WannaMine Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (165)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us6
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike1
WannaMine1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined120
Project Management Software6
Testing Software4
File Transfer Software4
SSH Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

SourceCodester38
Not Defined30
Campcodes8
Tenda6
Totolink4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Campcodes Beauty Salon Management System6
openBI4
SourceCodester Simple Student Attendance System4
SourceCodester Online Tours & Travels Management S ...4
SourceCodester Online Payroll System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Nsasoft ShareAlarmPro Registration memory corruption5.45.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.05CVE-2024-0772
2Jspxcms Survey Label cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.04CVE-2024-0721
3code-projects Library Management System index.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.06CVE-2023-7111
4SourceCodester Simple Student Attendance System attendance.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.06CVE-2023-6617
5code-projects Matrimonial Site sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.03CVE-2023-6651
6CodeAstro Internet Banking System pages_reset_pwd.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.03CVE-2023-5695
7SourceCodester Online Computer and Laptop Store brand.php delete_brand sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001190.03CVE-2023-1951
8Tenda W9 httpd formOfflineSet stack-based overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.004230.03CVE-2024-0540
9Advantech iView command injection9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.195280.04CVE-2022-2143
10D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials9.89.6$5k-$25k$0-$5kHighWorkaround0.012740.34CVE-2024-3272
11Bdtask Multi-Store Inventory Management System cross site scripting2.42.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.19CVE-2024-2997
12Campcodes Online Marriage Registration System application-bwdates-reports-details.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.05CVE-2024-2777
13lakernote EasyAdmin saveReportFile path traversal6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-2825
14PHPGurukul Tourism Management System user-bookings.php cross site scripting2.42.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-1822
15SourceCodester Daily Habit Tracker update-tracker.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2075
16Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-1783
17openBI Unity.php uploadUnity unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2024-1113
18SourceCodester Facebook News Feed Like Post unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000910.07CVE-2024-1027
19Juanpao JPShop UploadsController.php actionUpdate unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.11CVE-2024-1264
20openBI Icon.php uploadIcon unrestricted upload8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.14CVE-2024-1035

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.77.148.10245.77.148.102.vultrusercontent.comWannaMine10/23/2023verifiedHigh
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx10/23/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (189)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?p=productspredictiveMedium
2File/adminpredictiveLow
3File/admin/action/update-deworm.phppredictiveHigh
4File/admin/application-bwdates-reports-details.phppredictiveHigh
5File/admin/curriculum/view_curriculum.phppredictiveHigh
6File/admin/deduction_row.phppredictiveHigh
7File/admin/departments/view_department.phppredictiveHigh
