Exchange Marauder Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (312)

Язык

en	246
zh	52
ru	6
fr	6
ko	2

Страна

us	180
cn	88
ru	12
kr	4
zw	2

Акторы

Exchange Marauder	11
FIN7	2
RedLine Stealer	2
Cobalt Strike	2
UNC4841	1

Интерес

Тип

Not Defined	92
Operating System	20
Content Management System	16
Web Server	12
WordPress Plugin	10

Поставщик

Not Defined	82
Microsoft	20
SolarWinds	8
Zoho ManageEngine	6
SourceCodester	4

Продукт

Microsoft Windows	10
Microsoft IIS	6
Nagios XI	6
WordPress	6
SolarWinds Web Help Desk	4

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	net2ftp обход каталога	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.00	0.03501	CVE-2008-5275
3	Linux Kernel Pipe Dirty Pipe Privilege Escalation	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.07584	CVE-2022-0847
4	MWChat Pro Help about.php эскалация привилегий	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00609	CVE-2006-5904
5	Phicomm k2 эскалация привилегий	6.6	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00054	CVE-2023-40796
6	Metalinks Metacart2 productsbycategory.asp sql-инъекция	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00142	CVE-2005-1363
7	Yii Yii2 Gii межсайтовый скриптинг	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00056	CVE-2022-34297
8	Microsoft Windows Clipboard User Service Privilege Escalation	7.2	6.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.03	0.00043	CVE-2022-21869
9	SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql-инъекция	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00134	CVE-2023-0283
10	Microsoft IIS IP/Domain Restriction эскалация привилегий	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.03	0.00817	CVE-2014-4078
11	FuelPHP эскалация привилегий	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.03129	CVE-2014-1999
12	phpLDAPadmin LDAP injection эскалация привилегий	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.21652	CVE-2018-12689
13	FreeBSD setrlimit повреждение памяти	6.5	5.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00126	CVE-2017-1085
14	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.24	0.00943	CVE-2010-0966
15	Zoho ManageEngine ServiceDesk Plus API Endpoint User эскалация привилегий	5.3	5.3	$0-$5k	Расчет	Not Defined	Not Defined	0.00	0.00466	CVE-2018-7248
16	WebARX Plugin Stored межсайтовый скриптинг	5.2	5.2	$0-$5k	Расчет	Not Defined	Not Defined	0.00	0.00213	CVE-2019-17213
17	jforum User эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00289	CVE-2019-7550
18	ShowDoc эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00122	CVE-2018-19620
19	Chevereto CMS Stored межсайтовый скриптинг	5.2	4.9	$0-$5k	Расчет	Not Defined	Official Fix	0.00	0.00089	CVE-2017-1000058
20	Bitrix Upload from Local Disk Feature restore.php эскалация привилегий	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2022-29268

Кампании (1)

These are the campaigns that can be associated with the actor:

