XMRIG Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en104
zh100
ar94
es92
pl86

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ar94
es92
pl86
ru86
it82

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike1
Responder1
Sliver1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined56
WordPress Plugin36
Operating System8
Content Management System4
E-Commerce Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Tenda22
WebToffee2
Linux2
Cybele2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MailCleaner8
Tenda i216
Tenda 4G3004
Tenda AX18064
Tenda W15E4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.05CVE-2024-4327
2MailCleaner Email os command injection9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.24CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.05CVE-2024-4348
4MailCleaner Admin Interface cross site scripting6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.09CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.04CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
9Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.00CVE-2021-44790
10Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.09CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-41561
13Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32775
14Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32955
15Tenda i21 formQosManageDouble_auto stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-4246
16Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-28976
17Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
18ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
19AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
20Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.36.82.56xmrig01/22/2024verifiedHigh
243.163.195.252xmrig01/22/2024verifiedHigh
345.95.147.236protect.privacyxmrig12/29/2023verifiedHigh
4XX.XXX.XXX.XXXxxxxxx-xxx.xxxx.xxxxxxxXxxxx07/08/2023verifiedHigh
5XX.XXX.XXX.XXXxxxx02/28/2024verifiedHigh
6XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx08/09/2018verifiedHigh
7XX.XXX.XX.XXXXxxxx12/16/2023verifiedHigh
8XXX.XX.XXX.XXXxxxx08/09/2018verifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx04/02/2024verifiedHigh
10XXX.XXX.XX.XXXxxxx11/17/2023verifiedHigh
11XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxx03/18/2024verifiedHigh
12XXX.XX.XXX.XXxxxx08/09/2018verifiedHigh
13XXX.XXX.XX.XXxxx.x.xxxxxx.xxXxxxx08/09/2018verifiedHigh
14XXX.XXX.XXX.XX.Xxxxx08/09/2018verifiedHigh
15XXX.XXX.XXX.XXxxx-xxxx.xxxxx--xxxxxxx.xxxXxxxx08/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/all-productspredictiveHigh
2File/changePasswordpredictiveHigh
3File/goform/addIpMacBindpredictiveHigh
4File/goform/DelDhcpRulepredictiveHigh
5File/goform/delIpMacBindpredictiveHigh
6File/goform/DelPortMappingpredictiveHigh
7File/goform/modifyDhcpRulepredictiveHigh
8File/goform/modifyIpMacBindpredictiveHigh
9File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
10File/xxxxxx/xxxxxxxxxxpredictiveHigh
11File/xxxxxx/xxxxxxxxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
20File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
21File/xxx/xxxxxxx/xxxpredictiveHigh
22File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
23Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
24Filexxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
27Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
33Argumentxxxxx_xxxxxpredictiveMedium
34ArgumentxxxxxxxxxxxxxpredictiveHigh
35ArgumentxxxpredictiveLow
36ArgumentxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxxxxxpredictiveMedium
38ArgumentxxxxxxxxxxpredictiveMedium
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxxpredictiveLow
41ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
42Argumentxx/xxxxpredictiveLow
43ArgumentxxxxxxxpredictiveLow
44ArgumentxxpredictiveLow
45ArgumentxxxxxxxxxxxxxxpredictiveHigh
46ArgumentxxxxxxxxxxxxxpredictiveHigh
47Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
48ArgumentxxxxpredictiveLow
49ArgumentxxxxxxxxxxpredictiveMedium
50ArgumentxxxxxxxxxxxxpredictiveMedium
51ArgumentxxxxpredictiveLow
52ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
53Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
54ArgumentxxxxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
57ArgumentxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxpredictiveMedium
59Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
60ArgumentxxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxxxxpredictiveLow
65Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!