Exchange Marauder Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (312)

Curso de tempo

Idioma

en258
zh40
ru6
fr4
pl2

País

us190
cn74
ru14
kr6
in2

Actores

Exchange Marauder12
FIN72
RedLine Stealer2
Cobalt Strike2
UNC48411

Actividades

Interesse

Curso de tempo

Tipo

Not Defined100
Operating System22
Content Management System20
Router Operating System12
WordPress Plugin10

Fabricante

Not Defined94
Microsoft16
Apache8
SolarWinds6
Zoho ManageEngine6

Produto

Microsoft Windows8
PHPMailer6
FreeBSD6
WordPress6
Linux Kernel6

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25kCalculadoHighWorkaround0.020160.02CVE-2007-1192
2net2ftp Directório Traversal7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.035010.00CVE-2008-5275
3Linux Kernel Pipe Dirty Pipe Privilege Escalation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.075840.00CVE-2022-0847
4MWChat Pro Help about.php direitos alargados7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.006500.02CVE-2006-5904
5Phicomm k2 direitos alargados6.66.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.03CVE-2023-40796
6Metalinks Metacart2 productsbycategory.asp Injecção SQL7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001420.04CVE-2005-1363
7Yii Yii2 Gii Roteiro Cruzado de Sítios4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2022-34297
8Microsoft Windows Clipboard User Service Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.08CVE-2022-21869
9SourceCodester Online Flight Booking Management System POST Parameter review_search.php Injecção SQL7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001340.04CVE-2023-0283
10Microsoft IIS IP/Domain Restriction direitos alargados6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.08CVE-2014-4078
11FuelPHP direitos alargados7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.031290.00CVE-2014-1999
12phpLDAPadmin LDAP injection direitos alargados8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.249320.00CVE-2018-12689
13FreeBSD setrlimit Excesso de tampão6.55.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001260.00CVE-2017-1085
14DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.87CVE-2010-0966
15Zoho ManageEngine ServiceDesk Plus API Endpoint User direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.004660.00CVE-2018-7248
16WebARX Plugin Stored Roteiro Cruzado de Sítios5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.002130.00CVE-2019-17213
17jforum User direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
18ShowDoc direitos alargados5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001250.00CVE-2018-19620
19Chevereto CMS Stored Roteiro Cruzado de Sítios5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2017-1000058
20Bitrix Upload from Local Disk Feature restore.php direitos alargados6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-29268

