Monarchy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

ru	26
en	12
fr	6

Country

ru	42
us	2

Actors

Monarchy	2

Activities

Interest

Timeline

Type

Not Defined	16
Web Browser	10
Social Network Software	2
Smartphone Operating System	2
Unified Communication Software	2

Vendor

Google	12
Not Defined	6
Twitter	2
Adobe	2
Huawei	2

Product

Google Chrome	10
Twitter Recommendation Algorithm	2
Google Android	2
Adobe Animate	2
Huawei EMUI	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Fluent Fluentd/Fluent-ui hard-coded password	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.04	CVE-2020-21514
2	SourceCodester E-Commerce System setDiscount.php sql injection	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.06	CVE-2023-1505
3	Zoom Client for IT toctou	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2023-22883
4	Google Chrome Browser History heap-based overflow	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00268	0.00	CVE-2023-1820
5	Google Chrome WebShare Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00160	0.04	CVE-2023-1821
6	D-Link Go-RT-AC750 soapcgi.main command injection	7.6	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00645	0.04	CVE-2023-26822
7	Convert To Pipeline Plugin Freestyle Project Configuration code injection	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00177	0.00	CVE-2023-28677
8	Keycloak data authenticity	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.04	CVE-2023-0264
9	WellinTech KingHistorian Network Packet SORBAx64.dll signed to unsigned conversion error	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00190	0.00	CVE-2022-43663
10	Adobe Animate stack-based overflow	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06677	0.02	CVE-2023-22243
11	unpoly-rails Gem Header resource consumption	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00282	0.02	CVE-2023-28846
12	Twitter Recommendation Algorithm denial of service	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00111	0.02	CVE-2023-29218
13	OTCMS apiRun.php AutoRun cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.03	CVE-2023-1635
14	OTCMS unrestricted upload	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00119	0.23	CVE-2023-1797
15	Huawei EMUI/HarmonyOS WLAN Module permission	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00221	0.00	CVE-2022-39009
16	TP-Link AX1800 Firmware Parser stack-based overflow	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02	CVE-2023-27346
17	NoMachine permission	6.8	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.03	CVE-2022-34043
18	sjqzhang go-fastdfs File Upload uploa upload path traversal	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00176	0.23	CVE-2023-1800
19	Google Chrome FedCM Privilege Escalation	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00206	0.05	CVE-2023-1823
20	Google Chrome Intents Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00206	0.00	CVE-2023-1817

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	45.76.47.218	45.76.47.218.vultr.com	Monarchy	07/22/2021	verified	Medium
2	XXX.XXX.XX.XXX		Xxxxxxxx	07/22/2021	verified	High
3	XXX.XXX.XXX.XXX	xxxxxxxxxxxxxxxxx-xxxxxxx.xxxxxx.xx	Xxxxxxxx	07/22/2021	verified	High
4	XXX.XXX.XXX.XXX		Xxxxxxxx	07/22/2021	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006		CWE-24	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/ecommerce/admin/settings/setDiscount.php	predictive	High
2	File	/group1/uploa	predictive	High
3	File	apiRun.php	predictive	Medium
4	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
5	File	xxxxxxx.xxxx	predictive	Medium
6	File	xxxxxxxxxxxx.xxx?xxxx=xxx	predictive	High
7	Library	xxxxxxxx.xxx	predictive	Medium
8	Argument	xx	predictive	Low
9	Argument	xxxx	predictive	Low
10	Argument	xx	predictive	Low
11	Argument	xxxxxxx	predictive	Low
12	Argument	xxx	predictive	Low
13	Argument	x-xx-xxxxxxxx	predictive	High
14	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!