Mettle Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Lang

en	28

Land

us	22
vn	6

Skådespelare

Mettle	1

Intressera

Typ

Domain Name Software	6
Not Defined	6
Operating System	2
Web Server	2
Smartphone Operating System	2

Säljare

Not Defined	20
Microsoft	2
Google	2
Pivotal	2

Produkt

Dnsmasq	6
Microsoft Windows	2
nginx	2
Google Android	2
pfSense	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Dnsmasq extract_name minneskorruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.02	CVE-2021-45954
2	TP-LINK TL-WR841N Firmware kataloggenomgång	7.5	7.5	$0-$5k	$0-$5k	High	Not Defined	0.02952	0.04	CVE-2012-5687
3	devise-two-factor informationsgivning	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.02	CVE-2024-0227
4	pfSense diag_command.php csrf_callback förfalskning på begäran över webbplatsen	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00180	0.00	CVE-2019-16667
5	Apache Superset REST API Get Endpoint privilegier eskalering	5.8	5.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00270	0.04	CVE-2022-45438
6	WordPress Scheduled Task wp-cron.php förnekande av tjänsten	6.5	6.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00096	0.02	CVE-2023-22622
7	Dnsmasq fuzz_rfc1035.c resize_packet minneskorruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.02	CVE-2021-45955
8	Dnsmasq print_mac minneskorruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.03	CVE-2021-45956
9	Dnsmasq rfc1035.c extract_name minneskorruption	7.7	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.10872	0.03	CVE-2020-25682
10	Dnsmasq fuzz_rfc1035.c answer_request minneskorruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.04	CVE-2021-45957
11	PHP FPM SAPI minneskorruption	8.0	7.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00148	0.04	CVE-2021-21703
12	Magento Deserialization privilegier eskalering	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00587	0.00	CVE-2020-3716
13	Magento sql injektion	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00582	0.03	CVE-2019-7139
14	Google Android file_input_stream.cc Read minneskorruption	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00105	0.00	CVE-2019-2105
15	Google Android TQS App memscpy minneskorruption	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00187	0.00	CVE-2015-9173
16	nginx HTTP/2 förnekande av tjänsten	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02974	0.02	CVE-2018-16844
17	Moodle Installation informationsgivning	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00187	0.03	CVE-2012-4403
18	NoneCms App.php privilegier eskalering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96678	0.02	CVE-2018-20062
19	Creolabs Gravity gravity_lexer.c minneskorruption	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00331	0.00	CVE-2017-1000172
20	Squid Proxy HTTP Request svag autentisering	8.7	8.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.52868	0.03	CVE-2016-4553

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	118.70.80.143		Mettle		12/02/2022	verified	Hög
2	XXX.XXX.XX.XXX		Xxxxxx		12/02/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	T1059.007	CWE-80	Cross Site Scripting	predictive	Hög
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	diag_command.php	predictive	Hög
2	File	file_input_stream.cc	predictive	Hög
3	File	xxxx_xxxxxxx.x	predictive	Hög
4	File	xxxxxxx_xxxxx.x	predictive	Hög
5	File	xxxxxxx.x	predictive	Medium
6	File	xxxxxxxx/xxxxxxxx	predictive	Hög
7	File	xx-xxxx.xxx	predictive	Medium
8	Library	xxxxxxxx/xxxxxxx/xxxxx/xxx.xxx	predictive	Hög
9	Argument	xxxxxxxx_xx	predictive	Medium
10	Argument	xxxxxx	predictive	Låg
11	Argument	xxxxxxxxxx/xxxxxxxxxxxxxxx	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!