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • Exchange Marauder

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
15.254.43.18Exchange MarauderExchange Marauder31/05/2021verifiedAlto
280.92.205.81vm302679.pq.hostingExchange MarauderExchange Marauder31/05/2021verifiedAlto
3103.77.192.219Exchange MarauderExchange Marauder31/05/2021verifiedAlto
4XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto
5XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto
6XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxx.xxxXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedMédio
7XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedMédio
8XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto
9XXX.XX.XXX.XXXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto
10XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto
11XXX.XX.XXX.XXXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto
12XXX.XXX.XX.XXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto
13XXX.XX.XX.XXXXxxxxxxx XxxxxxxxXxxxxxxx Xxxxxxxx31/05/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22, CWE-23, CWE-24Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-CWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveAlto
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File.htaccesspredictiveMédio
2File/cgi-bin/luci/api/authpredictiveAlto
3File/filemanager/upload.phppredictiveAlto
4File/resources//../predictiveAlto
5File/src/Illuminate/Laravel.phppredictiveAlto
6File/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.phppredictiveAlto
7File/usr/local/WowzaStreamingEngine/bin/predictiveAlto
8File/wp-json/oembed/1.0/embed?urlpredictiveAlto
9Fileabout.phppredictiveMédio
10Fileadmin/modules/tools/ip_history_logs.phppredictiveAlto
11Fileadminer.phppredictiveMédio
12Fileadmin_feature.phppredictiveAlto
13Fileapi_poller.phppredictiveAlto
14Fileapplication/controllers/admin/dataentry.phppredictiveAlto
15Filexxx.xxxpredictiveBaixo
16Filexxxxxx/xxxxxxxx.xxxxpredictiveAlto
17Filexxxxxxx.xxpredictiveMédio
18Filexxx-xxx/xxxxxx.xxxpredictiveAlto
19Filexxxxxxxxxx.xxxpredictiveAlto
20Filexxx.xxx?xxx=xxxxx_xxxxpredictiveAlto
21Filexxx.xxxpredictiveBaixo
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxxxxxx.xxxpredictiveMédio
24Filexxxx_xxxxxxx.xxxpredictiveAlto
25Filexxxxxxxxxxxxx.xxxpredictiveAlto
26Filexxx/xxxxxx/xxxxxx.xpredictiveAlto
27Filexxxxxxx.xxxpredictiveMédio
28Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveAlto
29Filexx_xxxx.xxxpredictiveMédio
30Filexxxxxxxxx.xxxpredictiveAlto
31Filexxx/xxxxxx.xxxpredictiveAlto
32Filexxxxxxxx/xxxx/xxxxx-xxxxx.xxxpredictiveAlto
33Filexxxxx.xxxpredictiveMédio
34Filexxxxxxx/xxxxxxxx.xxxpredictiveAlto
35Filexxxxxx/xxx/xxxxxxxx.xpredictiveAlto
36Filexx_xxxxxx.xxxpredictiveAlto
37Filexxxxxxx.xxxpredictiveMédio
38Filexxxxxxxxx/xxxx_xxxxxxx.xxx.xxxpredictiveAlto
39Filexxxx/xxxxxxxxxx.xxxpredictiveAlto
40Filexxx.xxxpredictiveBaixo
41Filexxxxxx.xxpredictiveMédio
42Filexxxxxxx/xx?xxxxxxxx=predictiveAlto
43Filexxxxxxxxxxx-xxxx.xxpredictiveAlto
44Filexxx/xxxxxxx/xxx.xxxpredictiveAlto
45Filexxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
46Filexxxxxxx_xxxx.xxxpredictiveAlto
47Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveAlto
48Filexxxxxxxx.xxxpredictiveMédio
49Filexxxx.xxxpredictiveMédio
50Filexxxxx-xxxxxxpredictiveMédio
51Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
52Filexxxxxxx.xxxpredictiveMédio
53Filexxxxxx_xxxxxx.xxxpredictiveAlto
54Filexxxxxx/xxx/xx/xxx.xxpredictiveAlto
55Filexxxxxxxxxx.xxxxpredictiveAlto
56Filexxxxxx_xxx_xxxxxx.xxxpredictiveAlto
57Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveAlto
58Filexxxxxx.xpredictiveMédio
59Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveAlto
60Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
61Filexx/xx_xxxxxx.xxxpredictiveAlto
62Filexx\xxxxxxx.xxxxpredictiveAlto
63Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveAlto
64File\xxxxxxx\xxxxxxxxxxxx.xxxxpredictiveAlto
65Library/xxx/xxx/xxxx.xxxpredictiveAlto
66Libraryxxxxxx[xxxxxx_xxxxpredictiveAlto
67Libraryxxxx.xxx.xxxpredictiveMédio
68Libraryxxxxxx.xxxpredictiveMédio
69Libraryxx-xxxxxxx/xxxxxxx/xx-xxxx-xxxxxxx/xxx/xxxxx/predictiveAlto
70Argument%xpredictiveBaixo
71ArgumentxxxxxxxpredictiveBaixo
72ArgumentxxxpredictiveBaixo
73Argumentxxxxxx_xxxxpredictiveMédio
74ArgumentxxxxxxxxpredictiveMédio
75ArgumentxxxxpredictiveBaixo
76ArgumentxxxpredictiveBaixo
77ArgumentxxxxxpredictiveBaixo
78ArgumentxxxxxxxpredictiveBaixo
79ArgumentxxxpredictiveBaixo
80ArgumentxxxxxxxxpredictiveMédio
81ArgumentxxxxxxxxxpredictiveMédio
82Argumentxxxxxx[xxxxxx_xxxx]predictiveAlto
83Argumentxxxxxx_xxxxx_xxxxxxxxxxxxxpredictiveAlto
84ArgumentxxpredictiveBaixo
85ArgumentxxxxxxxxxxxpredictiveMédio
86ArgumentxxxxpredictiveBaixo
87ArgumentxxxxxpredictiveBaixo
88Argumentxx-xxxxpredictiveBaixo
89ArgumentxxxxxxxxpredictiveMédio
90ArgumentxxpredictiveBaixo
91Argumentxx_xxxxpredictiveBaixo
92ArgumentxxxxxxxxxpredictiveMédio
93Argumentxxxx/xxx_xxxxpredictiveAlto
94ArgumentxxxxxxxpredictiveBaixo
95ArgumentxxxpredictiveBaixo
96Argumentxxxxxxx/xxxxxxx/xxxxxxpredictiveAlto
97ArgumentxxxxpredictiveBaixo
98Argumentxxxxx_xxpredictiveMédio
99Argumentxxxx_xxpredictiveBaixo
100ArgumentxxxxxxxxxxxxxpredictiveAlto
101Argumentxxxx_xxpredictiveBaixo
102Argumentxxxxx_xxxxxxpredictiveMédio
103Argumentxxxxxx xxxxpredictiveMédio
104ArgumentxxxxxxxpredictiveBaixo
105Argumentxxxxxxx xxxxpredictiveMédio
106ArgumentxxxxxxpredictiveBaixo
107Argumentxxxxxx_xxpredictiveMédio
108ArgumentxxxxpredictiveBaixo
109Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictiveAlto
110Argumentxxxxxxxx_xxxxxpredictiveAlto
111ArgumentxxxpredictiveBaixo
112Argumentxxxxxxxxxx/xxxxxxxxxxxxxxxpredictiveAlto
113ArgumentxxxxxxxxxpredictiveMédio
114ArgumentxxxpredictiveBaixo
115ArgumentxxxpredictiveBaixo
116ArgumentxxxxxxxxxpredictiveMédio
117ArgumentxxxxxxpredictiveBaixo
118Argumentxxxx_xxpredictiveBaixo
119ArgumentxxxpredictiveBaixo
120Argumentx-xxxxxxxxx-xxxpredictiveAlto
121Argumentxx_xxxx_xxxxxpredictiveAlto
122Argument_xxxpredictiveBaixo
123Input Valuexxxx%xxxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!