Mettle Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Język

en	26
fr	2

Kraj

us	20
vn	8

Aktorzy

Mettle	1

Wysiłek

Rodzaj

Not Defined	10
Domain Name Software	10
Router Operating System	2
Programming Language Software	2
Operating System	2

Sprzedawca

Not Defined	18
TP-LINK	2
Apache	2
Creolabs	2
Microsoft	2

Produkt

Dnsmasq	10
Magento	2
NoneCms	2
TP-LINK TL-WR841N	2
devise-two-factor	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Dnsmasq extract_name memory corruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.02	CVE-2021-45954
2	TP-LINK TL-WR841N Firmware directory traversal	7.5	7.5	$0-$5k	$0-$5k	High	Not Defined	0.02952	0.04	CVE-2012-5687
3	devise-two-factor information disclosure	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.02	CVE-2024-0227
4	pfSense diag_command.php csrf_callback cross site request forgery	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00180	0.00	CVE-2019-16667
5	Apache Superset REST API Get Endpoint privilege escalation	5.8	5.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00270	0.04	CVE-2022-45438
6	WordPress Scheduled Task wp-cron.php denial of service	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00096	0.02	CVE-2023-22622
7	Dnsmasq fuzz_rfc1035.c resize_packet memory corruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.04	CVE-2021-45955
8	Dnsmasq print_mac memory corruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.03	CVE-2021-45956
9	Dnsmasq rfc1035.c extract_name memory corruption	7.7	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.10872	0.04	CVE-2020-25682
10	Dnsmasq fuzz_rfc1035.c answer_request memory corruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.04	CVE-2021-45957
11	PHP FPM SAPI memory corruption	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00148	0.04	CVE-2021-21703
12	Magento Deserialization privilege escalation	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00587	0.00	CVE-2020-3716
13	Magento sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00582	0.03	CVE-2019-7139
14	Google Android file_input_stream.cc Read memory corruption	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00105	0.00	CVE-2019-2105
15	Google Android TQS App memscpy memory corruption	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00187	0.00	CVE-2015-9173
16	nginx HTTP/2 denial of service	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02974	0.04	CVE-2018-16844
17	Moodle Installation information disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00187	0.03	CVE-2012-4403
18	NoneCms App.php privilege escalation	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96678	0.04	CVE-2018-20062
19	Creolabs Gravity gravity_lexer.c memory corruption	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00331	0.00	CVE-2017-1000172
20	Squid Proxy HTTP Request weak authentication	8.7	8.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.52868	0.03	CVE-2016-4553

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	118.70.80.143		Mettle		2022-02-12	verified	Wysoki
2	XXX.XXX.XX.XXX		Xxxxxx		2022-02-12	verified	Wysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1059.007	CWE-80	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	diag_command.php	predictive	Wysoki
2	File	file_input_stream.cc	predictive	Wysoki
3	File	xxxx_xxxxxxx.x	predictive	Wysoki
4	File	xxxxxxx_xxxxx.x	predictive	Wysoki
5	File	xxxxxxx.x	predictive	Medium
6	File	xxxxxxxx/xxxxxxxx	predictive	Wysoki
7	File	xx-xxxx.xxx	predictive	Medium
8	Library	xxxxxxxx/xxxxxxx/xxxxx/xxx.xxx	predictive	Wysoki
9	Argument	xxxxxxxx_xx	predictive	Medium
10	Argument	xxxxxx	predictive	Niski
11	Argument	xxxxxxxxxx/xxxxxxxxxxxxxxx	predictive	Wysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!