Monarchy Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Язык

ru	22
en	12
fr	10

Страна

ru	40
us	4

Акторы

Monarchy	2

Интерес

Тип

Web Browser	12
Not Defined	10
Unified Communication Software	2
Smartphone Operating System	2
E-Commerce Management Software	2

Поставщик

Google	14
Not Defined	6
Zoom	2
WellinTech	2
Adobe	2

Продукт

Google Chrome	12
Keycloak	2
Zoom Client for IT	2
WellinTech KingHistorian	2
Adobe Animate	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Fluent Fluentd/Fluent-ui слабая аутентификация	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.03	CVE-2020-21514
2	SourceCodester E-Commerce System setDiscount.php sql-инъекция	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.04	CVE-2023-1505
3	Zoom Client for IT состояние гонки	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2023-22883
4	Google Chrome Browser History повреждение памяти	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00268	0.00	CVE-2023-1820
5	Google Chrome WebShare Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00160	0.04	CVE-2023-1821
6	D-Link Go-RT-AC750 soapcgi.main эскалация привилегий	7.6	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00645	0.04	CVE-2023-26822
7	Convert To Pipeline Plugin Freestyle Project Configuration эскалация привилегий	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.00	CVE-2023-28677
8	Keycloak слабая аутентификация	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.04	CVE-2023-0264
9	WellinTech KingHistorian Network Packet SORBAx64.dll Remote Code Execution	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00154	0.00	CVE-2022-43663
10	Adobe Animate повреждение памяти	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06677	0.02	CVE-2023-22243
11	unpoly-rails Gem Header отказ в обслуживании	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00237	0.02	CVE-2023-28846
12	Twitter Recommendation Algorithm отказ в обслуживании	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00111	0.02	CVE-2023-29218
13	OTCMS apiRun.php AutoRun межсайтовый скриптинг	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.04	CVE-2023-1635
14	OTCMS эскалация привилегий	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00119	0.08	CVE-2023-1797
15	Huawei EMUI/HarmonyOS WLAN Module эскалация привилегий	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2022-39009
16	TP-Link AX1800 Firmware Parser повреждение памяти	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02	CVE-2023-27346
17	NoMachine эскалация привилегий	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.03	CVE-2022-34043
18	sjqzhang go-fastdfs File Upload uploa upload Remote Code Execution	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00176	0.04	CVE-2023-1800
19	Google Chrome FedCM Privilege Escalation	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00206	0.04	CVE-2023-1823
20	Google Chrome Intents Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00206	0.00	CVE-2023-1817

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	45.76.47.218	45.76.47.218.vultr.com	Monarchy	22.07.2021	verified	Средний
2	XXX.XXX.XX.XXX		Xxxxxxxx	22.07.2021	verified	Высокий
3	XXX.XXX.XXX.XXX	xxxxxxxxxxxxxxxxx-xxxxxxx.xxxxxx.xx	Xxxxxxxx	22.07.2021	verified	Высокий
4	XXX.XXX.XXX.XXX		Xxxxxxxx	22.07.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-24	Path Traversal	predictive	Высокий
2	T1059	CWE-94	Argument Injection	predictive	Высокий
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/ecommerce/admin/settings/setDiscount.php	predictive	Высокий
2	File	/group1/uploa	predictive	Высокий
3	File	apiRun.php	predictive	Средний
4	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
5	File	xxxxxxx.xxxx	predictive	Средний
6	File	xxxxxxxxxxxx.xxx?xxxx=xxx	predictive	Высокий
7	Library	xxxxxxxx.xxx	predictive	Средний
8	Argument	xx	predictive	Низкий
9	Argument	xxxx	predictive	Низкий
10	Argument	xx	predictive	Низкий
11	Argument	xxxxxxx	predictive	Низкий
12	Argument	xxx	predictive	Низкий
13	Argument	x-xx-xxxxxxxx	predictive	Высокий
14	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	Высокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!