8File/admin/edit-accepted-appointment.phppredictiveHigh
9File/admin/edit_category.phppredictiveHigh
10File/admin/edit_teacher.phppredictiveHigh
11File/admin/login.phppredictiveHigh
12File/admin/maintenance/brand.phppredictiveHigh
13File/admin/order.phppredictiveHigh
14File/admin/pages/update_go.phppredictiveHigh
15File/admin/products/manage_product.phppredictiveHigh
16File/admin/transactions/track_shipment.phppredictiveHigh
17File/admin/vote_edit.phppredictiveHigh
18File/api/admin/store/product/listpredictiveHigh
19File/api/controllers/common/UploadsController.phppredictiveHigh
20File/application/index/controller/Icon.phppredictiveHigh
21File/application/index/controller/Unity.phppredictiveHigh
22File/apply/index.phppredictiveHigh
23File/auth/auth.php?user=1predictiveHigh
24File/b2b-supermarket/shopping-cartpredictiveHigh
25File/xxx/xxxpredictiveMedium
26File/xxxxpredictiveLow
27File/xxxxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
28File/xxx-xxx/xxxxxxx.xxxpredictiveHigh
29File/xxx-xxx/xxxxxxx.xxx?xxxxxx=xxxxxpredictiveHigh
30File/xxx-xxx/xxx_xxxxxxx.xxxpredictiveHigh
31File/xxxxxxxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
32File/xxxxx/xxxx-xxxxpredictiveHigh
33File/xxx.xxxpredictiveMedium
34File/xxxx/xxxxxxpredictiveMedium
35File/xxxxxxxxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
36File/xxxxxpredictiveLow
37File/xxxxxxxxx/xxxxpredictiveHigh
38File/xxxpredictiveLow
39File/xxx-xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
40File/xxxxxxxxxx/xxxxx_xxxx_xxxx.xxxpredictiveHigh
41File/xxxxxxxxxxx/xxx_xxxxxxx.xxxpredictiveHigh
42File/xxxxxxxx_x/xxxxxx/xxxxxxxxxxx/xxxxxxx/xxxxxxxxx-xxxx.xxxpredictiveHigh
43File/xxxxx_xxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
44File/xxxxxxxx/xxxxxxxpredictiveHigh
45File/xxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
46File/xxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
47File/xxxx/xxxxxx/xxxxxxpredictiveHigh
48File/xxxxxxxxxx.xxxpredictiveHigh
49File?x=xxxxxxxxxxx/xxxxxxxxxxx/xxxxpredictiveHigh
50File?x=xxxxxxx/xxxxxxx/xxxxxx&xxxxxxxxxx=xpredictiveHigh
51Filexxxxxxx.xxxxx.xxxpredictiveHigh
52Filexxxxx/predictiveLow
53Filexxxxx/?xxxx=xxxx/xxxxpredictiveHigh
54Filexxxxx/xxxxxxxx.xxxpredictiveHigh
55Filexxxxx/xxxx-xxxxxx-xxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxx/xxxxxxxxxx/xxxxxxx_xxxxxx.xxxpredictiveHigh
57Filexxxxx/xxxxxxxx_xxx.xxxpredictiveHigh
58Filexxxxx_xxxxx.xxxpredictiveHigh
59Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxx.xxxxxxpredictiveMedium
61Filexxx.xxpredictiveLow
62Filexxxxxxxxxx.xxxpredictiveHigh
63Filexxxx.xxxpredictiveMedium
64Filexxx-xxx/xxxxxxxxx/xxxx/xxxxxxxx.xxxxpredictiveHigh
65Filexxx/xxxxxx/xxxxxxx/xx/xxxxxx/xxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
66Filexxxxxx_xxxx.xxxpredictiveHigh
67Filexxxx/xxxxx.xxpredictiveHigh
68Filexxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxx.xxxpredictiveHigh
70Filexxxx_xxxxxxx.xxxpredictiveHigh
71Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
72Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
73Filexxxxx_xxxxx.xxxpredictiveHigh
74Filexxxxxxxx/xxxxxx-xxxx.xxxpredictiveHigh
75Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveHigh
76Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxxx_xxxx.xxxpredictiveHigh
78Filexxxxx.xxxpredictiveMedium
79Filexxxx_xxxx_xxxx.xxxpredictiveHigh
80Filexxxxx.xxxpredictiveMedium
81Filexxx/xxxxxxx/xxxx/xxxxxxx_xxxx.xxpredictiveHigh
82Filexxxxx.xxxpredictiveMedium
83Filexxxxx_xx.xxxxpredictiveHigh
84Filexxxx.xpredictiveLow
85Filexxxxxxxxxxx/xxxx.xxpredictiveHigh
86Filexxxxxx_xxxxxx.xxxpredictiveHigh
87Filexxxxxx_xxxx.xxxpredictiveHigh
88Filexxxxxx.xxx?x=xxxx_xxxxxxxpredictiveHigh
89Filexxxxxxx.xxxpredictiveMedium
