Metamorfo Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Curso de tempo

Idioma

en16
de8
it2

País

us18
tr4
pl2

Actores

Metamorfo3
Cobalt Strike1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined6
Log Management Software4
Image Processing Software2
Operating System2
Groupware Software2

Fabricante

Not Defined16
Green Hills2
Microsoft2
Google2
AXIS2

Produto

cacti2
ImageMagick2
Green Hills INTEGRITY RTOS2
Augeas2
Microsoft Windows2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Apple macOS MediaRemote direitos alargados7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.003770.02CVE-2018-4310
2Green Hills INTEGRITY RTOS Interpeak IPCOMShell TELNET Server Excesso de tampão8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003080.00CVE-2019-7713
3phpGroupWare login.php Injecção SQL7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003610.00CVE-2009-4414
4ImageMagick cache.c PersistPixelCache Negação de Serviço5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2017-14325
5Symphony content.blueprintspages.php Roteiro Cruzado de Sítios5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2018-12043
6Microsoft Windows MS XML XML External Entity7.67.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.031030.00CVE-2019-0791
7MC Coming Soon Script launch_message.php direitos alargados6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
8Microsoft Internet Explorer JsArraySlice Excesso de tampão7.16.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.758990.04CVE-2017-11855
9Microsoft Windows VBScript/JScript direitos alargados7.47.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.108060.02CVE-2016-3206
10PHP var_unserializer.c direitos alargados9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.027670.00CVE-2016-7124
11Microsoft XML Core Services direitos alargados5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.004310.02CVE-2009-0419
12AXIS 2110 Network Camera virtualinput.cgi direitos alargados7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.056840.02CVE-2004-2425
13Augeas Escape String Excesso de tampão8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.031580.00CVE-2017-7555
14Google Android SSID Hotlist API direitos alargados6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2017-11074
15Cacti graph_settings.php Injecção SQL7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.003460.00CVE-2014-5262
16cacti Injecção SQL7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.004540.00CVE-2013-5589
17Woltlab Burning Board Lite thread.php decode_cookie Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.009310.00CVE-2006-6237
18vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200
19Kaotik Kshop product_details.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.008860.03CVE-2007-1810
20MidiCart PHP Shopping Cart item_show.php Injecção SQL6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
15.83.162.24cloud8732397.nitrado.cloudMetamorfo25/04/2018verifiedAlto
2XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxx09/02/2022verifiedMédio
3XX.XXX.XXX.XXXXxxxxxxxx25/10/2021verifiedAlto
4XX.XXX.XXX.XXxxxxxx-xxx-xxx-xx.xxxxxx.xxxxxxxxxx.xxXxxxxxxxx31/05/2021verifiedAlto
5XXX.XX.XXX.XXXXxxxxxxxx25/04/2018verifiedAlto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1CAPEC-10CWE-20, CWE-119, CWE-399, CWE-404, CWE-502, CWE-610, CWE-611Unknown VulnerabilitypredictiveAlto
2T1059.007CAPEC-10CWE-74, CWE-79, CWE-707Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
5TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/launch_message.phppredictiveAlto
2Filecontent/content.blueprintspages.phppredictiveAlto
3Fileext/standard/var_unserializer.cpredictiveAlto
4Filexxxxx_xxxxxxxx.xxxpredictiveAlto
5Filexxxxx.xxxpredictiveMédio
6Filexxxx_xxxx.xxxpredictiveAlto
7Filexxxxx.xxxpredictiveMédio
8Filexxxxxx/xxxxx.xpredictiveAlto
9Filexxxxxxx_xxxxxxx.xxxpredictiveAlto
10Filexxxxxxxxxx.xxxpredictiveAlto
11Filexxxxxxxxxxxx.xxxpredictiveAlto
12Filexxxxxx.xxxpredictiveMédio
13Filexxxxxxxxxxxx.xxxpredictiveAlto
14ArgumentxxxpredictiveBaixo
15Argumentxxxx_xxpredictiveBaixo
16ArgumentxxxxxxpredictiveBaixo
17ArgumentxxpredictiveBaixo
18ArgumentxxxxpredictiveBaixo
19ArgumentxxxxxxpredictiveBaixo
20ArgumentxxxpredictiveBaixo

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!