Matanbuchus Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

Tidslinje

Lang

en120
de4
zh2
fr2
es2

Land

de46
us24
tt6
it4
se2

Skådespelare

Matanbuchus4
Cobalt Strike3
RedLine Stealer2
Quasar RAT1
Nanocore RAT1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined58
Network Attached Storage Software16
Operating System4
Web Server4
Web Browser4

Säljare

Not Defined22
QNAP16
SourceCodester10
Microsoft10
Totolink6

Produkt

QNAP QTS16
QNAP QuTS hero12
QNAP QuTScloud12
SourceCodester Simple Student Attendance System4
Microsoft IIS4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1QNAP QuTScloud/QTS/QuTS hero privilegier eskalering5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.07CVE-2023-32967
2QNAP QTS/QuTS hero/QuTScloud privilegier eskalering6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39302
3QNAP QTS/QuTS hero/QuTScloud privilegier eskalering8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39297
4SonicBOOM riscv-boom privilegier eskalering5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2020-29561
5QNAP QTS/QuTS hero/QuTScloud privilegier eskalering5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-50358
6QNAP QTS/QuTS hero/QuTScloud privilegier eskalering5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2024-21900
7QNAP Systems Photo Station kataloggenomgång4.64.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.06CVE-2023-47221
8SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injektion6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.14CVE-2023-6765
9Magento Admin Panel Path informationsgivning5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2019-7852
10XenForo privilegier eskalering8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
11United Planet Intrexx Professional cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2020-24188
12Huawei Mate 20 Digital Balance privilegier eskalering3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2020-1831
13Aviatrix Controller Web Interface förfalskning på begäran över webbplatsen5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2020-13416
14Facebook WhatsApp MP4 File minneskorruption7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000860.07CVE-2019-11931
15Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
17cPanel File Extension privilegier eskalering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004320.02CVE-2020-26108
18Western Digital WD My Cloud Session svag autentisering8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.018340.03CVE-2018-9148
19Western Digital My Cloud/WD Cloud privilegier eskalering8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.006630.00CVE-2022-22995
20QNAP QTS/QuTS hero/QuTScloud svag autentisering6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.04CVE-2023-39303

Kampanjer (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
134.94.151.129129.151.94.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedMedium
234.105.89.8282.89.105.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedMedium
334.106.243.174174.243.106.34.bc.googleusercontent.comBelialDemonMatanbuchus29/08/2021verifiedMedium
444.208.127.245ec2-44-208-127-245.compute-1.amazonaws.comMatanbuchusCobalt Strike22/07/2022verifiedMedium
5XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedHög
6XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedHög
7XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedHög
8XXX.XX.XX.XXXXxxxxxxxxxx08/03/2024verifiedHög
9XXX.XXX.X.XXXxxxxxxxxxxXxxxxx Xxxxxx22/07/2022verifiedHög
10XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx Xxxxxx22/07/2022verifiedHög
11XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedHög
12XXX.XXX.X.XXXXxxxxxxxxxx05/04/2024verifiedHög
13XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedHög
14XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedHög
15XXX.XX.XXX.XXXxxxxxxxxxx31/03/2024verifiedHög
16XXX.XX.XXX.XXXxxxxxxxxxx30/03/2024verifiedHög
17XXX.XXX.XXX.XXXxxxxxxxxxx06/07/2022verifiedHög

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-73, CWE-119, CWE-121, CWE-266, CWE-285, CWE-287, CWE-290, CWE-352, CWE-401, CWE-404, CWE-416, CWE-610, CWE-611, CWE-787, CWE-862, CWE-863, CWE-918Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHög
3T1040CAPEC-102CWE-310, CWE-319Authentication Bypass by Capture-replaypredictiveHög
4TXXXXCAPEC-10CWE-XX, CWE-XXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx XxxxxxxxxxxpredictiveHög
5TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
10TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
12TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
13TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
14TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
15TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/?page=user/manage_user&id=3predictiveHög
2File/Admin/add-student.phppredictiveHög
3File/admin/attendance_row.phppredictiveHög
4File/admin/request-received-bydonar.phppredictiveHög
5File/admin/test_status.phppredictiveHög
6File/admin_route/inc_service_credits.phppredictiveHög
7File/cgi-bin/cstecgi.cgipredictiveHög
8File/cgi-bin/supervisor/PwdGrp.cgipredictiveHög
9File/xxxxxxxx.xxxpredictiveHög
10File/xxx/xxxxxxpredictiveMedium
11File/xxxxxx/xxxxxxxxxxxxpredictiveHög
12File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHög
13File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHög
14File/xxxxxpredictiveLåg
15File/xxxxx/xxxxx_xx_xxxx.xxxpredictiveHög
16File/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
17File/xxxxxxx/predictiveMedium
18Filexxxxxxx.xxxxx.xxxpredictiveHög
19Filexxxxxxxxxxxx.xxxpredictiveHög
20Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHög
21Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxxx.xxxpredictiveHög
22Filexxx:.xxxpredictiveMedium
23Filexxxxxxxxxx.xxxpredictiveHög
24Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
26Filexxxxx_xxxxx.xxxpredictiveHög
27Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHög
28Filexxxxxxx/xxxx.xxxxx.xxxpredictiveHög
29Filexxxxx.xxxpredictiveMedium
30Filexx/xxxxxx.xxx.xxpredictiveHög
31Filexxxxxxx-xxxx.xxxpredictiveHög
32Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHög
33Filexxxxxxxx.xpredictiveMedium
34Filexxxxxxxxx.xpredictiveMedium
35Filexxxxxxxxxxxx.xxxpredictiveHög
36Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictiveHög
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxxxx_xxpredictiveMedium
39ArgumentxxxpredictiveLåg
40ArgumentxxxxxxxxxxpredictiveMedium
41Argumentxxxxx/xxxxxxpredictiveMedium
42ArgumentxxxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxxxxpredictiveMedium
44ArgumentxxxxxxxxpredictiveMedium
45Argumentxxxxx xxxxpredictiveMedium
46Argumentxxxxx xxxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxpredictiveLåg
49ArgumentxxxxxxxpredictiveLåg
50ArgumentxxxxpredictiveLåg
51ArgumentxxxxpredictiveLåg
52ArgumentxxxxxxxxpredictiveMedium
53Argumentxxxxxxxxxx[x]predictiveHög
54ArgumentxxxxxxxxxpredictiveMedium
55Argumentxx_xxxxpredictiveLåg
56Argumentxx_xxpredictiveLåg
57Argumentxxxxxx_xxpredictiveMedium
58ArgumentxxxxxxxpredictiveLåg
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxpredictiveLåg
61ArgumentxxxxxxxxxxpredictiveMedium
62ArgumentxxxxpredictiveLåg
63ArgumentxxxxxxxxpredictiveMedium
64Input Value-x'%xxxxxxx%xxxxxxxx%xxxx,xxxx(),xxx,xxx--+predictiveHög
65Input Valuexxxxxxxxx-xxxxxxxx-xxxxxx-xx.x-xxxxxxx-xx.x%x%x%x%xx%x%x%x%x%x%x%x%x%x%x%x%x%x.xxxpredictiveHög
66Input Value\xxx../../../../xxx/xxxxxxpredictiveHög
67Pattern() {predictiveLåg

Referenser (5)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!