Monokle Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en932
ru34
fr22
de6
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

tt544
us44
ru36
gb2
al2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Monokle4
FIN71

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined64
Operating System44
Router Operating System18
Virtualization Software16
Multimedia Player Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Linux32
Oracle30
Juniper16
Google10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel32
Oracle VM VirtualBox12
Juniper Junos OS12
Juniper Junos OS Evolved12
Axiomatic Bento410

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linux Kernel API io_uring Privilege Escalation8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.09CVE-2022-2602
2Linux Kernel kcm kcmsock.c kcm_tx_work race condition2.62.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2022-3521
3Linux Kernel Socket Buffer sch_sfb use after free6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2022-3586
4Google Android HTBLogKM out-of-bounds write7.87.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000420.00CVE-2021-0699
5Linux Kernel Driver memory.c use after free5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000810.05CVE-2022-3523
6Linux Kernel IPv6 ipv6_renew_options memory leak5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2022-3524
7Linux Kernel BPF spl2sw_driver.c spl2sw_nvmem_get_mac_address use after free6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-3541
8Linux Kernel nftables nft_osf_eval information disclosure4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.08CVE-2022-42432
9Linux Kernel BPF usdt.c parse_usdt_arg memory leak4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.09CVE-2022-3533
10Linux Kernel libbpf btf_dump.c btf_dump_name_dups use after free6.36.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-3534
11Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001430.04CVE-2022-3640
12Linux Kernel BlueZ jlink.c jlink_init denial of service3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.09CVE-2022-3637
13Linux Kernel skb macvlan.c macvlan_handle_frame memory leak6.06.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001010.00CVE-2022-3526

