MoustachedBouncer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en18
ru6
it2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us16
ru6
ir2
gb2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MoustachedBouncer4
Qakbot1
Amadey1
Meterpreter1
NoName057(16)1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
WordPress Plugin4
Content Management System4
Web Server2
Log Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
MODX4
Apache2
Thomas R. Pasawicz2
Splunk2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MODX Revolution4
Apache HTTP Server2
Void Contact Form 7 Widget for Elementor Page Bui ...2
Thomas R. Pasawicz HyperBook Guestbook2
Splunk Enterprise2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1PyJWT PEM Encoded Public Key asymmetric invalid_strings access control7.46.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.05CVE-2017-11424
2SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.00CVE-2023-2090
3XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003720.07CVE-2017-16725
4EmbedThis GoAhead login injection7.97.9$0-$5k$0-$5kNot DefinedNot Defined0.007900.04CVE-2019-16645
5SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php sql injection4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1928
6AUO SunVeillance Monitoring System Access Control Picture_Manage_mvc.aspx unrestricted upload8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.250880.02CVE-2019-12719
7HPE Integrated Lights-Out 5 Privilege Escalation7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2022-28640
8MediaTek MT6873/MT6875/MT6883/MT6885/MT6889/MT6891/MT6893 mdlactl Driver memory corruption6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2021-0655
9Vinteo VCC cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2022-48020
10Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
11Cisco ASA ASDM Image data authenticity7.87.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.007230.02CVE-2022-20829
12Apache HTTP Server Inbound Connection request smuggling7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.011920.04CVE-2022-22720
13Mod Wsgi mod_wsgi 7pk security9.38.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2014-8583
14BEA WebLogic Server access control7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.002710.00CVE-2007-4614
15wu-ftpd fb_realpath memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.795430.02CVE-2003-0466
16Netgear WN604/WN802Tv2/WNAP210/WNAP320/WNDAP350/WNDAP360 boardDataWW.php command injection9.89.8$5k-$25k$0-$5kHighNot Defined0.973730.08CVE-2016-1555
17Splunk Enterprise Search Parameter injection8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.03CVE-2022-26889
18Apache HTTP Server mod_session_dbd denial of service7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.012190.03CVE-2013-2249
19Cisco Expressway Series Session Initiation Protocol denial of service6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2020-3596
20MODX Revolution Access Control connector.php access control8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.014510.02CVE-2019-1010178

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Diplomats

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
124.9.51.94MoustachedBouncerDiplomats08/20/2023verifiedHigh
235.214.56.22.56.214.35.bc.googleusercontent.comMoustachedBouncerDiplomats08/20/2023verifiedMedium
3XX.X.X.XXXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedHigh
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedHigh
5XX.XXX.XXX.XXXXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedHigh
6XX.X.X.XXxxx-xx-x-x-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedMedium
7XX.X.X.XXXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedHigh
8XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedHigh
9XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedHigh
10XXX.XX.XX.XXXXxxxxxxxxxxxxxxxxXxxxxxxxx08/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit-admin.phppredictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3Filexxxxxx/xxxxxxxxxx/xxxx/xxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
4Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxxpredictiveMedium
7Filexxxxxxx_xxxxxx_xxx.xxxxpredictiveHigh
8Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
9ArgumentxxxxxxxxxpredictiveMedium
10ArgumentxxxxxxxxxxpredictiveMedium
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxpredictiveLow
14PatternxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!