MATA Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (323)

Tidslinje

Lang

en258
zh40
de10
fr8
pl4

Land

la212
us52
cn20
gb18
me12

Skådespelare

Cobalt Strike15
Ave Maria10
Lazarus8
RedLine Stealer7
MATA6

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined102
Content Management System30
Operating System20
Application Server Software12
Programming Language Software10

Säljare

Not Defined124
Microsoft28
Apache6
SensioLabs4
Fortinet4

Produkt

Microsoft Windows16
WordPress8
SensioLabs Symfony4
PHP4
mysql24

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.35CVE-2006-6168
2Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 privilegier eskalering5.35.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000470.04CVE-2023-1453
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.39
4Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.13CVE-2020-15906
5WordPress AdServe adclick.php sql injektion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.08CVE-2008-0507
6Primetek Primefaces svag kryptering8.58.3$0-$5k$0-$5kHighNot Defined0.970130.00CVE-2017-1000486
7Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
8Microsoft Windows HMAC Key Derivation Local Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.03CVE-2023-36400
9LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
10WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
11ipTIME NAS-I Bulletin Manage privilegier eskalering7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
12RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.443730.03CVE-2023-38831
13request-baskets API Request {name} privilegier eskalering6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
14DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
15PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
16nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.74CVE-2020-12440
17Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
18NotificationX Plugin SQL Statement sql injektion5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
19DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd privilegier eskalering4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.04CVE-2022-41479
20Basilix Webmail login.php3 privilegier eskalering7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
12.4.17.15lfbn-mon-1-592-15.w2-4.abo.wanadoo.frMata25/07/2020verifiedHög
223.227.199.5323-227-199-53.static.hvvc.usMATA31/03/2022verifiedHög
323.227.199.6923-227-199-69.static.hvvc.usMATA31/03/2022verifiedHög
423.254.119.12MATA31/03/2022verifiedHög
5XX.XX.XXX.XXXXxxx31/03/2022verifiedHög
6XX.XXX.XXX.XXXxxx31/03/2022verifiedHög
7XXX.XXX.XX.XXxxx31/03/2022verifiedHög
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx31/03/2022verifiedHög
9XXX.XXX.XX.XXxxxxxxx.xxx-xxxxxxxxxxx.xxxxXxxx31/03/2022verifiedHög
10XXX.XX.XXX.XXXxxxx.xxxxxxxxxxxxxxxxxxxxx.xxxXxxx31/03/2022verifiedHög
11XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxXxxx31/03/2022verifiedHög
12XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxx31/03/2022verifiedHög
13XXX.XX.XXX.XXXxxx31/03/2022verifiedHög
14XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxx31/03/2022verifiedHög
15XXX.XX.XX.XXXXxxx31/03/2022verifiedHög
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxxXxxx31/03/2022verifiedHög
17XXX.XXX.XXX.XXxxx31/03/2022verifiedHög
18XXX.XX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxx31/03/2022verifiedHög
19XXX.XXX.XX.XXXxxxxxxx.xx-xxxx-xxx-xxxx.xxxXxxx31/03/2022verifiedHög

