SystemdMiner Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (260)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	174
ru	80
de	4
es	2

Country

ru	252
gb	2
us	2
ir	2
cn	2

Actors

SystemdMiner	2

Activities

Interest

Timeline

Type

Operating System	40
Not Defined	40
Groupware Software	26
Office Suite Software	22
Cloud Software	10

Vendor

Microsoft	84
Not Defined	26
Synacor	10
Nextcloud	10
HCL	8

Product

Microsoft Windows	40
Microsoft Office	20
Microsoft Exchange Server	16
Nextcloud Desktop Client	8
Microsoft Excel	6

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Microsoft Exchange Server PowerShell ProxyNotShell Privilege Escalation	7.7	7.3	$5k-$25k	$0-$5k	High	Official Fix	0.10698	0.00	CVE-2022-41082
2	Microsoft Excel Local Privilege Escalation	7.0	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.00125	0.00	CVE-2023-32029
3	Microsoft Windows Registry Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00054	0.00	CVE-2023-28246
4	Microsoft Windows HTTP Protocol Stack Remote Code Execution	9.8	9.0	$100k and more	$0-$5k	Proof-of-Concept	Official Fix	0.84044	0.04	CVE-2022-21907
5	Microsoft Windows Registry Key information disclosure	5.8	5.4	$25k-$100k	$5k-$25k	Proof-of-Concept	Official Fix	0.01328	0.00	CVE-2022-38033
6	Microsoft Windows Contacts Remote Code Execution	8.3	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00425	0.02	CVE-2022-44666
7	Microsoft Windows TCP/IP Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.23993	0.00	CVE-2022-34718
8	Microsoft Windows Remote Procedure Call Runtime Remote Code Execution	9.8	8.9	$100k and more	$5k-$25k	Unproven	Official Fix	0.01558	0.00	CVE-2022-26809
9	Microsoft Windows Point-to-Point Tunneling Protocol Remote Code Execution	8.1	7.4	$100k and more	$5k-$25k	Unproven	Official Fix	0.00835	0.00	CVE-2022-21972
10	Synacor Zimbra Collaboration Suite Element Attribute injection	5.5	5.3	$0-$5k	$0-$5k	High	Official Fix	0.01933	0.00	CVE-2022-24682
11	Plohni Advanced Comment System Installation index.php code injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00997	0.05	CVE-2009-4623
12	Microsoft Windows Support Diagnostic Tool Follina Remote Code Execution	7.3	7.1	$25k-$100k	$0-$5k	High	Workaround	0.97175	0.05	CVE-2022-30190
13	Microsoft Windows Runtime Remote Code Execution	8.1	7.7	$25k-$100k	$5k-$25k	High	Official Fix	0.40028	0.00	CVE-2022-21971
14	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.04	CVE-2022-27228
15	Broadcom BCM43xx Broadpwn access control	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05865	0.00	CVE-2017-9417
16	Linux Kernel openvswitch Module reserve_sfa_size out-of-bounds write	7.0	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2022-2639
17	Microsoft Office Excel Remote Code Execution	7.0	6.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.38247	0.00	CVE-2021-40442
18	RoundCube CSS cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00095	0.00	CVE-2021-26925
19	Synacor Zimbra Collaboration Suite WebEx Zimlet server-side request forgery	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.70648	0.00	CVE-2020-7796
20	Microsoft Exchange Server ProxyLogon unknown vulnerability	9.3	9.0	$25k-$100k	$0-$5k	High	Official Fix	0.97507	0.06	CVE-2021-26855

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	1.125.125.5		SystemdMiner	05/07/2019	verified	High
2	5.167.55.128	m.pol-ice.ru	SystemdMiner	05/07/2019	verified	High
3	XX.X.X.X		Xxxxxxxxxxxx	05/07/2019	verified	High
4	XXX.XXX.XXX.XX	xxxx.xxx	Xxxxxxxxxxxx	05/07/2019	verified	High
5	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	05/07/2019	verified	High
6	XXX.X.XXX.XX		Xxxxxxxxxxxx	05/07/2019	verified	High
7	XXX.XXX.XX.XX	xxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxxxxxx	05/07/2019	verified	High
8	XXX.XX.X.X		Xxxxxxxxxxxx	05/07/2019	verified	High
9	XXX.XXX.X.X		Xxxxxxxxxxxx	05/07/2019	verified	High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-16	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
11	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
13	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
14	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
15	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/adfs/ls	predictive	Medium
2	File	/admin/uploads.php	predictive	High
3	File	/note/index/delete	predictive	High
4	File	/owa/auth/logon.aspx	predictive	High
5	File	/usr/bin/pkexec	predictive	High
6	File	xxxxxxxxxxxxx.xxx	predictive	High
7	File	xxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxx	predictive	High
8	File	xxxx.xxx	predictive	Medium
9	File	xxxx_xx.xx	predictive	Medium
10	File	xxxx/xxx_xxxx_xxxxx.x	predictive	High
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	High
13	File	xxxxx/xxxxxx.xxx	predictive	High
14	File	xxxxxxxxxxx_xxxxxxxxxxxx.xx	predictive	High
15	File	xxxxxxx.xxx	predictive	Medium
16	File	xxxxxxxxxx.xxx	predictive	High
17	File	xxx.x	predictive	Low
18	File	xxxx_xxxxx.xxx	predictive	High
19	File	xx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxx	predictive	High
20	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	High
21	Library	xxxxx.xxx	predictive	Medium
22	Library	xxxxx.xxx	predictive	Medium
23	Library	xxxxxx.xxx	predictive	Medium
24	Argument	xxx_xxxx	predictive	Medium
25	Argument	xxxx	predictive	Low
26	Argument	xx	predictive	Low
27	Argument	xxxxxxxxxxxxxx	predictive	High
28	Argument	xxxx	predictive	Low
29	Argument	xx	predictive	Low
30	Argument	xxxxxxxx	predictive	Medium
31	Argument	xxxx/xxxxxxxxxxx	predictive	High
32	Argument	xxxx	predictive	Low
33	Argument	xxxxxxxxxxx	predictive	Medium
34	Argument	xxxxxxxx	predictive	Medium
35	Argument	xx_xxxx_xxxxx	predictive	High
36	Input Value	<xxx xxx="xxxx://x"; xx xxxxxxx="$(’x').xxxx(’xxxxxx’)" />	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!