Matanbuchus Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

Curso de tempo

Idioma

en120
fr6
zh2
de2
it2

País

us34
de22
ru6
pt4
it4

Actores

Matanbuchus4
Cobalt Strike3
RedLine Stealer2
Quasar RAT1
Nanocore RAT1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined54
Network Attached Storage Software20
Web Browser4
Programming Language Software4
Web Server4

Fabricante

Not Defined24
QNAP20
SourceCodester10
Microsoft10
Totolink6

Produto

QNAP QTS20
QNAP QuTS hero14
QNAP QuTScloud14
Totolink LR1200GB4
Microsoft IIS4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1QNAP QuTScloud/QTS/QuTS hero direitos alargados5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.07CVE-2023-32967
2QNAP QTS/QuTS hero/QuTScloud direitos alargados6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39302
3QNAP QTS/QuTS hero/QuTScloud direitos alargados8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39297
4SonicBOOM riscv-boom direitos alargados5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2020-29561
5QNAP QTS/QuTS hero/QuTScloud direitos alargados5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-50358
6QNAP QTS/QuTS hero/QuTScloud direitos alargados5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2024-21900
7QNAP Systems Photo Station Directório Traversal4.64.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.06CVE-2023-47221
8SourceCodester Online Tours & Travels Management System email_setup.php prepare Injecção SQL6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.08CVE-2023-6765
9Magento Admin Panel Path Divulgação de Informação5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.03CVE-2019-7852
10XenForo direitos alargados8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
11United Planet Intrexx Professional Roteiro Cruzado de Sítios4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2020-24188
12Huawei Mate 20 Digital Balance direitos alargados3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2020-1831
13Aviatrix Controller Web Interface Falsificação de Pedido Cross Site5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2020-13416
14Facebook WhatsApp MP4 File Excesso de tampão7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2019-11931
15Microsoft IIS Roteiro Cruzado de Sítios5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
17cPanel File Extension direitos alargados8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004320.02CVE-2020-26108
18Western Digital WD My Cloud Session Fraca autenticação8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.018340.03CVE-2018-9148
19Western Digital My Cloud/WD Cloud direitos alargados8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.006630.00CVE-2022-22995
20QNAP QTS/QuTS hero/QuTScloud Fraca autenticação6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.04CVE-2023-39303

Campanhas (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
134.94.151.129129.151.94.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedMédio
234.105.89.8282.89.105.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedMédio
334.106.243.174174.243.106.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedMédio
444.208.127.245ec2-44-208-127-245.compute-1.amazonaws.comMatanbuchusCobalt Strike22/07/2022verifiedMédio
5XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedAlto
6XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedAlto
7XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedAlto
8XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedAlto
9XXX.XXX.X.XXXxxxxxxxxxxXxxxxx Xxxxxx22/07/2022verifiedAlto
10XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx Xxxxxx22/07/2022verifiedAlto
11XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedAlto
12XXX.XXX.X.XXXXxxxxxxxxxx05/04/2024verifiedAlto
13XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedAlto
14XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedAlto
15XXX.XX.XXX.XXXxxxxxxxxxx31/03/2024verifiedAlto
16XXX.XX.XXX.XXXxxxxxxxxxx30/03/2024verifiedAlto
17XXX.XXX.XXX.XXXxxxxxxxxxx06/07/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22, CWE-425Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/?page=user/manage_user&id=3predictiveAlto
2File/Admin/add-student.phppredictiveAlto
3File/admin/attendance_row.phppredictiveAlto
4File/admin/request-received-bydonar.phppredictiveAlto
5File/admin/test_status.phppredictiveAlto
6File/admin_route/inc_service_credits.phppredictiveAlto
7File/cgi-bin/cstecgi.cgipredictiveAlto
8File/cgi-bin/supervisor/PwdGrp.cgipredictiveAlto
9File/xxxxxxxx.xxxpredictiveAlto
10File/xxx/xxxxxxpredictiveMédio
11File/xxxxxx/xxxxxxxxxxxxpredictiveAlto
12File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveAlto
13File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
14File/xxxxxpredictiveBaixo
15File/xxxxx/xxxxx_xx_xxxx.xxxpredictiveAlto
16File/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
17File/xxxxxxx/predictiveMédio
18Filexxxxxxx.xxxxx.xxxpredictiveAlto
19Filexxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveAlto
21Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxxx.xxxpredictiveAlto
22Filexxx:.xxxpredictiveMédio
23Filexxxxxxxxxx.xxxpredictiveAlto
24Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
26Filexxxxx_xxxxx.xxxpredictiveAlto
27Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveAlto
28Filexxxxxxx/xxxx.xxxxx.xxxpredictiveAlto
29Filexxxxx.xxxpredictiveMédio
30Filexx/xxxxxx.xxx.xxpredictiveAlto
31Filexxxxxxx-xxxx.xxxpredictiveAlto
32Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
33Filexxxxxxxx.xpredictiveMédio
34Filexxxxxxxxx.xpredictiveMédio
35Filexxxxxxxxxxxx.xxxpredictiveAlto
36Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictiveAlto
37ArgumentxxxxxxxxpredictiveMédio
38Argumentxxxxx_xxpredictiveMédio
39ArgumentxxxpredictiveBaixo
40ArgumentxxxxxxxxxxpredictiveMédio
41Argumentxxxxx/xxxxxxpredictiveMédio
42ArgumentxxxxxxxxxxpredictiveMédio
43ArgumentxxxxxxxxxxxpredictiveMédio
44ArgumentxxxxxxxxpredictiveMédio
45Argumentxxxxx xxxxpredictiveMédio
46Argumentxxxxx xxxxpredictiveMédio
47ArgumentxxxxxxxxpredictiveMédio
48ArgumentxxpredictiveBaixo
49ArgumentxxxxxxxpredictiveBaixo
50ArgumentxxxxpredictiveBaixo
51ArgumentxxxxpredictiveBaixo
52ArgumentxxxxxxxxpredictiveMédio
53Argumentxxxxxxxxxx[x]predictiveAlto
54ArgumentxxxxxxxxxpredictiveMédio
55Argumentxx_xxxxpredictiveBaixo
56Argumentxx_xxpredictiveBaixo
57Argumentxxxxxx_xxpredictiveMédio
58ArgumentxxxxxxxpredictiveBaixo
59ArgumentxxxxxxxxpredictiveMédio
60ArgumentxxxpredictiveBaixo
61ArgumentxxxxxxxxxxpredictiveMédio
62ArgumentxxxxpredictiveBaixo
63ArgumentxxxxxxxxpredictiveMédio
64Input Value-x'%xxxxxxx%xxxxxxxx%xxxx,xxxx(),xxx,xxx--+predictiveAlto
65Input Valuexxxxxxxxx-xxxxxxxx-xxxxxx-xx.x-xxxxxxx-xx.x%x%x%x%xx%x%x%x%x%x%x%x%x%x%x%x%x%x.xxxpredictiveAlto
66Input Value\xxx../../../../xxx/xxxxxxpredictiveAlto
67Pattern() {predictiveBaixo

Referências (5)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!