xxxxxxxx.xxx	predictive	Medium
69	File	xxxxxxxxxx.xxx	predictive	Wysoki
70	File	xxxxxxxx.xx	predictive	Medium
71	File	xxxx_xxxx_xxxxxx.xxx	predictive	Wysoki
72	File	xxxxxxxxxxxxxx.xxx	predictive	Wysoki
73	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Wysoki
74	File	xxxx_xxxxx.xxxx	predictive	Wysoki
75	File	xxxxxxxxxx_xxxx.xxx	predictive	Wysoki
76	File	xxx/xxxx/xxxx	predictive	Wysoki
77	File	xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx	predictive	Wysoki
78	File	xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx	predictive	Wysoki
79	File	xxxxxxxxx/xxxxxxxx.xxx	predictive	Wysoki
80	File	xxxx_xxxxxx.xx	predictive	Wysoki
81	File	xxxx-xxxxx.xxx	predictive	Wysoki
82	File	xxxx-xxxxxxxx.xxx	predictive	Wysoki
83	File	xxxxxx_xxxxx.xxx	predictive	Wysoki
84	File	xxxxxx.xxx	predictive	Medium
85	File	xxx.xxx	predictive	Niski
86	File	xxxxxxx-xxxxx.xxx	predictive	Wysoki
87	File	xxxx_xxxxx.xxx	predictive	Wysoki
88	File	xxxx/xxx/xxxx-xxxxx.xxx	predictive	Wysoki
89	File	xxxx.xxx	predictive	Medium
90	File	xxxxxxxx.xxx	predictive	Medium
91	File	xxxxxxxxx.xxx	predictive	Wysoki
92	File	xx-xxxxx-xxxxxx.xxx	predictive	Wysoki
93	File	xx-xxxxxxxx/xxxx.xxx	predictive	Wysoki
94	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Wysoki
95	File	xx-xxxxxxxxx.xxx	predictive	Wysoki
96	File	xxx/xxxxxxxx/xxxxxxxx.xxx	predictive	Wysoki
97	File	xxxx.xxx	predictive	Medium
98	File	_xxxxxxxx/xxxx?xxxx	predictive	Wysoki
99	File	~/xxx/xxxx-xxxxxxxxx.xxx	predictive	Wysoki
100	File	~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxx	predictive	Wysoki
101	Library	xxxxxx.xxx	predictive	Medium
102	Library	xxxxxx.xxx	predictive	Medium
103	Library	xxxxxx.xxx	predictive	Medium
104	Library	xxxxxxx/xxx.xxx.xxx.xxx	predictive	Wysoki
105	Library	xxxx-xxxxxx.xxx	predictive	Wysoki
106	Argument	xxx_xxx	predictive	Niski
107	Argument	xxxx	predictive	Niski
108	Argument	xxxxxxxxx	predictive	Medium
109	Argument	xxxxxxxx	predictive	Medium
110	Argument	xxx_xxx_xx_xxx_xxxxxxxxxx_x	predictive	Wysoki
111	Argument	xxxxx_xxxx	predictive	Medium
112	Argument	xxxx_xxx_xxxx	predictive	Wysoki
113	Argument	xxx	predictive	Niski
114	Argument	xxxxxxxxx	predictive	Medium
115	Argument	xxxxxxxxxx	predictive	Medium
116	Argument	xxx_xx	predictive	Niski
117	Argument	xxx	predictive	Niski
118	Argument	xxx	predictive	Niski
119	Argument	xxxxxxxxxxxxxxx	predictive	Wysoki
120	Argument	xxxx_xx	predictive	Niski
121	Argument	xxx	predictive	Niski
122	Argument	xxxx	predictive	Niski
123	Argument	xxxxxxxxx_xxxxxx	predictive	Wysoki
124	Argument	xxxxxxxxx	predictive	Medium
125	Argument	xx_xxxxxxx	predictive	Medium
126	Argument	xxxx	predictive	Niski
127	Argument	xxxxxxxx	predictive	Medium
128	Argument	xxxxx	predictive	Niski
129	Argument	xxxxxx_xxxxx	predictive	Medium
130	Argument	xxxxxxxxx	predictive	Medium
131	Argument	xx_xx	predictive	Niski
132	Argument	xxxxxxx[xxxxxxx]	predictive	Wysoki
133	Argument	xxxxxxx	predictive	Niski
134	Argument	xxxxxx	predictive	Niski
135	Argument	xxxxx	predictive	Niski
136	Argument	xx	predictive	Niski
137	Argument	xxx	predictive	Niski
138	Argument	xxxx	predictive	Niski
139	Argument	xxxx	predictive	Niski
140	Argument	xxxx/xxxxxxxx	predictive	Wysoki
141	Argument	xxx xxxxxxxx/xxxxxxx xxxxxxxx	predictive	Wysoki
142	Argument	xxxxxxxx	predictive	Medium
143	Argument	xx_xx	predictive	Niski
144	Argument	xxxxxx/xxxxx/xxxx	predictive	Wysoki
145	Argument	xxxxxxx	predictive	Niski
146	Argument	xxxxxxx	predictive	Niski
147	Argument	xxxx	predictive	Niski
148	Argument	xxxxxxxx	predictive	Medium
149	Argument	xxxxxx_xxxxxx	predictive	Wysoki
150	Argument	xxxxxxxx_xx	predictive	Medium
151	Argument	xxxxxxxx_xxx	predictive	Medium
152	Argument	xxxxxx_xxxxx	predictive	Medium
153	Argument	xxx	predictive	Niski
154	Argument	xxxx_xxxx	predictive	Medium
155	Argument	xxxx	predictive	Niski
156	Argument	xxxxxx	predictive	Niski
157	Argument	xxxxxxx	predictive	Niski
158	Argument	xxx_xxxx	predictive	Medium
159	Argument	xxx	predictive	Niski
160	Argument	xx_xx	predictive	Niski
161	Argument	xxxxx	predictive	Niski
162	Argument	xxxxx_xx	predictive	Medium
163	Argument	xxx	predictive	Niski
164	Argument	xxxxxx	predictive	Niski
165	Argument	xxxxxxxx	predictive	Medium
166	Argument	_xxx_xxxxxxxxxxx_	predictive	Wysoki
167	Input Value	<xxxxxx >xxxxx(xxx)</xxxxxx>	predictive	Wysoki
168	Input Value	xxxxxxxxx' xxx 'x'='x	predictive	Wysoki
169	Input Value	xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx	predictive	Wysoki
170	Pattern	\|xx xx xx xx\|	predictive	Wysoki
171	Network Port	xxxxx	predictive	Niski
172	Network Port	xxx/xxxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!