MechaFlounder Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Lang

en	8
de	2

Land

us	8
ag	2

Skådespelare

MechaFlounder	2
Redaman	1
TrickBot	1
WP Redirect Campaign	1
Meterpreter	1

Intressera

Typ

Programming Language Software	4
Firewall Software	2
Not Defined	2

Säljare

Not Defined	4
Phplinkdirectory	2
Thomas R. Pasawicz	2

Produkt

PHP	2
pfSense	2
Phplinkdirectory PHP Link Directory	2
Thomas R. Pasawicz HyperBook Guestbook	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Phplinkdirectory PHP Link Directory conf_users_edit.php förfalskning på begäran över webbplatsen	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00526	0.07	CVE-2011-0643
2	PHP socket_connect minneskorruption	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.01856	0.02	CVE-2011-1938
3	pfSense File Name browser.php cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00102	0.02	CVE-2022-42247
4	ILLID Share This Image Plugin sharer.php cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00100	0.00	CVE-2017-18015
5	IceWarp eMail Server webmail.php sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00057	0.00	CVE-2009-1468
6	HPE iLO 4 privilegier eskalering	9.9	9.4	$25k-$100k	$0-$5k	High	Official Fix	0.97224	0.03	CVE-2017-12542
7	Accellion Kiteworks URI kataloggenomgång	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00086	0.00	CVE-2016-5664
8	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	134.119.217.87		MechaFlounder		07/03/2019	verified	Hög
2	XXX.XXX.XX.XX		Xxxxxxxxxxxxx		07/03/2019	verified	Hög

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	admin/conf_users_edit.php	predictive	Hög
2	File	browser.php	predictive	Medium
3	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
4	File	xxxxxx.xxx	predictive	Medium
5	File	xxxxxxx.xxx	predictive	Medium
6	Argument	xxx	predictive	Låg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!