Mint Sandstorm Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (41)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
pl2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mint Sandstorm3
TunnelVision2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System8
Not Defined8
Groupware Software4
Operating System2
Solution Stack Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Microsoft6
WordPress2
SAP2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Microsoft Windows2
Redis2
Microsoft Exchange Server2
Microsoft SharePoint Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SAP NetWeaver MigrationService improper authorization9.29.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000770.00CVE-2021-21481
2WordPress cross site scripting5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003640.02CVE-2022-21662
3WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.05CVE-2022-21661
4Microsoft Windows RDP authorization8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.001210.00CVE-2021-1669
5Cacti Request Parameter remote_agent.php injection8.58.4$0-$5k$0-$5kHighOfficial Fix0.965280.08CVE-2022-46169
6ZyXEL USG FLEX 50 CGI Program os command injection8.58.4$0-$5k$0-$5kHighOfficial Fix0.974720.08CVE-2022-30525
7All in One SEO Plugin REST API Endpoint access control6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.024070.00CVE-2021-25036
8YITH WooCommerce Gift Cards Premium Plugin Shopping Cart php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.178660.00CVE-2021-3120
9WordPress wp-publications Plugin Archive bibtexbrowser.php path traversal7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.005290.03CVE-2021-38360
10WP Import Export Plugin class-wpie-general.php wpie_process_file_download authorization6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.001610.00CVE-2022-0236
11Cisco Small Business RV345 stack-based overflow9.99.7$5k-$25k$0-$5kHighOfficial Fix0.962500.05CVE-2022-20699
12WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
13WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
14Oracle GlassFish Open Source Edition Demo Feature hard-coded credentials8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001870.03CVE-2018-14324
15Microsoft Exchange Server Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.965370.04CVE-2021-42321
16F5 BIG-IP TMUI Privilege Escalation8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.001590.03CVE-2021-22988
17Microsoft SharePoint Server Privilege Escalation8.87.7$25k-$100k$0-$5kUnprovenOfficial Fix0.299960.00CVE-2021-31181
18Umbraco CMS Installation path traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003710.06CVE-2020-5811
19cpp-ethereum JSON-RPC admin_addPeer API improper authorization5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.012740.03CVE-2017-12112
20Oracle GlassFish Server Java Server Faces access control3.13.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001290.03CVE-2017-3626

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Drokbk

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.89.135.15ip15.ip-51-89-135.euMint SandstormDrokbk04/22/2023verifiedHigh
2XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxx XxxxxxxxxXxxxxx04/22/2023verifiedHigh
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxx XxxxxxxxxXxxxxx04/22/2023verifiedHigh
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxxXxxx XxxxxxxxxXxxxxx04/22/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2Fileadmin.php/User/del/ucode/predictiveHigh
3Filedetail.phppredictiveMedium
4Fileext/standard/http_fopen_wrapper.cpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxx_xxx.xxxpredictiveHigh
7Filexxxxxxxxxx.xpredictiveMedium
8FilexxxpredictiveLow
9Filexxxx.xxxpredictiveMedium
10Filexxxxxxxxx.xxxpredictiveHigh
11Filexxxxxx_xxxxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxxxx/xxxxx.xxx/xxxx/xxxxpredictiveHigh
14Filexxxxxxxxx.xxxpredictiveHigh
15File~/xxxxxxxxxxxxx.xxxpredictiveHigh
16File~/xxxxxxxx/xxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
17ArgumentxxxpredictiveLow
18Argumentxxxx/xxxxxxxpredictiveMedium
19Argumentxxxx_xxpredictiveLow
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxpredictiveLow
22ArgumentxxxxxxxpredictiveLow
23Argumentx_xxxxpredictiveLow
24Argumentxxxxx_xxpredictiveMedium
25Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
26Input ValuexxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!