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHög
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHög
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHög
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
17TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveHög
18TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
19TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (172)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/dl_sendmail.phppredictiveHög
2File/adminPage/conf/reloadpredictiveHög
3File/api/baskets/{name}predictiveHög
4File/api/v2/cli/commandspredictiveHög
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHög
6File/DXR.axdpredictiveMedium
7File/forum/away.phppredictiveHög
8File/mfsNotice/pagepredictiveHög
9File/novel/bookSetting/listpredictiveHög
10File/novel/userFeedback/listpredictiveHög
11File/out.phppredictiveMedium
12File/owa/auth/logon.aspxpredictiveHög
13File/phppath/phppredictiveMedium
14File/spip.phppredictiveMedium
15File/systemrw/predictiveMedium
16File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHög
17File/zm/index.phppredictiveHög
18Fileadclick.phppredictiveMedium
19Fileadmin.jcomments.phppredictiveHög
20Fileadmin/gv_mail.phppredictiveHög
21Fileapplication/modules/admin/views/ecommerce/products.phppredictiveHög
22Filexxxx/xxxxxxxxxxxx.xxxpredictiveHög
23Filexxxx.xxxpredictiveMedium
24Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHög
25Filexxxx_xxxxxxx.xxxpredictiveHög
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHög
30Filexxxxx-xxxxxxx.xxxpredictiveHög
31Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHög
32Filexxxxxxxxxx\xxxx.xxxpredictiveHög
33Filexxxxxxxxxxx.xxxpredictiveHög
34Filexxxx-xxxxxx.xxxpredictiveHög
35Filexxxx.xxxpredictiveMedium
36Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHög
37Filexxxxxxxxxxx.xxxxx.xxxpredictiveHög
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxx.xxxpredictiveMedium
41Filexxxxx_xxxx.xxxpredictiveHög
42Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHög
43Filexxx/xxxxxx.xxxpredictiveHög
44Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHög
45Filexxxxx.xxxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHög
48Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHög
49Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHög
50Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHög
51Filexxxx_xxxx.xxxpredictiveHög
52Filexxxx_xxxxxxx.xxxpredictiveHög
53Filexxxxx.xxxxpredictiveMedium
54Filexxxxx.xxxpredictiveMedium
55Filexxxx.xxxxpredictiveMedium
56Filexxxxxx/xxxxxxxxx.xxxpredictiveHög
57Filexx_xxxx.xpredictiveMedium
58Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHög
59Filexxxxxxx_xxxx.xxxpredictiveHög
60Filexxxxxxxxxxxxxxxxx.xxxpredictiveHög
61Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHög
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxxxxxxxxxx.xxxpredictiveHög
64Filexxxxxxxxxxxx.xxxpredictiveHög
65Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHög
66Filexxxxx.xxxpredictiveMedium
67Filexxxx.xxxpredictiveMedium
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxxxx.xxxpredictiveHög
70Filexxxxxxxx.xxpredictiveMedium
71Filexxxx_xxxx_xxxxxx.xxxpredictiveHög
72Filexxxxxxxxxxxxxx.xxxpredictiveHög
73Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHög
74Filexxxx_xxxxx.xxxxpredictiveHög
75Filexxxxxxxxxx_xxxx.xxxpredictiveHög
76Filexxx/xxxx/xxxxpredictiveHög
77Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHög
78Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHög
79Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHög
80Filexxxx_xxxxxx.xxpredictiveHög
81Filexxxx-xxxxx.xxxpredictiveHög
82Filexxxx-xxxxxxxx.xxxpredictiveHög
83Filexxxxxx_xxxxx.xxxpredictiveHög
84Filexxxxxx.xxxpredictiveMedium
85Filexxx.xxxpredictiveLåg
86Filexxxxxxx-xxxxx.xxxpredictiveHög
87Filexxxx_xxxxx.xxxpredictiveHög
88Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHög
89Filexxxx.xxxpredictiveMedium
90Filexxxxxxxx.xxxpredictiveMedium
91Filexxxxxxxxx.xxxpredictiveHög
92Filexx-xxxxx-xxxxxx.xxxpredictiveHög
93Filexx-xxxxxxxx/xxxx.xxxpredictiveHög
94Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHög
95Filexx-xxxxxxxxx.xxxpredictiveHög
96Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHög
97Filexxxx.xxxpredictiveMedium
98File_xxxxxxxx/xxxx?xxxxpredictiveHög
99File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHög
100File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHög
101Libraryxxxxxx.xxxpredictiveMedium
102Libraryxxxxxx.xxxpredictiveMedium
103Libraryxxxxxx.xxxpredictiveMedium
104Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHög
105Libraryxxxx-xxxxxx.xxxpredictiveHög
106Argumentxxx_xxxpredictiveLåg
107ArgumentxxxxpredictiveLåg
108ArgumentxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxpredictiveMedium
110Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHög
111Argumentxxxxx_xxxxpredictiveMedium
112Argumentxxxx_xxx_xxxxpredictiveHög
113ArgumentxxxpredictiveLåg
114ArgumentxxxxxxxxxpredictiveMedium
115ArgumentxxxxxxxxxxpredictiveMedium
116Argumentxxx_xxpredictiveLåg
117ArgumentxxxpredictiveLåg
118ArgumentxxxpredictiveLåg
119ArgumentxxxxxxxxxxxxxxxpredictiveHög
120Argumentxxxx_xxpredictiveLåg
121ArgumentxxxpredictiveLåg
122ArgumentxxxxpredictiveLåg
123Argumentxxxxxxxxx_xxxxxxpredictiveHög
124ArgumentxxxxxxxxxpredictiveMedium
125Argumentxx_xxxxxxxpredictiveMedium
126ArgumentxxxxpredictiveLåg
127ArgumentxxxxxxxxpredictiveMedium
128ArgumentxxxxxpredictiveLåg
129Argumentxxxxxx_xxxxxpredictiveMedium
130ArgumentxxxxxxxxxpredictiveMedium
131Argumentxx_xxpredictiveLåg
132Argumentxxxxxxx[xxxxxxx]predictiveHög
133ArgumentxxxxxxxpredictiveLåg
134ArgumentxxxxxxpredictiveLåg
135ArgumentxxxxxpredictiveLåg
136ArgumentxxpredictiveLåg
137ArgumentxxxpredictiveLåg
138ArgumentxxxxpredictiveLåg
139ArgumentxxxxpredictiveLåg
140Argumentxxxx/xxxxxxxxpredictiveHög
141Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHög
142ArgumentxxxxxxxxpredictiveMedium
143Argumentxx_xxpredictiveLåg
144Argumentxxxxxx/xxxxx/xxxxpredictiveHög
145ArgumentxxxxxxxpredictiveLåg
146ArgumentxxxxxxxpredictiveLåg
147ArgumentxxxxpredictiveLåg
148ArgumentxxxxxxxxpredictiveMedium
149Argumentxxxxxx_xxxxxxpredictiveHög
150Argumentxxxxxxxx_xxpredictiveMedium
151Argumentxxxxxxxx_xxxpredictiveMedium
152Argumentxxxxxx_xxxxxpredictiveMedium
153ArgumentxxxpredictiveLåg
154Argumentxxxx_xxxxpredictiveMedium
155ArgumentxxxxpredictiveLåg
156ArgumentxxxxxxpredictiveLåg
157ArgumentxxxxxxxpredictiveLåg
158Argumentxxx_xxxxpredictiveMedium
159ArgumentxxxpredictiveLåg
160Argumentxx_xxpredictiveLåg
161ArgumentxxxxxpredictiveLåg
162Argumentxxxxx_xxpredictiveMedium
163ArgumentxxxpredictiveLåg
164ArgumentxxxxxxpredictiveLåg
165ArgumentxxxxxxxxpredictiveMedium
166Argument_xxx_xxxxxxxxxxx_predictiveHög
167Input Value<xxxxxx >xxxxx(xxx)</xxxxxx>predictiveHög
168Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHög
169Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHög
170Pattern|xx xx xx xx|predictiveHög
171Network PortxxxxxpredictiveLåg
172Network Portxxx/xxxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!