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.252.121.133ooracing-centos8.tilaa.cloudMonokle03/28/2022verifiedHigh
246.4.180.48static.48.180.4.46.clients.your-server.deMonokle03/28/2022verifiedHigh
377.37.200.61broadband-77-37-200-61.ip.moscow.rt.ruMonokle03/28/2022verifiedHigh
488.99.111.46static.46.111.99.88.clients.your-server.deMonokle03/28/2022verifiedHigh
5XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxx.xxxXxxxxxx03/28/2022verifiedHigh
6XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx03/28/2022verifiedHigh
7XXX.XXX.XX.XXxxx.xxxXxxxxxx03/28/2022verifiedHigh
8XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx03/28/2022verifiedHigh
9XXX.XX.XX.Xxxxxxx-xx.xxxxxxxx.xxxXxxxxxx03/28/2022verifiedHigh
10XXX.XX.XX.XXxxxxxx-xx.xxxxxxxx.xxxXxxxxxx03/28/2022verifiedHigh
11XXX.XX.XX.XXXxxxxxx03/28/2022verifiedHigh
12XXX.XXX.XX.XXXxxxxxxxx.xxxxxxx.xx.xxXxxxxxx03/28/2022verifiedHigh
13XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxxxx03/28/2022verifiedHigh
14XXX.XXX.XX.XXxxxx.xx-xxx-xxx-xx.xxXxxxxxx03/28/2022verifiedHigh
15XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxXxxxxxx03/28/2022verifiedHigh
16XXX.XXX.XX.XXXxxxxxx03/28/2022verifiedHigh
17XXX.XXX.XXX.XXXXxxxxxx03/28/2022verifiedHigh
18XXX.XXX.XX.XXxxxx-xxx-xxx-xx-xx.xxxxxxx.xxXxxxxxx03/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (97)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/accesspredictiveHigh
2File/admin/students/manage.phppredictiveHigh
3File/goform/SetFirewallCfgpredictiveHigh
4File/goform/SetPptpServerCfgpredictiveHigh
5File/goform/SetSysTimeCfgpredictiveHigh
6File/goform/SetVirtualServerCfgpredictiveHigh
7File/htmlcode/html/reboot.cgipredictiveHigh
8File/php-sms/classes/Master.phppredictiveHigh
9File/php-sms/classes/SystemSettings.phppredictiveHigh
10File/queuing/login.phppredictiveHigh
11File/sacco_shield/manage_payment.phppredictiveHigh
12Filexxx-xxxxxxx.xxxpredictiveHigh
13Filexxxxx/xxxxxxxx/xxxxxxxxx/xxxx.xxxxpredictiveHigh
14Filexxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxx.xpredictiveMedium
18Filexxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx-xxx.xpredictiveMedium
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxx.xpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexxxxxx/xxx.xpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxx_xxxx_xxxxx_xx.xxxpredictiveHigh
27Filexxxxxx/xxxx-xxxxxxx.xxxpredictiveHigh
28Filexxxxxxx/xxx/xxxxxxxx.xpredictiveHigh
29Filexxxxxxx/xxxx/xxxxx/xxxxx_xxxx.xpredictiveHigh
30Filexxxxxxx/xxx/xxxxxxx/xxxx_xxx.xpredictiveHigh
31Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxx/xxxxx_xxxxxxx.xpredictiveHigh
32Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxx_xxx.xpredictiveHigh
33Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxx_xxxxxx.xpredictiveHigh
34Filexxxxxxx/xxx/xxxxxxx.xpredictiveHigh
35Filexxxxxxx/xxx/xxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx_xxxxx.xpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexx/xxxxxxx/xxxxxx.xpredictiveHigh
38Filexx/xxxxxxxxx.xpredictiveHigh
39Filexx/xxxxxxx.xpredictiveMedium
40Filexx/xxxxxxx.xpredictiveMedium
41Filexx/xxxx/xxxxx/xxxxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
42Filexxxxxx/xxxxxx.xpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexx/xxxxxxx.xpredictiveMedium
45Filexx/xxxxxx.xpredictiveMedium
46Filexxxxxxx/xxxxx.xpredictiveHigh
47Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveHigh
48Filexxx/xxx/xxxxx/xxxxxxxxx.xpredictiveHigh
49Filexxx/xxxx/xxxxxxx.xpredictiveHigh
50Filexxx/xxx/xxxxxxx.xpredictiveHigh
51Filexxx/xxxx/xx_xxxx.xpredictiveHigh
52Filexxx_xxxxxxxx.xpredictiveHigh
53Filexxx.xxxpredictiveLow
54Filexxx-xxxxxxxx.xxxpredictiveHigh
55Filexxxxx-xxxx.xpredictiveMedium
56Filexxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxx_xxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
59Filexx_xxxx.xxpredictiveMedium
60Filexx_xxx.xxpredictiveMedium
61Filexxxxxx/xxxxxxxxx.xxpredictiveHigh
62Filexxxx.xxpredictiveLow
63Filexxxxx/xxx/xxx/xxx_xxxx.xpredictiveHigh
64Filexxxxx/xxx/xxx/xxxx.xpredictiveHigh
65Filexxxxx/xxxx-xxxxxx.xpredictiveHigh
66Filexxxxx/xxxxxxx/xxxxxxxxx/xxx/xxxx_xxxxx/xxxxxx_xxxxx_xxxx.xpredictiveHigh
67Filexxx_xxxxxx.xpredictiveMedium
68Filexxxx/xxxx_xxxxxx.xpredictiveHigh
69ArgumentxxxxxxxxpredictiveMedium
70Argumentxxx_xxxpredictiveLow
71ArgumentxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxxxxxxxxxpredictiveMedium
73ArgumentxxpredictiveLow
74ArgumentxxxxxpredictiveLow
75ArgumentxxxxxxxxxxxxxxpredictiveHigh
76ArgumentxxxxxxxxxxpredictiveMedium
77Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxxpredictiveHigh
78Argumentxx_xxxx_xx/xx_xxxx_xxpredictiveHigh
79ArgumentxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxxxxxxxxxpredictiveHigh
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86Argumentxxxx/xxxxxxxxxpredictiveHigh
87ArgumentxxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxxpredictiveMedium
89Argumentxxx_xxxx_xxxxxx_xxxx_xxxxxxx_xxxxx_xxxxxxx_xxxxxx_xxxx_xx_xxxxxx_xxxxpredictiveHigh
90ArgumentxxxxxxpredictiveLow
91Argumentxxx_xxxxpredictiveMedium
92ArgumentxxxxxxxxxxxpredictiveMedium
93ArgumentxxxxxxxpredictiveLow
94Argumentxxx_xxpredictiveLow
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97Argumentxxxxxxxx/xxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!