Xanthe 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

时间轴

语言

en26
zh12
ja8
es2

国家/地区

cn26
jp8
us6
gb2

演员

LoggerMiner2
Xanthe2
Rhadamanthys1
Cobalt Strike1
PhotoLoader1

活动

利益

时间轴

类型

Not Defined18
Web Browser4
Web Server2
Log Management Software2
WordPress Plugin2

供应商

Not Defined14
Apache4
Microsoft2
Cellopoint2
NXP2

产品

Microsoft Internet Explorer2
Cellopoint Cellos2
NXP LPC55S66JBD642
NXP LPC55S66JBD1002
NXP LPC55S66JEV982

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Apache Archiva File Upload Service 跨网站脚本5.15.1$5k-$25k$5k-$25kNot DefinedNot Defined0.001080.00CVE-2023-28158
2Splunk Enterprise Forwarder Bundle 权限升级8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2022-32158
3Microsoft Windows 16-bit Compatibility 信息公开3.33.3$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
4virglrenderer IOCTL 内存损坏7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2022-0135
5EQdkp dbal.php 权限升级6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.031880.02CVE-2006-2256
6MikroTik RouterOS HTTP Server 拒绝服务5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2019-13955
7Dreamer CMS 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-29774
8Weblogicnet es_desp.php 权限升级7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.088790.02CVE-2007-4715
9PrestaShop SQL注入8.08.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.838960.04CVE-2021-3110
10Oracle MySQL Server Compiling 拒绝服务7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-22570
11Microsoft Outlook 弱身份验证9.08.6$5k-$25k$0-$5kFunctionalOfficial Fix0.926450.06CVE-2023-23397
12Apache Dubbo Generic Invoke 权限升级5.05.0$5k-$25k$5k-$25kNot DefinedNot Defined0.014790.00CVE-2023-23638
13Grafana Authentication Cookies 信息公开5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001010.02CVE-2022-39201
14Hugo Pandoc Document exec 权限升级5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002670.02CVE-2020-26284
15GNU C Library Call Graph Monitor gmon.c __monstartup 内存损坏 [有争议]6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.09CVE-2023-0687
16nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.64CVE-2020-12440
17Google Chrome 拒绝服务7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.009890.02CVE-2011-2796
18Samsung TizenRT l2_packet_pcap.c l2_packet_receive_timeout 拒绝服务5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.002700.00CVE-2022-40279
19Microsoft Internet Explorer FTP Server 内存损坏6.36.3$25k-$100k$0-$5kHighUnavailable0.969730.07CVE-2009-3023
20Microsoft Windows Shell Shortcut Parser 权限升级10.09.5$100k 以及更多$0-$5kHighOfficial Fix0.972230.04CVE-2010-2568

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
134.92.166.158158.166.92.34.bc.googleusercontent.comXanthe2022-02-02verified
2XX.XXX.XX.XXXxxxxx2022-02-02verified
3XXX.XX.XX.XXxxxxxxx.xxxXxxxxx2022-02-02verified
4XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2022-02-02verified
5XXX.XX.XX.XXXXxxxxx2022-02-02verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1040CWE-294Authentication Bypass by Capture-replaypredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1Fileauth2-gss.cpredictive
2Filecategory.phppredictive
3Filees_desp.phppredictive
4Filexxxx.xpredictive
5Filexxxxxxxx/xxxx.xxxpredictive
6Filexx/xxxxpredictive
7Filexxxxxx.xxxpredictive
8Filexxxx-xxxxxx.xpredictive
9Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictive
10Filexxx_xxxxxxxxxx/xxx/xx_xxxxxx/xx_xxxxxx_xxxx.xpredictive
11Argumentxxxxx_xxxx_xxxxpredictive
12Argumentxxxxx_xxxpredictive
13Argumentxxxx/xxpredictive
14Argumentxx_xxxxxxxxpredictive
15Argumentxxxxpredictive
16Argumentxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!