Andromeda Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	14
de	4

Country

us	10
gb	6
de	2

Actors

Patchwork	1
TA406	1
IcedID	1
DanaBot	1
Hackers-for-Hire	1

Activities

Interest

Timeline

Type

Content Management System	4
Not Defined	2
E-Commerce Management Software	2
WordPress Plugin	2
Operating System	2

Vendor

Not Defined	4
Secomea	2
Joomla	2
Ecommerce Online	2
Microsoft	2

Product

Secomea GateManager	2
Joomla CMS	2
Ecommerce Online Store Kit	2
sitepress-multilingual-cms Plugin	2
Microsoft Windows	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Secomea GateManager insufficient privileges	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.04	CVE-2022-25782
2	sitepress-multilingual-cms Plugin class-wp-installer.php cross-site request forgery	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00579	0.04	CVE-2020-10568
3	php-fusion downloads.php cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00159	0.00	CVE-2020-12708
4	Gallarific PHP Photo Gallery script gallery.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00136	0.05	CVE-2011-0519
5	Gallery My Photo Gallery image.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
6	Host Web Server phpinfo.php phpinfo information disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.05
7	ESMI PayPal Storefront products1h.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05468	0.00	CVE-2005-0936
8	Ecommerce Online Store Kit shop.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.08	CVE-2004-0300
9	Simple Real Estate Portal System sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00172	0.00	CVE-2022-28410
10	Microsoft Windows Win32k privileges management	7.3	6.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2021-1709
11	Google Android Widevine QSEE TrustZone Application access control	7.8	7.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00320	0.00	CVE-2015-6639
12	Joomla CMS InputFilter Upload unrestricted upload	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01427	0.03	CVE-2018-15882
13	Huawei iBMC Intelligent Baseboard Management Controller improper authentication	7.4	7.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00264	0.03	CVE-2018-7942
14	Liferay Portal privileges management	9.8	8.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00694	0.00	CVE-2011-1571

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	35.205.61.67	67.61.205.35.bc.googleusercontent.com	Andromeda		01/16/2023	verified	Medium
2	XXX.XXX.XX.XX		Xxxxxxxxx		01/16/2023	verified	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
2	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/my_photo_gallery/image.php	predictive	High
2	File	/reps/classes/Users.php?f=delete_agent	predictive	High
3	File	xxxxxxxxx/xxxxxxxxx.xxx	predictive	High
4	File	xxxxxxx.xxx	predictive	Medium
5	File	xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx	predictive	High
6	File	xxxxxxx.xxx	predictive	Medium
7	File	xxxxxxxxxx.xxx	predictive	High
8	File	xxxx.xxx	predictive	Medium
9	Argument	xxx_xx	predictive	Low
10	Argument	xx	predictive	Low
11	Argument	xxxxx	predictive	Low
12	Input Value	x xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!