Machete Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Временная шкала

Язык

en106
ru8
de4
es4
zh2

Страна

us88
ru10
ca4
de4
es4

Акторы

Machete8
RagnarLocker1
Bashlite1
Donot1
DPRK1

Деятельность

Интерес

Временная шкала

Тип

Not Defined50
Content Management System10
Programming Language Software8
Web Browser8
Forum Software6

Поставщик

Not Defined36
Microsoft8
Oracle8
Adobe4
PhotoPost4

Продукт

Microsoft Windows6
Adobe Flash Player4
PhotoPost PHP Pro4
Google Chrome4
Lighthouse Development Squirrelcart2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1WordPress Access Restriction user-new.php эскалация привилегий7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
2Apple iOS/iPadOS Kernel раскрытие информации3.33.2$5k-$25k$0-$5kHighOfficial Fix0.007780.00CVE-2020-27950
3Joe Depasquale Bannermatic Ban File раскрытие информации5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002310.00CVE-2002-2342
4PhotoPost PHP Pro showproduct.php sql-инъекция9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
5Skrypty Ppa Gallery functions.inc.php повреждение памяти7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.02CVE-2005-2199
6Lighthouse Development Squirrelcart cart_content.php эскалация привилегий6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
7Oracle GoldenGate отказ в обслуживании7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015680.00CVE-2021-3749
8Microsoft Windows Asynchronous RPC Request эскалация привилегий9.08.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.905410.01CVE-2013-3175
9vBulletin visitormessage.php эскалация привилегий7.57.4$0-$5k$0-$5kHighUnavailable0.031040.02CVE-2014-9463
10phpBB startup.php межсайтовый скриптинг4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431
11PHPizabi index.php обход каталога6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.04CVE-2008-3723
12Pharmacy Sales and Inventory System manage_user.php sql-инъекция6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-30407
13Hospital Patient Record Management System эскалация привилегий5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-24232
14Zentrack index.php обход каталога7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.08
15Zentrack index.php эскалация привилегий7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
16PhotoPost PhotoPost vBGallery File Upload upload.php эскалация привилегий6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.04CVE-2008-7088
17Gempar Script Toko Online shop_display_products.php sql-инъекция7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
18Cutephp CuteNews URL comments.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018490.01CVE-2003-1240
19myWebland myEvent event.php эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.404760.00CVE-2006-1890
20myEvent event.php эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
131.207.44.72Machete31.03.2022verifiedВысокий
269.64.43.33falcon207.startdedicated.comMachete17.12.2020verifiedВысокий
3XXX.XX.XXX.XXxxx-xx-xxx-xx.xxx.xxxx.xxXxxxxxx17.12.2020verifiedВысокий
4XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxx17.12.2020verifiedВысокий
5XXX.XX.XXX.XXXxxxxxx17.12.2020verifiedВысокий
6XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxx17.12.2020verifiedВысокий
7XXX.X.X.XXXxxxxxx.xxx.x.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx17.12.2020verifiedВысокий
8XXX.XXX.XXX.XXXxxxxxx17.12.2020verifiedВысокий
9XXX.XX.XX.XXXxx-xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxx17.12.2020verifiedВысокий
10XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxxXxxxxxx17.12.2020verifiedВысокий

