Monero Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh36
en14
ja2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn50
us2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
Monero2
Tofsee1
pupy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Content Management System6
File Transfer Software4
Network Attached Storage Software4
NPM Package2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Microsoft4
QNAP4
HelpSystems2
Mattermost2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Samba4
QNAP QTS4
QNAP QuTS Hero4
QNAP QVP4
QNAP QVR4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1CakePHP offset sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.05CVE-2023-22727
2PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
3WordPress Editor information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006560.04CVE-2021-29450
4PostgreSQL link following6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.03CVE-2017-12172
5PbootCMS function.php parserIfLabel code injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.525510.04CVE-2022-32417
6PHP PHAR phar_dir_read buffer overflow8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000830.05CVE-2023-3824
7GNUBOARD5 install_db.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001550.03CVE-2020-18662
8Axios Package Redirect server-side request forgery5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.002740.04CVE-2020-28168
9Workerman-ThinkPHP-Redis Controller.class.php cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.03CVE-2021-43697
10Aladdin Knowledge Systems eSafe Gateway Filter privileges management7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.016220.00CVE-2001-0521
11Adminer server-side request forgery8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006790.03CVE-2018-7667
12QuiXplorer index.php path traversal7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.085210.00CVE-2013-1641
13Softnext SPAM SQR code injection7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.05CVE-2023-24835
14Cakefoundation CakePHP Error Message information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003180.00CVE-2011-3712
15rap2hpoutre Laravel Log Viewer Base64 Encoding access control7.47.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.063600.00CVE-2018-8947
16UniSharp laravel-filemanager download pathname traversal5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.090990.00CVE-2022-40734
17exceedone Exment/laravel-admin sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001290.06CVE-2022-37333
18laravel-admin unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001560.05CVE-2023-24249
19Laravel destruct deserialization7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001100.05CVE-2021-28254
20laravel-jqgrid EloquentRepositoryAbstract.php getRows sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.09CVE-2021-4262

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.187.154.37ns320368.ip-37-187-154.euMonero12/15/2019verifiedHigh
2XX.XX.XXX.XXXXxxxxx12/15/2019verifiedHigh
3XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx06/10/2019verifiedHigh
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxx06/10/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1FileController.class.phppredictiveHigh
2Filedata/gbconfiguration.datpredictiveHigh
3Filedede\co_do.phppredictiveHigh
4FilexxxxxxxxpredictiveMedium
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxx_xx.xxxpredictiveHigh
9Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
10Filexxxxxx.xxpredictiveMedium
11Filexxxx-xxxxxx.xpredictiveHigh
12Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx-xxxxxxxx.xxxpredictiveHigh
14ArgumentxxxxxxpredictiveLow
15ArgumentxxxpredictiveLow
16Argumentx/xx/xxxpredictiveMedium
17ArgumentxxxxxxpredictiveLow
18Argumentxxxxxxxx[]predictiveMedium
19ArgumentxxxxxxpredictiveLow
20Argumentxxxxx_xxxxxxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxx_xxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!