Xanthe Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Oś czasu

Język

en26
zh18
ja4

Kraj

cn30
us4
gb4
jp4

Aktorzy

LoggerMiner2
Xanthe1
Rhadamanthys1
Cobalt Strike1
PhotoLoader1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined18
Firewall Software4
Continuous Integration Software4
Groupware Software2
Application Server Software2

Sprzedawca

Not Defined18
Apache4
Microsoft2
F52
TOTOLINK2

Produkt

Jenkins4
Microsoft Outlook2
Apache Archiva2
F5 BIG-IP2
TOTOLINK EX1200T2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Apache Archiva File Upload Service cross site scripting5.15.1$5k-$25k$5k-$25kNot DefinedNot Defined0.001080.00CVE-2023-28158
2Splunk Enterprise Forwarder Bundle privilege escalation8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2022-32158
3Microsoft Windows 16-bit Compatibility information disclosure3.33.3$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
4virglrenderer IOCTL memory corruption7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-0135
5EQdkp dbal.php privilege escalation6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.031880.04CVE-2006-2256
6MikroTik RouterOS HTTP Server denial of service5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2019-13955
7Dreamer CMS cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.00CVE-2023-29774
8Weblogicnet es_desp.php privilege escalation7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.088790.00CVE-2007-4715
9PrestaShop sql injection8.08.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.838960.05CVE-2021-3110
10Oracle MySQL Server Compiling denial of service7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-22570
11Microsoft Outlook weak authentication9.08.6$5k-$25k$0-$5kFunctionalOfficial Fix0.926450.06CVE-2023-23397
12Apache Dubbo Generic Invoke privilege escalation5.05.0$5k-$25k$5k-$25kNot DefinedNot Defined0.014790.00CVE-2023-23638
13Grafana Authentication Cookies information disclosure5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001010.02CVE-2022-39201
14Hugo Pandoc Document exec privilege escalation5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002670.02CVE-2020-26284
15GNU C Library Call Graph Monitor gmon.c __monstartup memory corruption [Sporny]6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.10CVE-2023-0687
16nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.76CVE-2020-12440
17Google Chrome denial of service7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.009890.02CVE-2011-2796
18Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout denial of service5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002700.00CVE-2022-40279
19Microsoft Internet Explorer FTP Server memory corruption6.36.3$25k-$100k$0-$5kHighUnavailable0.969730.07CVE-2009-3023
20Microsoft Windows Shell Shortcut Parser privilege escalation10.09.5$100k i więcej$0-$5kHighOfficial Fix0.972230.05CVE-2010-2568

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
134.92.166.158158.166.92.34.bc.googleusercontent.comXanthe2022-02-02verifiedMedium
2XX.XXX.XX.XXXxxxxx2022-02-02verifiedWysoki
3XXX.XX.XX.XXxxxxxxx.xxxXxxxxx2022-02-02verifiedWysoki
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2022-02-02verifiedWysoki
5XXX.XX.XX.XXXXxxxxx2022-02-02verifiedWysoki

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveWysoki
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
10TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
12TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1Fileauth2-gss.cpredictiveMedium
2Filecategory.phppredictiveMedium
3Filees_desp.phppredictiveMedium
4Filexxxx.xpredictiveNiski
5Filexxxxxxxx/xxxx.xxxpredictiveWysoki
6Filexx/xxxxpredictiveNiski
7Filexxxxxx.xxxpredictiveMedium
8Filexxxx-xxxxxx.xpredictiveWysoki
9Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
10Filexxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.xpredictiveWysoki
11Argumentxxxxx_xxxx_xxxxpredictiveWysoki
12Argumentxxxxx_xxxpredictiveMedium
13Argumentxxxx/xxpredictiveNiski
14Argumentxx_xxxxxxxxpredictiveMedium
15ArgumentxxxxpredictiveNiski
16ArgumentxxxxpredictiveNiski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you want to use VulDB in your project?

Use the official API to access entries easily!