xmrig.pe 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

时间轴

语言

en90
zh22
ru4
es4
de4

国家/地区

us70
cn22
ir4
ru2
br2

演员

xmrig.pe6
Cobalt Strike2

活动

利益

时间轴

类型

Not Defined40
Operating System12
Database Software8
Wireless LAN Software6
Content Management System6

供应商

Not Defined32
Microsoft10
Cisco10
Linux6
Apache4

产品

Linux Kernel6
Cisco Wireless LAN Controller6
Microsoft Windows4
Microsoft SQL Server4
Tenda W30E4

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.950.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Cisco Wireless LAN Controller 802.11v 权限升级5.85.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00102CVE-2017-12275
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.660.00000
5Cisco Wireless LAN Controller ANQP 内存损坏5.24.9$5k-$25k计算Not DefinedOfficial Fix0.000.00102CVE-2017-12282
6jeecg-boot qurestSql SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.230.08680CVE-2023-1454
7Webmin 权限升级7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.97196CVE-2022-0824
8Atlassian Jira Server/Jira Data Center Mobile Plugin 权限升级6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.03312CVE-2022-26135
9SPIP spip.php 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.860.00132CVE-2022-28959
10Jetty Login Password.java 信息公开5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00299CVE-2017-9735
11FileRun index.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.030.00649CVE-2007-2469
12I-O DATA DEVICE LAN DISK Connect 内存损坏6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00080CVE-2017-10875
13Cisco Wireless LAN Controller SNMP 拒绝服务5.35.0$0-$5k计算Not DefinedOfficial Fix0.000.00143CVE-2017-12278
14D-Link DIR-850L LAN Traffic 权限升级5.95.9$0-$5k$5k-$25kNot DefinedNot Defined0.000.00277CVE-2017-14430
15Apple iOS/iPadOS Attachment BLASTPASS 权限升级7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.030.00070CVE-2023-41061
16MikroTik RouterOS igmp-proxy 拒绝服务4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.050.00201CVE-2020-20219
17TIBCO Spotfire Statistics Services Splus Server 权限升级9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00140CVE-2023-29268
18Google Chrome V8 权限升级7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.040.03794CVE-2023-2033
19Tenda W30E editUserName 内存损坏6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00075CVE-2022-45508
20Traefik 信息公开4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00095CVE-2022-23469

活动 (1)

These are the campaigns that can be associated with the actor:

  • Log4Shell

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
118.228.7.109ec2-18-228-7-109.sa-east-1.compute.amazonaws.comxmrig.peLog4Shell2022-02-09verified
231.220.58.29xmrig.peLog4Shell2022-02-09verified
3XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx.xxXxxxxxxxx2022-02-09verified
4XX.XXX.XXX.XXxx.xxx.xxx.xx.xxx.xxXxxxx.xx2022-04-26verified
5XXX.XXX.XXX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxx.xxXxxxxxxxx2022-02-09verified
6XXX.XXX.XX.XXXxxxx.xx2022-04-26verified
7XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx.xx2022-04-26verified
8XXX.XXX.XXX.XXxxxxx.xxxx.xxxXxxxx.xx2022-04-26verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
13TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (44)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/.ssh/authorized_keyspredictive
2File/forum/away.phppredictive
3File/goform/delFileNamepredictive
4File/goform/editUserNamepredictive
5File/index/user/upload_img.htmlpredictive
6File/xxxxx/xxxx/xxxx_xxxx.xxxxpredictive
7File/xxxx/xxx/xxxx-xxxxxpredictive
8File/xxxx.xxxpredictive
9File/xxxxxxx/predictive
10Filexxxxx.xxxpredictive
11Filexxxxxxxx.xxxpredictive
12Filexxxxxx/xxxxxx/xxx_xxxx.xpredictive
13Filex_xxxxxxpredictive
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
15Filexxxx.xxxpredictive
16Filexxx/xxxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxx.xxxpredictive
19Filexxxxxxxx/xxxxxxxxxpredictive
20Filexxxxxx/xxx/xxxxxxxx.xpredictive
21Filexxxxx.xxxpredictive
22Filexxx_xxxxx_xxxxx.xpredictive
23Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
24Filexxxxxxxx.xxxpredictive
25Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
26Filexxxxxxxxxxxxxxx.xxxxpredictive
27Argumentxxxxxxxxxxxpredictive
28Argumentxxx_xxxpredictive
29Argumentxxxxxxxxpredictive
30Argumentxxxxxxxpredictive
31Argumentxxxxxxx-xxxx/xxxxxxx-xxxxxxxx-xxxxxxxxpredictive
32Argumentxx_xxxxx_xxpredictive
33Argumentxxxpredictive
34Argumentxxxxpredictive
35Argumentxxxxxxxxxxxpredictive
36Argumentxxxx/xxx/xxx_xxpredictive
37Argumentxxxxxxxxpredictive
38Argumentxxx_xxxxxxxxxxxpredictive
39Argumentxxxxxxpredictive
40Argumentxxx_xxxxxxxpredictive
41Argumentxxxpredictive
42Argumentxxxxxxxxpredictive
43Input Value../predictive
44Input Valuexxxxxxxxx' xxx 'x'='xpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!