Xanthe Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Curso de tempo

Idioma

en32
zh14
es2

País

cn34
us6
gb4

Actores

LoggerMiner2
Xanthe1
Rhadamanthys1
Cobalt Strike1
PhotoLoader1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined18
Web Browser4
Operating System4
Continuous Integration Software4
Connectivity Software2

Fabricante

Not Defined20
Google6
Microsoft6
HPE2
Splunk2

Produto

Google Chrome4
Microsoft Windows4
Jenkins4
kaptcha2
OpenSSH2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Apache Archiva File Upload Service Roteiro Cruzado de Sítios5.15.1$5k-$25k$5k-$25kNot DefinedNot Defined0.001080.00CVE-2023-28158
2Splunk Enterprise Forwarder Bundle direitos alargados8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2022-32158
3Microsoft Windows 16-bit Compatibility Divulgação de Informação3.33.3$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
4virglrenderer IOCTL Excesso de tampão7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-0135
5EQdkp dbal.php direitos alargados6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.031880.02CVE-2006-2256
6MikroTik RouterOS HTTP Server Negação de Serviço5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2019-13955
7Dreamer CMS Roteiro Cruzado de Sítios4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-29774
8Weblogicnet es_desp.php direitos alargados7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.088790.02CVE-2007-4715
9PrestaShop Injecção SQL8.08.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.838960.04CVE-2021-3110
10Oracle MySQL Server Compiling Negação de Serviço7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-22570
11Microsoft Outlook Fraca autenticação9.08.6$5k-$25k$0-$5kFunctionalOfficial Fix0.926450.06CVE-2023-23397
12Apache Dubbo Generic Invoke direitos alargados5.05.0$5k-$25k$5k-$25kNot DefinedNot Defined0.014790.00CVE-2023-23638
13Grafana Authentication Cookies Divulgação de Informação5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001010.02CVE-2022-39201
14Hugo Pandoc Document exec direitos alargados5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002670.02CVE-2020-26284
15GNU C Library Call Graph Monitor gmon.c __monstartup Excesso de tampão [Questionado]6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.04CVE-2023-0687
16nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.50CVE-2020-12440
17Google Chrome Negação de Serviço7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.009890.02CVE-2011-2796
18Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout Negação de Serviço5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002700.00CVE-2022-40279
19Microsoft Internet Explorer FTP Server Excesso de tampão6.36.3$25k-$100k$0-$5kHighUnavailable0.969730.07CVE-2009-3023
20Microsoft Windows Shell Shortcut Parser direitos alargados10.09.5$100k e mais$0-$5kHighOfficial Fix0.972230.04CVE-2010-2568

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
134.92.166.158158.166.92.34.bc.googleusercontent.comXanthe02/02/2022verifiedMédio
2XX.XXX.XX.XXXxxxxx02/02/2022verifiedAlto
3XXX.XX.XX.XXxxxxxxx.xxxXxxxxx02/02/2022verifiedAlto
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx02/02/2022verifiedAlto
5XXX.XX.XX.XXXXxxxxx02/02/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1Fileauth2-gss.cpredictiveMédio
2Filecategory.phppredictiveMédio
3Filees_desp.phppredictiveMédio
4Filexxxx.xpredictiveBaixo
5Filexxxxxxxx/xxxx.xxxpredictiveAlto
6Filexx/xxxxpredictiveBaixo
7Filexxxxxx.xxxpredictiveMédio
8Filexxxx-xxxxxx.xpredictiveAlto
9Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
10Filexxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.xpredictiveAlto
11Argumentxxxxx_xxxx_xxxxpredictiveAlto
12Argumentxxxxx_xxxpredictiveMédio
13Argumentxxxx/xxpredictiveBaixo
14Argumentxx_xxxxxxxxpredictiveMédio
15ArgumentxxxxpredictiveBaixo
16ArgumentxxxxpredictiveBaixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!