Matiex Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Временная шкала

Язык

en30

Страна

us30

Акторы

Matiex1
RedLine Stealer1

Деятельность

Интерес

Временная шкала

Тип

Not Defined4
Content Management System4
Smartphone Operating System2
Forum Software2

Поставщик

Not Defined4
Google2
DZCP2
Thomas R. Pasawicz2
JoomlaTune2

Продукт

Google Android2
DZCP deV!L`z Clanportal2
Thomas R. Pasawicz HyperBook Guestbook2
JoomlaTune Com Jcomments2
Bitweaver2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25kРасчетHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.84CVE-2010-0966
3Article Dashboard signup.php межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002400.00CVE-2007-4333
4Google Android WiFi раскрытие информации3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2018-9581
5YourFreeWorld Short Url And Url Tracker Script Login login.php sql-инъекция7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001840.00CVE-2006-2509
6JoomlaTune Com Jcomments admin.jcomments.php межсайтовый скриптинг4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.05CVE-2010-5048
7Bitweaver register.php межсайтовый скриптинг4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006490.03CVE-2007-6374
8Wheatblog add_comment.php межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2006-7002
9vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.13CVE-2018-6200
10V-EVA Press Release Script page.php sql-инъекция7.37.1$0-$5k$0-$5kHighUnavailable0.001870.09CVE-2010-5047
11Apple Mac OS X Server эскалация привилегий6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2010-1821
12Devilz Clanportal File Upload неизвестная уязвимость5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.00CVE-2006-6338

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1192.3.110.170192-3-110-170-host.colocrossing.comMatiex12.06.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
2TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
3TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveВысокий
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1Fileadd_comment.phppredictiveВысокий
2Fileadmin.jcomments.phppredictiveВысокий
3Filedata/gbconfiguration.datpredictiveВысокий
4Filexxx/xxxxxx.xxxpredictiveВысокий
5Filexxxxx.xxxpredictiveСредний
6Filexxxx.xxxpredictiveСредний
7Filexxxxxxxxxx.xxxpredictiveВысокий
8Filexxxxxx.xxxpredictiveСредний
9Filexxxxx/xxxxxxxx.xxxpredictiveВысокий
10ArgumentxxxxxxxxpredictiveСредний
11ArgumentxxxxxpredictiveНизкий
12ArgumentxxpredictiveНизкий
13ArgumentxxxxpredictiveНизкий
14ArgumentxxxpredictiveНизкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Do you know our Splunk app?

Download it now for free!