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1006CAPEC-126CWE-22Path TraversalpredictiveВысокий
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
7TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
9TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/config.php?display=backuppredictiveВысокий
2File/pharmacy-sales-and-inventory-system/manage_user.phppredictiveВысокий
3File/proc/self/cwdpredictiveВысокий
4File/Side.phppredictiveСредний
5File/textpattern/index.phppredictiveВысокий
6Fileaccount.asppredictiveСредний
7Fileadmin.phppredictiveСредний
8FileadminAttachments.phppredictiveВысокий
9FileadminBoards.phppredictiveВысокий
10FileadminPolls.phppredictiveВысокий
11Fileal_initialize.phppredictiveВысокий
12Filease.phppredictiveНизкий
13Filebb_usage_stats.phppredictiveВысокий
14Filecart_content.phppredictiveВысокий
15Filexxxxx.xxxxx.xxxpredictiveВысокий
16Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
17Filexxxxxxx.xxxpredictiveСредний
18Filexxxxxx.xxxpredictiveСредний
19Filexxxxxxxx.xxx.xxxpredictiveВысокий
20Filexxxxx.xxxpredictiveСредний
21Filexxxxxxxxxxx.xxxxx.xxxpredictiveВысокий
22Filexxxx_xxxxxxxx.xxxpredictiveВысокий
23Filexxxxxxxxx_xxx_xxxx.xxxpredictiveВысокий
24Filexxxx.xxxpredictiveСредний
25Filexxxxxxxxxx.xxxpredictiveВысокий
26Filexxxxxxxxx.xxxpredictiveВысокий
27Filexxx/xxxxxxxxx.xxx.xxxpredictiveВысокий
28Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveВысокий
29Filexxxxxxxx/xxxxxxx.xxxpredictiveВысокий
30Filexxxxx.xxxpredictiveСредний
31Filexxxxx.xxx?xx=xxxxxxxxxpredictiveВысокий
32Filexxxx.xxxpredictiveСредний
33Filexxx_xxxxxxxx.xxxpredictiveВысокий
34Filexxx.xxxpredictiveНизкий
35Filexxxxxxxx.xxxpredictiveСредний
36Filexxxxxxx/xxx/xxxxx.xxxpredictiveВысокий
37Filexxxxxx_xx.xxxpredictiveВысокий
38Filexxxxxxxxx.xxx.xxxpredictiveВысокий
39Filexxxxxxx.xxxpredictiveСредний
40Filexxxxxxxxxx.xxxpredictiveВысокий
41Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveВысокий
42Filexxxxxxxxxx.xxxx.xxxpredictiveВысокий
43Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveВысокий
44Filexxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveВысокий
45Filexxxxxx.xxxpredictiveСредний
46Filexxxx.xxxpredictiveСредний
47Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveВысокий
48Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveВысокий
49Filexxxxxxxxxxx.xxxpredictiveВысокий
50Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveВысокий
51Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveВысокий
52Filexxxxxx.xxxpredictiveСредний
53Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveВысокий
54Filexxxxxxx.xxxpredictiveСредний
55Filexxxxxxxxxxxxxx.xxxpredictiveВысокий
56Filexx-xxxxx/xxxx-xxx.xxxpredictiveВысокий
57Filexxxxxxxxxxxx.xxxpredictiveВысокий
58Libraryxxxxxxxx-xx.xxxpredictiveВысокий
59Libraryxxx xxxxxxxxxxpredictiveВысокий
60Libraryxxxx.xxx.xxxpredictiveСредний
61ArgumentxxxxxxpredictiveНизкий
62ArgumentxxxxpredictiveНизкий
63ArgumentxxxxpredictiveНизкий
64Argumentxxxx_xxx_xxxxpredictiveВысокий
65ArgumentxxxpredictiveНизкий
66Argumentxxx_xxpredictiveНизкий
67ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
68ArgumentxxxxxxxxxxpredictiveСредний
69Argumentxxxxxx[xxx_xxxx_xxxx]predictiveВысокий
70ArgumentxxxxxxxpredictiveНизкий
71ArgumentxxxxxxxxpredictiveСредний
72ArgumentxxxxxxxxpredictiveСредний
73Argumentxx_xxxxx_xxpredictiveСредний
74Argumentxx_xxxxxxxpredictiveСредний
75ArgumentxxxxxxxxpredictiveСредний
76Argumentxxxx_xxpredictiveНизкий
77ArgumentxxxxxxxpredictiveНизкий
78Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveВысокий
79Argumentxxxx[xxxxxxx]predictiveВысокий
80ArgumentxxpredictiveНизкий
81ArgumentxxxxxxxxxpredictiveСредний
82ArgumentxxxxpredictiveНизкий
83ArgumentxxxxxxpredictiveНизкий
84Argumentxxxx_xxxxpredictiveСредний
85ArgumentxxxxxxxpredictiveНизкий
86Argumentxxx_xxxx_xxxxpredictiveВысокий
87Argumentxx_xxxxxxxxpredictiveСредний
88Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveВысокий
89Argumentxxxxxxx_xxxxpredictiveСредний
90Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveВысокий
91ArgumentxxxxxpredictiveНизкий
92ArgumentxxxxpredictiveНизкий
93Argumentxxxx_xx_xx_xxxpredictiveВысокий
94ArgumentxxxxxxxxxpredictiveСредний
95Argumentxxxxx_xxxx_xxxxpredictiveВысокий
96ArgumentxxxxxpredictiveНизкий
97Argumentxxxxxxxxxx[x]predictiveВысокий
98Argumentxx_xxxxpredictiveНизкий
99Argumentxxxxxx_xxxxpredictiveСредний
100ArgumentxxxxxpredictiveНизкий
101ArgumentxxxxxxxxxxpredictiveСредний
102ArgumentxxxxxxxxpredictiveСредний
103Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveВысокий
104Input Value\xxx../../../../xxx/xxxxxxpredictiveВысокий
105Patternxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxpredictiveВысокий
106Pattern|xx xx xx xx|predictiveВысокий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!