MedusaHTTP Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (596)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en522
it16
de16
zh12
pl10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us274
ru14
cn14
it12
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BianLian2
APT331
APT281
Meterpreter1
Wannacry1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined182
WordPress Plugin20
Content Management System16
Smartphone Operating System14
Web Server12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined186
Apple16
Microsoft14
Google12
Apache6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moodle10
Google Android8
PHP6
TikiWiki6
cPanel6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.33CVE-2010-0966
2Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000001.12
3Trivantis Coursemill Learning Management System userlogin.jsp input validation9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002720.00CVE-2013-3599
4Moodle Manifest locallib.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003130.00CVE-2014-3543
5TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
6Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009367.03CVE-2020-15906
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.37
9PHPizabi index.php path traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.05CVE-2008-3723
10MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.07CVE-2007-0354
11V-EVA Press Release Script page.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001870.43CVE-2010-5047
12Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
13eTicket newticket.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.002320.11CVE-2008-0093
14PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
15Hypersilence Silentum Guestbook silentum_guestbook.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001070.05CVE-2009-4687
16Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.07CVE-2015-5911
17PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailable0.005070.09CVE-2008-2018
18PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
19vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2018-6200
20jforum cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001170.11CVE-2012-5337

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1176.119.29.14dedicated.vsys.hostMedusaHTTP08/15/2019verifiedHigh
2XXX.XX.XX.XXXXxxxxxxxxx08/15/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
20TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
23TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (185)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=system_info/contact_infopredictiveHigh
2File/admin/login.phppredictiveHigh
3File/admin/produts/controller.phppredictiveHigh
4File/admin/user/teampredictiveHigh
5File/book-services.phppredictiveHigh
6File/cgi-bin/system_mgr.cgipredictiveHigh
7File/common/logViewer/logViewer.jsfpredictiveHigh
8File/crmeb/app/admin/controller/store/CopyTaobao.phppredictiveHigh
9File/en/blog-comment-4predictiveHigh
10File/forum/away.phppredictiveHigh
11File/getcfg.phppredictiveMedium
12File/goform/aspFormpredictiveHigh
13File/h/predictiveLow
14File/hocms/classes/Master.php?f=delete_collectionpredictiveHigh
15File/mifs/c/i/reg/reg.htmlpredictiveHigh
16File/ms/cms/content/list.dopredictiveHigh
17File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
18File/orms/predictiveLow
19File/plesk-site-preview/predictiveHigh
20File/project/PROJECTNAME/reports/predictiveHigh
21File/school/model/get_admin_profile.phppredictiveHigh
22File/student-grading-system/rms.php?page=gradepredictiveHigh
23File/xxxxxxxxx.xxxpredictiveHigh
24File/xxxxxxx/predictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxx-xxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxx/xxxxxxxxxx.xxxpredictiveHigh
31Filexxxxx/xxxx-xxxx.xxxpredictiveHigh
32Filexxxxx/xxxxx.xxxpredictiveHigh
33Filexxxxx_xxxxxxx_xxxxx.xxxpredictiveHigh
34Filexxx/xxxx/xxxxxxxxxxxxx/xxxx.xxxpredictiveHigh
35Filexxxx.xxx_xxxxx_xxxx_xxxxx.xxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxxxxxxxx.xxxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
41Filexxxxxxxxxx/xxx.xxxxxxxxxx/xxx.xxxxxxxxxx.xxpredictiveHigh
42Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxxx.xxxpredictiveMedium
45Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
46Filexxxxxxxxxxx/xx/xxx/xxxxxx/xxxxxx_xxx.xpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxx/xxxx/xxxxxxxx/xxxxxxxx_xxxx.xpredictiveHigh
49Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
50Filexxxxxxx.xxxpredictiveMedium
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxxx.xxxpredictiveHigh
53Filexxx/xxxxxx.xxxpredictiveHigh
54Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxx.xpredictiveLow
58Filexx/xxx.xxpredictiveMedium
59Filexxxxxxxxx_xx.x/xxxxx/xxxxx.xxx?x=xxxxxxxxxxxxx&x=xxxpredictiveHigh
