Machete Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en108
fr6
ru6
zh4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us84
ru14
ca6
fr4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Machete6
RagnarLocker1
Bashlite1
Donot1
DPRK1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined42
Content Management System16
Web Browser8
Programming Language Software8
Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Apple8
Microsoft6
PhotoPost6
Pearlinger4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Pearlinger Products4
Microsoft Windows4
Zentrack4
Apple iOS4
Apple iPadOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WordPress Access Restriction user-new.php access control7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
2Apple iOS/iPadOS Kernel information disclosure3.33.2$5k-$25k$0-$5kHighOfficial Fix0.007780.00CVE-2020-27950
3Joe Depasquale Bannermatic Ban File information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002310.00CVE-2002-2342
4PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
5Skrypty Ppa Gallery functions.inc.php memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.02CVE-2005-2199
6Lighthouse Development Squirrelcart cart_content.php file inclusion6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
7Oracle GoldenGate denial of service7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015680.00CVE-2021-3749
8Microsoft Windows Asynchronous RPC Request access control9.08.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.905410.01CVE-2013-3175
9vBulletin visitormessage.php code injection7.57.4$0-$5k$0-$5kHighUnavailable0.031040.02CVE-2014-9463
10phpBB startup.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431
11PHPizabi index.php path traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.21CVE-2008-3723
12Pharmacy Sales and Inventory System manage_user.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-30407
13Hospital Patient Record Management System file inclusion5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-24232
14Zentrack index.php path traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.08
15Zentrack index.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
16PhotoPost PhotoPost vBGallery File Upload upload.php input validation6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.06CVE-2008-7088
17Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
18Cutephp CuteNews URL comments.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018490.01CVE-2003-1240
19myWebland myEvent event.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.404760.00CVE-2006-1890
20myEvent event.php privileges management7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.207.44.72Machete03/31/2022verifiedHigh
269.64.43.33falcon207.startdedicated.comMachete12/17/2020verifiedHigh
3XXX.XX.XXX.XXxxx-xx-xxx-xx.xxx.xxxx.xxXxxxxxx12/17/2020verifiedHigh
4XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxx12/17/2020verifiedHigh
5XXX.XX.XXX.XXXxxxxxx12/17/2020verifiedHigh
6XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxx12/17/2020verifiedHigh
7XXX.X.X.XXXxxxxxx.xxx.x.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx12/17/2020verifiedHigh
8XXX.XXX.XXX.XXXxxxxxx12/17/2020verifiedHigh
9XXX.XX.XX.XXXxx-xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxx12/17/2020verifiedHigh
10XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxxXxxxxxx12/17/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=backuppredictiveHigh
2File/pharmacy-sales-and-inventory-system/manage_user.phppredictiveHigh
3File/proc/self/cwdpredictiveHigh
4File/Side.phppredictiveMedium
5File/textpattern/index.phppredictiveHigh
6Fileaccount.asppredictiveMedium
7Fileadmin.phppredictiveMedium
8FileadminAttachments.phppredictiveHigh
9FileadminBoards.phppredictiveHigh
10FileadminPolls.phppredictiveHigh
11Fileal_initialize.phppredictiveHigh
12Filease.phppredictiveLow
13Filebb_usage_stats.phppredictiveHigh
14Filecart_content.phppredictiveHigh
15Filexxxxx.xxxxx.xxxpredictiveHigh
16Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxxx.xxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
22Filexxxx_xxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxx.xxxpredictiveHigh
27Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
28Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveHigh
29Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx.xxx?xx=xxxxxxxxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxx_xxxxxxxx.xxxpredictiveHigh
34Filexxx.xxxpredictiveLow
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxx/xxx/xxxxx.xxxpredictiveHigh
37Filexxxxxx_xx.xxxpredictiveHigh
38Filexxxxxxxxx.xxx.xxxpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
42Filexxxxxxxxxx.xxxx.xxxpredictiveHigh
43Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxxx.xxxpredictiveMedium
47Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxxx.xxxpredictiveHigh
50Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
51Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
52Filexxxxxx.xxxpredictiveMedium
53Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
57Filexxxxxxxxxxxx.xxxpredictiveHigh
58Libraryxxxxxxxx-xx.xxxpredictiveHigh
59Libraryxxx xxxxxxxxxxpredictiveHigh
60Libraryxxxx.xxx.xxxpredictiveMedium
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxpredictiveLow
63ArgumentxxxxpredictiveLow
64Argumentxxxx_xxx_xxxxpredictiveHigh
65ArgumentxxxpredictiveLow
66Argumentxxx_xxpredictiveLow
67ArgumentxxxxxxxxxxxxxxxpredictiveHigh
68ArgumentxxxxxxxxxxpredictiveMedium
69Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
70ArgumentxxxxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73Argumentxx_xxxxx_xxpredictiveMedium
74Argumentxx_xxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76Argumentxxxx_xxpredictiveLow
77ArgumentxxxxxxxpredictiveLow
78Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveHigh
79Argumentxxxx[xxxxxxx]predictiveHigh
80ArgumentxxpredictiveLow
81ArgumentxxxxxxxxxpredictiveMedium
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxpredictiveLow
84Argumentxxxx_xxxxpredictiveMedium
85ArgumentxxxxxxxpredictiveLow
86Argumentxxx_xxxx_xxxxpredictiveHigh
87Argumentxx_xxxxxxxxpredictiveMedium
88Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
89Argumentxxxxxxx_xxxxpredictiveMedium
90Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveHigh
91ArgumentxxxxxpredictiveLow
92ArgumentxxxxpredictiveLow
93Argumentxxxx_xx_xx_xxxpredictiveHigh
94ArgumentxxxxxxxxxpredictiveMedium
95Argumentxxxxx_xxxx_xxxxpredictiveHigh
96ArgumentxxxxxpredictiveLow
97Argumentxxxxxxxxxx[x]predictiveHigh
98Argumentxx_xxxxpredictiveLow
99Argumentxxxxxx_xxxxpredictiveMedium
100ArgumentxxxxxpredictiveLow
101ArgumentxxxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxpredictiveMedium
103Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
104Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
105Patternxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxpredictiveHigh
106Pattern|xx xx xx xx|predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!