Monero Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Lang

zh	34
en	20

Land

cn	52
us	2

Skådespelare

Cobalt Strike	2
Monero	2
pupy	1
Tofsee	1

Intressera

Typ

Not Defined	24
Network Attached Storage Software	6
Database Software	4
Content Management System	4
Connectivity Software	2

Säljare

Not Defined	26
QNAP	6
HelpSystems	2
D-Link	2
rap2hpoutre	2

Produkt

QNAP QTS	6
QNAP QuTS Hero	4
QNAP QVP	4
QNAP QVR	4
PostgreSQL	4

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	CakePHP offset sql injektion	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00160	0.04	CVE-2023-22727
2	PHPMailer Phar Deserialization addAttachment privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00748	0.00	CVE-2020-36326
3	WordPress Editor informationsgivning	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00463	0.04	CVE-2021-29450
4	PostgreSQL privilegier eskalering	6.0	5.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.03	CVE-2017-12172
5	PbootCMS function.php parserIfLabel privilegier eskalering	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.52551	0.05	CVE-2022-32417
6	PHP PHAR phar_dir_read minneskorruption	8.2	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00126	0.09	CVE-2023-3824
7	GNUBOARD5 install_db.php sql injektion	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00155	0.03	CVE-2020-18662
8	Axios Package Redirect privilegier eskalering	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00274	0.04	CVE-2020-28168
9	Workerman-ThinkPHP-Redis Controller.class.php cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.03	CVE-2021-43697
10	Aladdin Knowledge Systems eSafe Gateway Filter privilegier eskalering	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01622	0.00	CVE-2001-0521
11	Adminer privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00679	0.03	CVE-2018-7667
12	QuiXplorer index.php kataloggenomgång	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08521	0.00	CVE-2013-1641
13	Softnext SPAM SQR privilegier eskalering	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00143	0.04	CVE-2023-24835
14	Cakefoundation CakePHP Error Message informationsgivning	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00287	0.00	CVE-2011-3712
15	rap2hpoutre Laravel Log Viewer Base64 Encoding privilegier eskalering	7.4	7.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.06360	0.08	CVE-2018-8947
16	UniSharp laravel-filemanager download kataloggenomgång	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.09099	0.00	CVE-2022-40734
17	exceedone Exment/laravel-admin sql injektion	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00129	0.04	CVE-2022-37333
18	laravel-admin privilegier eskalering	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00156	0.03	CVE-2023-24249
19	Laravel destruct privilegier eskalering	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00083	0.02	CVE-2021-28254
20	laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injektion	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.05	CVE-2021-4262

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	37.187.154.37	ns320368.ip-37-187-154.eu	Monero	15/12/2019	verified	Hög
2	XX.XX.XXX.XXX		Xxxxxx	15/12/2019	verified	Hög
3	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxx	10/06/2019	verified	Hög
4	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxx	10/06/2019	verified	Hög

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-59, CWE-61, CWE-119, CWE-120, CWE-125, CWE-287, CWE-288, CWE-352, CWE-404, CWE-502, CWE-672, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Hög
3	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
4	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
10	TXXXX.XXX	CAPEC-114	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
13	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	Controller.class.php	predictive	Hög
2	File	data/gbconfiguration.dat	predictive	Hög
3	File	dede\co_do.php	predictive	Hög
4	File	xxxxxxxx	predictive	Medium
5	File	xxxxxxxx.xxx	predictive	Medium
6	File	xxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxx	predictive	Hög
7	File	xxxxx.xxx	predictive	Medium
8	File	xxxxxxx_xx.xxx	predictive	Hög
9	File	xxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxx	predictive	Hög
10	File	xxxxxx.xx	predictive	Medium
11	File	xxxx-xxxxxx.x	predictive	Hög
12	File	xxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
13	File	xxxx-xxxxxxxx.xxx	predictive	Hög
14	Argument	xxxxxx	predictive	Låg
15	Argument	xxx	predictive	Låg
16	Argument	x/xx/xxx	predictive	Medium
17	Argument	xxxxxx	predictive	Låg
18	Argument	xxxxxxxx[]	predictive	Medium
19	Argument	xxxxxx	predictive	Låg
20	Argument	xxxxx_xxxxxx	predictive	Medium
21	Argument	xxxxxxxx	predictive	Medium
22	Argument	xxxxxxx_xxx	predictive	Medium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!