Exmatter Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (13)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh10
en4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn12
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Exmatter2
Hermes1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Connectivity Software10
Groupware Software2
Not Defined2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
OpenBSD4
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

OpenSSH6
OpenBSD OpenSSH4
Microsoft SharePoint2
Mailman2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Oracle MySQL Server Privileges denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005640.04CVE-2018-2696
2Apache Commons FileUpload MultipartStream input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.042750.03CVE-2016-3092
3Apache Tomcat ResourceLinkFactory.setGlobalContext access control7.87.2$5k-$25k$0-$5kUnprovenOfficial Fix0.001830.00CVE-2016-0763
4OpenBSD OpenSSH X11 Forwarding 7pk security9.89.1$25k-$100k$0-$5kUnprovenOfficial Fix0.003650.03CVE-2016-1908
5OpenSSH scp Client input validation6.96.9$5k-$25k$5k-$25kNot DefinedUnavailable0.001220.03CVE-2020-12062
6OpenSSH Supplemental Group privileges management4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.09CVE-2021-41617
7OpenBSD OpenSSH compat.c double free7.77.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.010970.04CVE-2023-25136
8Oracle Solaris SunSSH authorization5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.006860.05CVE-2018-20685
9OpenSSH Algorithm Negotiation information disclosure4.84.8$5k-$25k$5k-$25kNot DefinedNot Defined0.002090.05CVE-2020-14145
10Microsoft SharePoint unknown vulnerability8.77.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.024920.06CVE-2020-17118
11Mailman input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
12jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.00CVE-2019-7550
13runV util.c access control6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2018-9862

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1128.199.145.18windows2019.gz-s-4vcpu-8gb-intel-sgp1-01Exmatter07/02/2023verifiedHigh
2XXX.XX.XXX.XXXXxxxxxxx07/02/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1068CAPEC-122CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveHigh
2TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
3TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filecompat.cpredictiveMedium
2Fileregister/check/username?usernamepredictiveHigh
3Filexxxx.xpredictiveLow
4Argument-xpredictiveLow
5Argumentxxxxxxx.xxx_xxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!