Exchange Marauder

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	5.254.43.18		Exchange Marauder	Exchange Marauder	31.05.2021	verified	Высокий
2	80.92.205.81	vm302679.pq.hosting	Exchange Marauder	Exchange Marauder	31.05.2021	verified	Высокий
3	103.77.192.219		Exchange Marauder	Exchange Marauder	31.05.2021	verified	Высокий
4	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxxxxxx.xxx	Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий
5	XXX.XXX.XXX.XXX		Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий
6	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxx.xxx	Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Средний
7	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xxx	Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Средний
8	XXX.XXX.XXX.XXX		Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий
9	XXX.XX.XXX.XXX		Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий
10	XXX.XXX.XXX.XX	xxxxxx.xxxxxxxxx.xx	Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий
11	XXX.XX.XXX.XXX		Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий
12	XXX.XXX.XX.XX		Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий
13	XXX.XX.XX.XXX		Xxxxxxxx Xxxxxxxx	Xxxxxxxx Xxxxxxxx	31.05.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-21, CWE-22, CWE-23, CWE-24	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CWE-88, CWE-94	Argument Injection	predictive	Высокий
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CWE-XXX	Xxx-xxx Xxxx Xxxxxxx Xxxx	predictive	Высокий
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
11	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Высокий
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Высокий
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
17	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Высокий
18	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий
19	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Высокий
20	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	.htaccess	predictive	Средний
2	File	/cgi-bin/luci/api/auth	predictive	Высокий
3	File	/filemanager/upload.php	predictive	Высокий
4	File	/resources//../	predictive	Высокий
5	File	/src/Illuminate/Laravel.php	predictive	Высокий
6	File	/usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php	predictive	Высокий
7	File	/usr/local/WowzaStreamingEngine/bin/	predictive	Высокий
8	File	/wp-json/oembed/1.0/embed?url	predictive	Высокий
9	File	about.php	predictive	Средний
10	File	admin/modules/tools/ip_history_logs.php	predictive	Высокий
11	File	adminer.php	predictive	Средний
12	File	admin_feature.php	predictive	Высокий
13	File	api_poller.php	predictive	Высокий
14	File	application/controllers/admin/dataentry.php	predictive	Высокий
15	File	xxx.xxx	predictive	Низкий
16	File	xxxxxx/xxxxxxxx.xxxx	predictive	Высокий
17	File	xxxxxxx.xx	predictive	Средний
18	File	xxx-xxx/xxxxxx.xxx	predictive	Высокий
19	File	xxxxxxxxxx.xxx	predictive	Высокий
20	File	xxx.xxx?xxx=xxxxx_xxxx	predictive	Высокий
21	File	xxx.xxx	predictive	Низкий
22	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
23	File	xxxxxxxx.xxx	predictive	Средний
24	File	xxxx_xxxxxxx.xxx	predictive	Высокий
25	File	xxxxxxxxxxxxx.xxx	predictive	Высокий
26	File	xxx/xxxxxx/xxxxxx.x	predictive	Высокий
27	File	xxxxxxx.xxx	predictive	Средний
28	File	xxxxxxxxx/xx/xxxxxxxxxxxx.xxx	predictive	Высокий
29	File	xx_xxxx.xxx	predictive	Средний
30	File	xxxxxxxxx.xxx	predictive	Высокий
31	File	xxx/xxxxxx.xxx	predictive	Высокий
32	File	xxxxxxxx/xxxx/xxxxx-xxxxx.xxx	predictive	Высокий
33	File	xxxxx.xxx	predictive	Средний
34	File	xxxxxxx/xxxxxxxx.xxx	predictive	Высокий
35	File	xxxxxx/xxx/xxxxxxxx.x	predictive	Высокий
36	File	xx_xxxxxx.xxx	predictive	Высокий
37	File	xxxxxxx.xxx	predictive	Средний
38	File	xxxxxxxxx/xxxx_xxxxxxx.xxx.xxx	predictive	Высокий
39	File	xxxx/xxxxxxxxxx.xxx	predictive	Высокий
