Magniber Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (44)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
zh8
fr2
sv2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
cn10
ir4
gb2
tr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Magniber5
Arid Viper1
Unidentified 111 (Latrodectus)1
Space Pirates1
Qakbot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Firewall Software4
Content Management System2
Database Administration Software2
Chat Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Tencent2
Thomas R. Pasawicz2
Forcepoint2
F52

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

firefly-iii2
EyouCMS2
WordPress2
Umbraco2
phpMyAdmin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Apache RocketMQ Broker path traversal6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000580.04CVE-2019-17572
3Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.65
4firefly-iii input validation6.86.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001870.00CVE-2023-1789
5Nacos Access Control privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001260.00CVE-2020-19676
6firefly-iii session expiration6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001870.00CVE-2023-1788
7RainLoop Webmail XSS Protection Mechanism cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.04CVE-2019-13389
8Freeciv Packet resource consumption6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.019330.00CVE-2012-6083
9Cisco IOS XE Web-based User Interface os command injection7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.777970.06CVE-2019-12650
10ThinkPHP deserialization7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001770.07CVE-2022-45982
11F5 BIG-IP Configuration Utility improper authentication8.98.7$5k-$25k$0-$5kHighOfficial Fix0.970410.08CVE-2023-46747
12Ivanti Pulse Connect Secure Push Configuration targets.cgi source code2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2021-44720
13Pulse Secure Pulse Connect Secure Applet tncc.jar certificate validation8.28.2$0-$5k$0-$5kNot DefinedNot Defined0.001840.04CVE-2020-11580
14Oracle Database Server Remote Code Execution7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.105030.00CVE-2009-1019
15WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.05CVE-2022-3590
16KubeOperator System API improper authorization7.37.3$0-$5k$0-$5kNot DefinedOfficial Fix0.032140.00CVE-2023-22480
17Umbraco FeedProxy.aspx.cs Page_Load server-side request forgery7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005110.00CVE-2015-8813
18Adobe Connect Server AMF Message deserialization8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014360.00CVE-2021-40719
19WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
20e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.170.3845.32.170.38.vultrusercontent.comMagniber03/18/2024verifiedHigh
251.68.238.215Magniber03/18/2024verifiedHigh
3XX.XXX.XXX.XXXXxxxxxxx03/18/2024verifiedHigh
4XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxxxx07/28/2022verifiedHigh
5XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxx07/28/2022verifiedHigh
6XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx12/09/2022verifiedHigh
7XXX.XX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx03/18/2024verifiedHigh
8XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxXxxxxxxx07/28/2022verifiedHigh
9XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxXxxxxxxx07/28/2022verifiedHigh
10XXX.XXX.XXX.XXXxxxxxxx03/18/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/controller/Index.phppredictiveHigh
2File/menu.htmlpredictiveMedium
3Filexxxxx.xxxpredictiveMedium
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxx.xxxpredictiveMedium
8Filexxxxxxx.xxx/xxxxxxx.xxxxxxxxxxxx/xxxxxxx/xxxxxxxxx/xxxxxxxxx.xxxx.xxpredictiveHigh
9Argument?xxxxxxpredictiveLow
10ArgumentxxxxxxxxxxpredictiveMedium
11ArgumentxxxxxxxxxpredictiveMedium
12ArgumentxxxpredictiveLow

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!