90Filexxxxx/xxxxxxxx.xxxpredictiveHigh
91Filexxxxx_xxxxx_xxx.xxxpredictiveHigh
92Filexxxxx.xxxx.xxxpredictiveHigh
93Filexxxxx_xxxxxx.xxxpredictiveHigh
94Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
95Filexxxxxxx-xxxxxx.xxxpredictiveHigh
96Filexxxxxxx.xxxpredictiveMedium
97Filexxxxxxxxxxxxxx.xxxpredictiveHigh
98Filexxxxxxxx-xxxx/xxxxxxxx/xxxxx.xxpredictiveHigh
99Filexxxxxxxx.xxxpredictiveMedium
100Filexxx/xxxx_xxxxxx.xpredictiveHigh
101Filexxxxxxxxxxxx.xxxpredictiveHigh
102Filexxxxxxxxxxx.xxxpredictiveHigh
103Filexxxx-xxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
105Filexxxx_xxxxxxxx.xxxpredictiveHigh
106Filexxxxxxx/xxxxx/xxxxxxx/predictiveHigh
107File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
108File_xxxxx.xxxpredictiveMedium
109Libraryx:/xxxxxxx xxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
110Libraryxxxxxx.xxxpredictiveMedium
111Libraryxxxxx.xxxpredictiveMedium
112Libraryxxx/xxxxx/xxxxxxxx_xxxxx.xxxpredictiveHigh
113ArgumentxxxxxxxpredictiveLow
114ArgumentxxxxxxxxpredictiveMedium
115Argumentxxxxxxxx xxxx/xxxxx xxxx/xxxxx xxxx/xxxx xxxxpredictiveHigh
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxxx_xxpredictiveMedium
120Argumentxxxx_xxpredictiveLow
121Argumentxxxxxxx[x][xxxx]predictiveHigh
122Argumentxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
123ArgumentxxxxxxxxxpredictiveMedium
124ArgumentxxxxpredictiveLow
125ArgumentxxxpredictiveLow
126ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxxxxxxxxxpredictiveMedium
129ArgumentxxxxxpredictiveLow
130ArgumentxxxxxxxxpredictiveMedium
131Argumentxxxxxxxx[xxxxxxx_xx]predictiveHigh
132ArgumentxxxxpredictiveLow
133ArgumentxxxxxxpredictiveLow
134ArgumentxxxxxxxxpredictiveMedium
135Argumentxxxxxxxxx/xxxxxxxxpredictiveHigh
136ArgumentxxxxpredictiveLow
137ArgumentxxxxxxxxpredictiveMedium
138ArgumentxxxxxxxxpredictiveMedium
139Argumentxxxx xxxxpredictiveMedium
140Argumentxxxxx_xxpredictiveMedium
141ArgumentxxxxxpredictiveLow
142ArgumentxxxxpredictiveLow
143Argumentxxxx_xxxxpredictiveMedium
144ArgumentxxpredictiveLow
145Argumentxxx/xxxpredictiveLow
146ArgumentxxxxxpredictiveLow
147ArgumentxxxxxxpredictiveLow
148ArgumentxxxxxxxxpredictiveMedium
149Argumentxxxxxx_xxpredictiveMedium
150Argumentxxxxxxx xxxxpredictiveMedium
151ArgumentxxxxxxxpredictiveLow
152ArgumentxxxpredictiveLow
153ArgumentxxxxpredictiveLow
154ArgumentxxxxpredictiveLow
155Argumentxxxx/xxxpredictiveMedium
156ArgumentxxxxpredictiveLow
157ArgumentxxxxpredictiveLow
158Argumentxxxx/xxxxxpredictiveMedium
159Argumentxxxxx_xxxxpredictiveMedium
160ArgumentxxxxxxxxpredictiveMedium
161ArgumentxxxxxxxxxpredictiveMedium
162ArgumentxxxxxxxxxxxxxpredictiveHigh
163ArgumentxxxxxxxxxpredictiveMedium
164ArgumentxxxxxxpredictiveLow
165ArgumentxxxxxxxxxxpredictiveMedium
166Argumentxxxxxx_xxxxxxpredictiveHigh
167ArgumentxxxpredictiveLow
168ArgumentxxxxxxxxxpredictiveMedium
169ArgumentxxxxxxxpredictiveLow
170ArgumentxxxxxxxxxxxxpredictiveMedium
171ArgumentxxxxxpredictiveLow
172ArgumentxxxpredictiveLow
173ArgumentxxxxxxxxpredictiveMedium
174ArgumentxxxpredictiveLow
175ArgumentxxxpredictiveLow
176Argumentxxxxx_xxxxxxpredictiveMedium
177ArgumentxxxxpredictiveLow
178Argumentxxxx/xxxxpredictiveMedium
179ArgumentxxxxxxxxpredictiveMedium
180Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
181ArgumentxxxpredictiveLow
182ArgumentxxxxxpredictiveLow
183ArgumentxxxxxxxpredictiveLow
184Input Value(xxxxxxxxx(xxxx,xxxxxx(xxxx,xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx),xxxx))predictiveHigh
185Input Valuex+xxxxxxx+xxxxxpredictiveHigh
186Input ValuexxxpredictiveLow
187Input ValuexxxxxxxxxxpredictiveMedium
188Input Valuexxxx%xx%xxxxxxxx%xxxxxxx(%xxxxxxxx%xx)%xx/xxxxxx%xxpredictiveHigh
189Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!