Matanbuchus 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

时间轴

语言

en128
sv2
fr2

国家/地区

de30
us26
tt10
ru8
se4

演员

Matanbuchus4
Cobalt Strike3
RedLine Stealer2
BelialDemon1
Quasar RAT1

活动

利益

时间轴

类型

Not Defined52
Network Attached Storage Software20
Web Browser4
Operating System4
Smartphone Operating System4

供应商

Not Defined28
QNAP20
SourceCodester10
Microsoft8
Cisco4

产品

QNAP QTS20
QNAP QuTS hero16
QNAP QuTScloud14
SourceCodester Simple Student Attendance System4
Tongda OA2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1QNAP QuTScloud/QTS/QuTS hero 权限升级5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00046CVE-2023-32967
2QNAP QTS/QuTS hero/QuTScloud 权限升级6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00047CVE-2023-39302
3QNAP QTS/QuTS hero/QuTScloud 权限升级8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00047CVE-2023-39297
4SonicBOOM riscv-boom 权限升级5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00055CVE-2020-29561
5QNAP QTS/QuTS hero/QuTScloud 权限升级5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00046CVE-2023-50358
6QNAP QTS/QuTS hero/QuTScloud 权限升级5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00046CVE-2024-21900
7QNAP Systems Photo Station 目录遍历4.64.6$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00044CVE-2023-47221
8SourceCodester Online Tours & Travels Management System email_setup.php prepare SQL注入6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00077CVE-2023-6765
9Magento Admin Panel Path 信息公开5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00084CVE-2019-7852
10XenForo 权限升级8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000
11United Planet Intrexx Professional 跨网站脚本4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00089CVE-2020-24188
12Huawei Mate 20 Digital Balance 权限升级3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00058CVE-2020-1831
13Aviatrix Controller Web Interface 跨网站请求伪造5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2020-13416
14Facebook WhatsApp MP4 File 内存损坏7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00078CVE-2019-11931
15Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00548CVE-2017-0055
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
17Western Digital WD My Cloud Session 弱身份验证8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01834CVE-2018-9148
18Western Digital My Cloud/WD Cloud 权限升级8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00663CVE-2022-22995
19QNAP QTS/QuTS hero/QuTScloud 弱身份验证6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00091CVE-2023-39303
20QNAP QTS/QuTS hero/QuTScloud 权限升级5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00047CVE-2023-41281

活动 (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
134.94.151.129129.151.94.34.bc.googleusercontent.comBelialDemonMatanbuchus2021-08-29verified
234.105.89.8282.89.105.34.bc.googleusercontent.comBelialDemonMatanbuchus2021-08-29verified
334.106.243.174174.243.106.34.bc.googleusercontent.comBelialDemonMatanbuchus2021-08-29verified
444.208.127.245ec2-44-208-127-245.compute-1.amazonaws.comMatanbuchusCobalt Strike2022-07-22verified
5XXX.XX.XX.XXXXxxxxxxxxxx2024-03-08verified
6XXX.XX.XX.XXXXxxxxxxxxxx2024-03-08verified
7XXX.XX.XX.XXXXxxxxxxxxxx2024-03-08verified
8XXX.XX.XX.XXXXxxxxxxxxxx2024-03-08verified
9XXX.XXX.X.XXXxxxxxxxxxxXxxxxx Xxxxxx2022-07-22verified
10XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx Xxxxxx2022-07-22verified
11XXX.XXX.X.XXXXxxxxxxxxxx2024-04-04verified
12XXX.XXX.X.XXXXxxxxxxxxxx2024-04-05verified
13XXX.XXX.X.XXXXxxxxxxxxxx2024-04-04verified
14XXX.XXX.X.XXXXxxxxxxxxxx2024-04-04verified
15XXX.XX.XXX.XXXxxxxxxxxxx2024-03-31verified
16XXX.XX.XXX.XXXxxxxxxxxxx2024-03-30verified
17XXX.XXX.XXX.XXXxxxxxxxxxx2022-07-06verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-425Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4TXXXXCWE-XXXxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/?page=user/manage_user&id=3predictive
2File/Admin/add-student.phppredictive
3File/admin/attendance_row.phppredictive
4File/admin/request-received-bydonar.phppredictive
5File/admin/test_status.phppredictive
6File/admin_route/inc_service_credits.phppredictive
7File/cgi-bin/cstecgi.cgipredictive
8File/cgi-bin/supervisor/PwdGrp.cgipredictive
9File/xxxxxxxx.xxxpredictive
10File/xxx/xxxxxxpredictive
11File/xxxxxx/xxxxxxxxxxxxpredictive
12File/xxxxxx/xxxxxxxxxxxxxxxxpredictive
13File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
14File/xxxxxpredictive
15File/xxxxx/xxxxx_xx_xxxx.xxxpredictive
16File/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictive
17File/xxxxxxx/predictive
18Filexxxxxxx.xxxxx.xxxpredictive
19Filexxxxxxxxxxxx.xxxpredictive
20Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
21Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxxx.xxxpredictive
22Filexxx:.xxxpredictive
23Filexxxxxxxxxx.xxxpredictive
24Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
26Filexxxxx_xxxxx.xxxpredictive
27Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictive
28Filexxxxxxx/xxxx.xxxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexx/xxxxxx.xxx.xxpredictive
31Filexxxxxxx-xxxx.xxxpredictive
32Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictive
33Filexxxxxxxx.xpredictive
34Filexxxxxxxxx.xpredictive
35Filexxxxxxxxxxxx.xxxpredictive
36Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictive
37Argumentxxxxxxxxpredictive
38Argumentxxxxx_xxpredictive
39Argumentxxxpredictive
40Argumentxxxxxxxxxxpredictive
41Argumentxxxxx/xxxxxxpredictive
42Argumentxxxxxxxxxxpredictive
43Argumentxxxxxxxxxxxpredictive
44Argumentxxxxxxxxpredictive
45Argumentxxxxx xxxxpredictive
46Argumentxxxxx xxxxpredictive
47Argumentxxxxxxxxpredictive
48Argumentxxpredictive
49Argumentxxxxxxxpredictive
50Argumentxxxxpredictive
51Argumentxxxxpredictive
52Argumentxxxxxxxxpredictive
53Argumentxxxxxxxxxx[x]predictive
54Argumentxxxxxxxxxpredictive
55Argumentxx_xxxxpredictive
56Argumentxx_xxpredictive
57Argumentxxxxxx_xxpredictive
58Argumentxxxxxxxpredictive
59Argumentxxxxxxxxpredictive
60Argumentxxxpredictive
61Argumentxxxxxxxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxxxxpredictive
64Input Value-x'%xxxxxxx%xxxxxxxx%xxxx,xxxx(),xxx,xxx--+predictive
65Input Valuexxxxxxxxx-xxxxxxxx-xxxxxx-xx.x-xxxxxxx-xx.x%x%x%x%xx%x%x%x%x%x%x%x%x%x%x%x%x%x.xxxpredictive
66Input Value\xxx../../../../xxx/xxxxxxpredictive
67Pattern() {predictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!