Miner Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (366)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en314
fr20
ru12
de6
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

sc188
us80
li14
gb2
ml2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Miner3
Tor2mine1
Gafgyt1
Bashlite1
EwDoor1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined156
Operating System16
Content Management System16
Firewall Software16
Smartphone Operating System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined130
Microsoft20
Cisco12
Google10
Apple10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Google Android8
F5 BIG-IP6
Linux Kernel6
Cisco ASA6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1spring-boot-actuator-logview LogViewEndpoint.view path traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000490.04CVE-2023-29986
2Apache HTTP Server response splitting5.35.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.07CVE-2023-38709
3Jetty URI access control5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.489170.00CVE-2021-34429
4portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.974140.05CVE-2012-5958
5jquery-bbq Prototype Object.prototype code injection5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2021-20086
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.06CVE-2020-12440
7CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.07CVE-2019-15862
8Asus RT-AC2900 input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.085970.02CVE-2018-8826
9GitLab Community Edition/Enterprise Edition Permission permission assignment5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000540.04CVE-2019-18446
10phpMyAdmin PMA_safeUnserialize deserialization9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004330.00CVE-2016-9865
11phpMyAdmin Username sql injection7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.03CVE-2016-9864
12Red Hat JBoss Enterprise Application Platform Class deserialization3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003620.00CVE-2023-3171
13Red Hat JBoss Core Services httpd path traversal3.53.5$5k-$25k$0-$5kNot DefinedNot Defined0.000900.04CVE-2021-3688
14Ivanti Connect Secure/Policy Secure Web command injection8.68.6$0-$5k$0-$5kHighWorkaround0.973340.04CVE-2024-21887
15Ivanti Endpoint Manager sql injection9.29.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2023-39336
16Ivanti Sentry command injection9.18.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2023-41724
17Ivanti Connect Secure/Policy Secure IPSec heap-based overflow8.48.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.00CVE-2024-21894
18F5 BIG-IP Configuration Utility path traversal9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002300.04CVE-2023-41373
19F5 BIG-IP Configuration Utility improper authentication8.98.7$5k-$25k$0-$5kHighOfficial Fix0.970410.08CVE-2023-46747
20F5 BIG-IP iControl REST Endpoint command injection6.76.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-22093

IOC - Indicator of Compromise (29)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.9.116.27static.27.116.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
25.9.175.19static.19.175.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
35.9.176.3static.3.176.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
45.9.198.83static.83.198.9.5.clients.your-server.deMiner04/14/2022verifiedHigh
513.107.21.200Miner04/14/2022verifiedHigh
623.6.70.227a23-6-70-227.deploy.static.akamaitechnologies.comMiner04/14/2022verifiedHigh
7XX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
8XX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
9XX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
10XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx04/14/2022verifiedMedium
11XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxx04/14/2022verifiedMedium
12XX.XXX.XXX.XXxx.xxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
13XX.XXX.XXX.XXxx.xxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
14XX.XX.XX.XXxx.xxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
15XX.XXX.XXX.XXxxx.xxxxxxx.xxxXxxxx04/14/2022verifiedHigh
16XX.XXX.XX.XXXxxxx03/11/2022verifiedHigh
17XX.X.XX.XXXxxx-x-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
18XX.X.XX.XXxxx-x-xx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
19XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
20XXX.XX.XXX.XXXxxxx07/09/2022verifiedHigh
21XXX.XXX.X.XXxxxx04/14/2022verifiedHigh
22XXX.XXX.XX.XXxxxx04/14/2022verifiedHigh
23XXX.XXX.XX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxx04/14/2022verifiedHigh
24XXX.XXX.XX.XXxxxx-xxx-xx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
25XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxx04/14/2022verifiedHigh
26XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx04/14/2022verifiedHigh
27XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxx03/11/2022verifiedHigh
28XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxx03/11/2022verifiedHigh
29XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxx04/14/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-55CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (111)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/pic/admin/type/pl_savepredictiveHigh
2File/admin/sysmon.phppredictiveHigh
3File/api/content/posts/commentspredictiveHigh
4File/app/sys1.phppredictiveHigh
5File/churchcrm/WhyCameEditor.phppredictiveHigh
6File/debug/pprofpredictiveMedium
7File/example/editorpredictiveHigh
8File/goform/aspFormpredictiveHigh
9File/Home/GetAttachmentpredictiveHigh
10File/index.php?page=search/rentalspredictiveHigh
11File/members/view_member.phppredictiveHigh
12File/mgmt/tm/util/bashpredictiveHigh
13File/modules/projects/vw_files.phppredictiveHigh
14File/xxx_xxxx_xxxxxxx.xxxpredictiveHigh
15File/xxxx.xxxpredictiveMedium
16File/xxxxxxxx/xxxxpredictiveHigh
17File/xxx/xxx/xxxxxxx/predictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxx/xxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxx-xxx/xxxx_xxx.xxxpredictiveHigh
22Filexxx.xxxpredictiveLow
23Filexxxxxx\xxx.xpredictiveMedium
24Filexxxxxx.xpredictiveMedium
25Filexxxxxxx.xpredictiveMedium
26Filexxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx/xxxxpredictiveMedium
29Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
30Filexxxx-xxxxx-xxxxxxxxx.xxxpredictiveHigh
31Filexxxxxx_xxx.xpredictiveMedium
32Filexxxxxxxxxxxxxx.xxpredictiveHigh
33Filexx/xxxxxxx/xxx.xpredictiveHigh
34Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
37Filexxxxxx.xpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxx.xxx/xxx.xxxpredictiveHigh
40Filexx.xxxpredictiveLow
41Filexxxxxxxxxxxx/xxx.xpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxx_xxxxxxxxx.xpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxx_xxxxx_xxxx.xpredictiveHigh
46Filexxxxxxxx.xpredictiveMedium
47Filexxxxxxxx/xxxxxx/xxxxxx/_xxxxxxxxxxxx/_xxxxxxxx.xxxpredictiveHigh
48Filexxxxxxx/xxxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxx_xxxxxxx.xpredictiveHigh
52Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
53Filexxxxxxxx.xpredictiveMedium
54Filexxxxxx.xpredictiveMedium
55Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveHigh
56Filexxx_xxxxx_xxxxxxxxx.xpredictiveHigh
57Filexxxxxx.xxpredictiveMedium
58Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
59Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveHigh
61Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
62Filexxxxx.xpredictiveLow
63Filexxxx.xxxpredictiveMedium
64Filexxx xxxx xxxxxxxpredictiveHigh
65Filexxxxx/xxx_xxxxxx.xpredictiveHigh
66Filexxx_xxx.xxxxpredictiveMedium
67Filexxx/xxx/xxxxxxxxxx/xxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
68Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
69Filexxxxx-xxxxxx.xxxpredictiveHigh
70Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveHigh
71Libraryxxxxx.xxxpredictiveMedium
72Libraryxxxxx.xxxpredictiveMedium
73Argument-xpredictiveLow
74ArgumentxxxxxxxxxxxxxxpredictiveHigh
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxpredictiveLow
77Argumentxxxxxx_xxxpredictiveMedium
78Argumentxxxxxxx-xxxxpredictiveMedium
79Argumentxxxxxx/xxxxxxxxxxpredictiveHigh
80ArgumentxxxxpredictiveLow
81Argumentxxxxxx/xxxxxxxpredictiveHigh
82Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
83ArgumentxxxxxpredictiveLow
84ArgumentxxxxxxxxpredictiveMedium
85Argumentxxxx xxxxpredictiveMedium
86ArgumentxxxxxpredictiveLow
87Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveHigh
88ArgumentxxxxxxpredictiveLow
89Argumentxxxx_xxx_xxxx_xxxxpredictiveHigh
90ArgumentxxpredictiveLow
91Argumentxxx_xxxxxxxpredictiveMedium
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxxxxxx_xxxxxx_xxxpredictiveHigh
94ArgumentxxxxxxxxxxpredictiveMedium
95Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveHigh
96ArgumentxxxxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxxxxxpredictiveMedium
99Argumentxxxxxxx/xxxxxpredictiveHigh
100Argumentxxxxx/xxxxxxxxpredictiveHigh
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
103Argumentxx_xxx_xxxxxpredictiveMedium
104Input Value../predictiveLow
105Input ValuexxxxxxxxpredictiveMedium
106Input ValuexxpredictiveLow
107Input Value\xpredictiveLow
108Network Portxxxxx xxx-xxxpredictiveHigh
109Network Portxxx/xxpredictiveLow
110Network Portxxx/xxxpredictiveLow
111Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!