60Filexxxxxx.xpredictiveMedium
61Filexxxxxxxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexxx/xxx/xxxx.xxxpredictiveHigh
65Filexxxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
66Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
67Filexxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
69Filexxx_xxxx.xxxpredictiveMedium
70Filexxxxxxx.xxxxpredictiveMedium
71Filexxxx.xxxpredictiveMedium
72Filexxxxxxxxxxx.xxpredictiveHigh
73Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
74Filexxxx/xxxx_xxxxxx.xxxpredictiveHigh
75Filexxxx.xxxpredictiveMedium
76Filexxxx.xxxpredictiveMedium
77Filexxxxx.xxxpredictiveMedium
78Filexxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxx.xxxpredictiveMedium
80Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
81Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
82Filexxxxxxx/xxx-xxxxxx-xxxxpredictiveHigh
83Filexxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
86Filexxx/xxxxxx.xpredictiveMedium
87Filexxx_xxxx.xxxpredictiveMedium
88Filexxxxxx_xxxxxxx.xpredictiveHigh
89Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
90Filexxxxxxxx.xxxxx.xxxpredictiveHigh
91Filexxxx-xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
92Filexxxx-xxxxxxxx.xxxpredictiveHigh
93Filexxxx-xxxxx.xxxpredictiveHigh
94Filexxxx-xxxxx.xxxpredictiveHigh
95Filexxxx-xxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxxx.xxpredictiveMedium
97Filexxxxxx/xxxxx/xxxxx_xxxxx.xxxpredictiveHigh
98Filexxxxxxx/xxxxxxxx-xxxxpredictiveHigh
99Filexxxxxxxxx.xxxpredictiveHigh
100Filexxx/xxx/xxx-xxxxxxpredictiveHigh
101Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
102Filexx-xxxxx/xxxx.xxxpredictiveHigh
103Library/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
104Library/xxx/xxx/xxxx.xxxpredictiveHigh
105Library/xxx/xxxxxx.xxxxx.xxxpredictiveHigh
106Libraryxxx/xxxx_xxxxxxx/xxxxxxpredictiveHigh
107Libraryxxx/xxxxxxx.xxxpredictiveHigh
108Libraryxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
109Libraryxxx/xxx/xxxxxxxx.xxxpredictiveHigh
110Libraryxxx.xxxpredictiveLow
111Libraryxxxxxxx.xxxpredictiveMedium
112Libraryxxxxxxxx.xxxpredictiveMedium
113Libraryxxxxxxxxxxxx.xxxpredictiveHigh
114Libraryxxxxxxx.xxxpredictiveMedium
115Argument-xpredictiveLow
116ArgumentxxxxxxxxxxxxxxpredictiveHigh
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxpredictiveLow
119ArgumentxxxpredictiveLow
120ArgumentxxxxxxxxxxpredictiveMedium
121Argumentxxx_xxpredictiveLow
122Argumentxx_xxxxxpredictiveMedium
123ArgumentxxxxxxxpredictiveLow
124Argumentxxxxxxx_xxxx/xxxxxxx_xxxxxxxpredictiveHigh
125Argumentxxxxxxx_xxpredictiveMedium
126ArgumentxxxxpredictiveLow
127ArgumentxxxpredictiveLow
128ArgumentxxxxxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxxxxxxxxxpredictiveHigh
131ArgumentxxxxxpredictiveLow
132Argumentxxxxx_xxxpredictiveMedium
133ArgumentxxxxpredictiveLow
134ArgumentxxpredictiveLow
135ArgumentxxxxxxxxpredictiveMedium
136Argumentxxxx_xxxxxpredictiveMedium
137Argumentxxxx_xxxxxxx_xxxxxxxxxpredictiveHigh
138Argumentxxxx_xxxxxxxpredictiveMedium
139ArgumentxxpredictiveLow
140Argumentxxx_xxxxxxxxpredictiveMedium
141Argumentxxxxx_xxx_xxxxxxxxxpredictiveHigh
142ArgumentxxxxxxpredictiveLow
143ArgumentxxxxxpredictiveLow
144Argumentxx_xxxxxxxxpredictiveMedium
145ArgumentxxxxxxxpredictiveLow
146ArgumentxxxxpredictiveLow
147ArgumentxxxxpredictiveLow
148ArgumentxxxxxxxpredictiveLow
149ArgumentxxxxxxxxxpredictiveMedium
150Argumentxx_xxxxxxxxpredictiveMedium
151Argumentxx_xxxxxpredictiveMedium
152Argumentxxx_xxxxxxxpredictiveMedium
153ArgumentxxxxxpredictiveLow
154ArgumentxxxxxxxxpredictiveMedium
155ArgumentxxxxxxxxxpredictiveMedium
156Argumentx_xxxxxxxpredictiveMedium
157ArgumentxxxxxxxxpredictiveMedium
158Argumentxxxxxxxx_xxxpredictiveMedium
159ArgumentxxxxxxpredictiveLow
160Argumentxxx_xxxxxxpredictiveMedium
161Argumentxxxxxx/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
162Argumentxxxxxx_xxxxpredictiveMedium
163ArgumentxxxxxxxxpredictiveMedium
164ArgumentxxxxxxxxxxxxxpredictiveHigh
165Argumentxxx_xxxxx/xxx_xxxxxx/xxx_xxxxxpredictiveHigh
166ArgumentxxxxxxpredictiveLow
167ArgumentxxxxxxxxpredictiveMedium
168ArgumentxxxxxxxpredictiveLow
169ArgumentxxxxxxxxxpredictiveMedium
170ArgumentxxxpredictiveLow
171ArgumentxxxxxxxxpredictiveMedium
172Argumentxxxxxx_xxxxpredictiveMedium
173ArgumentxxxpredictiveLow
174ArgumentxxxpredictiveLow
175ArgumentxxxxxxxxpredictiveMedium
176Argument_xxxxxxpredictiveLow
177Argument__x/xxxxxxpredictiveMedium
178Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
179Input Value<xxxxxx>xxxxx(x);</xxxxxx>predictiveHigh
180Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
181Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
182Input Valuexxxx:./../predictiveMedium
183Pattern|xx|xx|xx|predictiveMedium
184Network Portxxx/xxxxxpredictiveMedium
185Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!