GreenMwizi Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (198)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en196
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ke198

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

GreenMwizi1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Web Server16
Router Operating System12
Programming Language Software10
Content Management System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined50
Apache16
Microsoft10
Cisco6
Oracle6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server10
Apache Tomcat6
PHP6
WordPress6
OpenSSH4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.15CVE-2014-4078
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.15CVE-2017-0055
3Samsung Galaxy OMACP Message Config 7pk error7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001150.05CVE-2016-7991
4OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.18CVE-2016-6210
5Apache Tomcat CORS Filter 7pk security8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.04CVE-2018-8014
6Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.06
7Huawei B315s-22 information disclosure5.45.1$5k-$25k$0-$5kProof-of-ConceptNot Defined0.002780.02CVE-2018-7921
8JIRA Access Check CachingResourceDownloadRewriteRule access control7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.971310.07CVE-2019-8442
9Portainer API Endpoint check credentials management8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003040.03CVE-2018-19367
10Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.03
11OpenNetAdmin os command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.008570.06CVE-2019-25065
12Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.03CVE-2018-1312
13Rapidleech upload.php path traversal5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004430.00CVE-2009-1089
14Huawei HG532 Service Port 37215 input validation7.57.4$5k-$25k$0-$5kNot DefinedWorkaround0.876080.00CVE-2017-17215
15Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog cryptographic issues8.17.1$25k-$100k$0-$5kUnprovenOfficial Fix0.382560.06CVE-2013-1862
16OpenSSH access control8.47.9$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.000450.00CVE-2008-1483
17Apache HTTP Server mod_http2 resource management5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.046130.04CVE-2016-1546
18D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial Fix0.000000.02
19Tenda AC10U saveParentControlInfo stack-based overflow6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.26CVE-2024-0931
20Tenda AC10U setSmartPowerManagement stack-based overflow6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.12CVE-2024-0932

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1154.123.56.191kiboko.telkom.co.keGreenMwizi03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/users/admin/checkpredictiveHigh
3File/getcfg.phppredictiveMedium
4File/goform/setDeviceSettingspredictiveHigh
5File/server-statuspredictiveHigh
6File/uncpath/predictiveMedium
7File/updown/upload.cgipredictiveHigh
8Fileadmin_main.phppredictiveHigh
9Fileapi/sms/send-smspredictiveHigh
10Filexxxxx/xxxxxxx/xxxxxxxxxxxxxpredictiveHigh
11Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictiveHigh
13Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxx/xxxxx.xxxpredictiveHigh
15Filexxxxxxx/xxxxxxxxx/xxxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx_xxxx.xxxxpredictiveHigh
18Filexxxxxxx-xxxxxxx/xxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxx/xxxxxx.xxpredictiveHigh
19Filexxxxxxx_xxxxxx.xxxpredictiveHigh
20Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
21Filexxxxxxxxxx.xxxxxpredictiveHigh
22Filexxxx_xxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
25Filexxxxxxx.xxpredictiveMedium
26Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictiveHigh
27Filexxxx-xxxxxx.xpredictiveHigh
28Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxx/xxxxxxxx.xpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx/predictiveLow
33Filexxx%xxxxx-xxxxxxxxxxxxx+xxxxxxx/xxxxxxx+xxxxx+xxxx/predictiveHigh
34Filexxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxx_xxxxxx.xxxpredictiveHigh
38Filexxxx-xxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
40File\xxx\xxxxx\xxxxxx.xxxpredictiveHigh
41Libraryxxxxxxxxx.xxx/xxxxxxxxx.xxxpredictiveHigh
42Libraryxxxxxx.xxxpredictiveMedium
43Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
44ArgumentxxxxxxpredictiveLow
45Argumentxxx_xxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47Argumentxxxxxxxx/xxxx/xxxxpredictiveHigh
48ArgumentxxxxxxxpredictiveLow
49Argumentxxxx_xxxxxxxpredictiveMedium
50Argumentxxxx/xxxxxxxx xxxx/xxxxx/xxxxxxx/xxxxxxx/xxx xxxxx xxxxxxxxxpredictiveHigh
51Argumentxxx[xxxx][xx_xxxx_xxxx]predictiveHigh
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
57ArgumentxxxxpredictiveLow
58Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
59Argumentxxxxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxx/xxxx/xxxxx/xxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
60Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
61Argumentxxxx_xxpredictiveLow
62ArgumentxxxxpredictiveLow
63Argumentxxxxxxxx/xxxxpredictiveHigh
64Argumentxxxx->xxxxxxxpredictiveHigh
65Argument_xxx_xxxxxxxxxxx_predictiveHigh
66Input Value/..predictiveLow
67Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
68Pattern|xx|xx|xx|predictiveMedium
69Network Portxxx/xxxx (xxxxx)predictiveHigh
70Network Portxxx/xxxxpredictiveMedium
71Network Portxxx/xxxxxpredictiveMedium
72Network Portxxx/xxx (xxx)predictiveHigh
73Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!