40	File	xxx.xxx	predictive	Низкий
41	File	xxxxxx.xx	predictive	Средний
42	File	xxxxxxx/xx?xxxxxxxx=	predictive	Высокий
43	File	xxxxxxxxxxx-xxxx.xx	predictive	Высокий
44	File	xxx/xxxxxxx/xxx.xxx	predictive	Высокий
45	File	xxxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
46	File	xxxxxxx_xxxx.xxx	predictive	Высокий
47	File	xxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxx	predictive	Высокий
48	File	xxxxxxxx.xxx	predictive	Средний
49	File	xxxx.xxx	predictive	Средний
50	File	xxxxx-xxxxxx	predictive	Средний
51	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Высокий
52	File	xxxxxxx.xxx	predictive	Средний
53	File	xxxxxx_xxxxxx.xxx	predictive	Высокий
54	File	xxxxxx/xxx/xx/xxx.xx	predictive	Высокий
55	File	xxxxxxxxxx.xxxx	predictive	Высокий
56	File	xxxxxx_xxx_xxxxxx.xxx	predictive	Высокий
57	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	predictive	Высокий
58	File	xxxxxx.x	predictive	Средний
59	File	xxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxx	predictive	Высокий
60	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	Высокий
61	File	xx/xx_xxxxxx.xxx	predictive	Высокий
62	File	xx\xxxxxxx.xxxx	predictive	Высокий
63	File	xxxx-xxxxxxx-xxxxxx.xxx	predictive	Высокий
64	File	\xxxxxxx\xxxxxxxxxxxx.xxxx	predictive	Высокий
65	Library	/xxx/xxx/xxxx.xxx	predictive	Высокий
66	Library	xxxxxx[xxxxxx_xxxx	predictive	Высокий
67	Library	xxxx.xxx.xxx	predictive	Средний
68	Library	xxxxxx.xxx	predictive	Средний
69	Library	xx-xxxxxxx/xxxxxxx/xx-xxxx-xxxxxxx/xxx/xxxxx/	predictive	Высокий
70	Argument	%x	predictive	Низкий
71	Argument	xxxxxxx	predictive	Низкий
72	Argument	xxx	predictive	Низкий
73	Argument	xxxxxx_xxxx	predictive	Средний
74	Argument	xxxxxxxx	predictive	Средний
75	Argument	xxxx	predictive	Низкий
76	Argument	xxx	predictive	Низкий
77	Argument	xxxxx	predictive	Низкий
78	Argument	xxxxxxx	predictive	Низкий
79	Argument	xxx	predictive	Низкий
80	Argument	xxxxxxxx	predictive	Средний
81	Argument	xxxxxxxxx	predictive	Средний
82	Argument	xxxxxx[xxxxxx_xxxx]	predictive	Высокий
83	Argument	xxxxxx_xxxxx_xxxxxxxxxxxxx	predictive	Высокий
84	Argument	xx	predictive	Низкий
85	Argument	xxxxxxxxxxx	predictive	Средний
86	Argument	xxxx	predictive	Низкий
87	Argument	xxxxx	predictive	Низкий
88	Argument	xx-xxxx	predictive	Низкий
89	Argument	xxxxxxxx	predictive	Средний
90	Argument	xx	predictive	Низкий
91	Argument	xx_xxxx	predictive	Низкий
92	Argument	xxxxxxxxx	predictive	Средний
93	Argument	xxxx/xxx_xxxx	predictive	Высокий
94	Argument	xxxxxxx	predictive	Низкий
95	Argument	xxx	predictive	Низкий
96	Argument	xxxxxxx/xxxxxxx/xxxxxx	predictive	Высокий
97	Argument	xxxx	predictive	Низкий
98	Argument	xxxxx_xx	predictive	Средний
99	Argument	xxxx_xx	predictive	Низкий
100	Argument	xxxxxxxxxxxxx	predictive	Высокий
101	Argument	xxxx_xx	predictive	Низкий
102	Argument	xxxxx_xxxxxx	predictive	Средний
103	Argument	xxxxxx xxxx	predictive	Средний
104	Argument	xxxxxxx	predictive	Низкий
105	Argument	xxxxxxx xxxx	predictive	Средний
106	Argument	xxxxxx	predictive	Низкий
107	Argument	xxxxxx_xx	predictive	Средний
108	Argument	xxxx	predictive	Низкий
109	Argument	xxxx_xxxxxx/xxxxxx/xxxxxx	predictive	Высокий
110	Argument	xxxxxxxx_xxxxx	predictive	Высокий
111	Argument	xxx	predictive	Низкий
112	Argument	xxxxxxxxxx/xxxxxxxxxxxxxxx	predictive	Высокий
113	Argument	xxxxxxxxx	predictive	Средний
114	Argument	xxx	predictive	Низкий
115	Argument	xxx	predictive	Низкий
116	Argument	xxxxxxxxx	predictive	Средний
117	Argument	xxxxxx	predictive	Низкий
118	Argument	xxxx_xx	predictive	Низкий
119	Argument	xxx	predictive	Низкий
120	Argument	x-xxxxxxxxx-xxx	predictive	Высокий
121	Argument	xx_xxxx_xxxxx	predictive	Высокий
122	Argument	_xxx	predictive	Низкий
123	Input Value	xxxx%xxxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you know our Splunk app?

Download it now for free!