MagnetGoblin Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (149)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en118
zh16
ja4
pl4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us64
cn24
es2
ru2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MagnetGoblin3
Mirai2
DarkComet2
DCRat2
Bashlite2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined72
WordPress Plugin12
Operating System12
Programming Language Software8
Content Management System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined44
SourceCodester8
Apple6
IBM4
Adobe4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
Apple macOS4
Microsoft Windows4
Avira Internet Security2
TIBCO iWay Service Manager2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.07CVE-2007-0529
2Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.36CVE-2009-4935
3AUO SunVeillance Monitoring System Access Control Picture_Manage_mvc.aspx unrestricted upload8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.250880.02CVE-2019-12719
4SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-1875
5Adtran SR400ac Ping Command command injection8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.03CVE-2023-38120
6Canon Satera LBP670C CPCA Color LUT Resource Download Process out-of-bounds write9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.001290.03CVE-2023-6234
7SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.07CVE-2024-1196
8Form.io Email Template injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.005250.04CVE-2020-28246
9Git path traversal7.67.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-32465
10Phoenix SecureCore for Intel Kaby Lake UEFI Variable buffer overflow6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-0762
11Alt Text AI Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000660.04CVE-2024-4847
12AIpost AI WP Writer Plugin authorization5.35.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-30459
13SourceCodester Kortex Lite Advocate Office Management System register_case.php sql injection4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-3621
14PbootCMS create_function command injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002920.04CVE-2023-39834
15Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
16BD Totalys MultiProcessor hard-coded credentials8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
17Petwant PF-103/Petalk AI libcommon.so processCommandUploadSnapshot out-of-bounds write9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.018310.04CVE-2019-16736
18PHPGurukul User Registration & Login and User Management System Search Bar cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-25202
19WordPress path traversal5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004000.07CVE-2023-2745
20WordPress Post Author Path information disclosure5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001910.03CVE-2017-6514

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2024-21887

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.184.48.132MagnetGoblinCVE-2024-2188703/11/2024verifiedHigh
245.9.149.215MagnetGoblinCVE-2024-2188703/11/2024verifiedHigh
3XX.XXX.XXX.XXXxxxxxxxxxxxXxx-xxxx-xxxxx03/11/2024verifiedHigh
4XX.XX.XXX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx03/11/2024verifiedHigh
5XX.XXX.XX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx03/11/2024verifiedHigh
6XXX.XX.XX.XXXXxxxxxxxxxxxXxx-xxxx-xxxxx03/11/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/auth/callbackpredictiveHigh
2File/control/register_case.phppredictiveHigh
3File/etc/init.d/sshd_servicepredictiveHigh
4File/forum/away.phppredictiveHigh
5File/index.jsp#settingspredictiveHigh
6File/plainpredictiveLow
7File/proc/self/environpredictiveHigh
8File/xxxxxxx/xxxxx/xxxxxxpredictiveHigh
9File/xx_xxx.xxxpredictiveMedium
10File/xxx/xxxxxx/xxx/xxxpredictiveHigh
11File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
12Filexxx.xxxpredictiveLow
13Filexxx-xxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexxxxxxx.xpredictiveMedium
17Filexxxxxx\xxxxx.xxxxxxx_xxxxxxx.xxxpredictiveHigh
18Filexx/xxx/xxxxxx/xxxxxxx.xpredictiveHigh
19Filexxxxx.xxxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxx.xpredictiveMedium
22Filexxxxxxxxx.xxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxx.xpredictiveLow
25Filexxxxxxx.xpredictiveMedium
26Filexxx_xxxx.xxxpredictiveMedium
27Filexxxxxx.xpredictiveMedium
28Filexxxxxxx_xxxxxx_xxx.xxxxpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxx_xxxpredictiveLow
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxx-xxxxxxxx-xxxxxx_xx.xxxpredictiveHigh
33Filexxxxx.xpredictiveLow
34Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
35Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
36Libraryxxxxxxxxx.xpredictiveMedium
37LibraryxxxxxxxxxpredictiveMedium
38ArgumentxxxxxxxpredictiveLow
39ArgumentxxxxxxxxxpredictiveMedium
40Argumentxxxxxx_xxxxpredictiveMedium
41ArgumentxxxxxxpredictiveLow
42ArgumentxxxxxxxpredictiveLow
43Argumentxxxxxx_xxxxxxxpredictiveHigh
44ArgumentxxxxxxxpredictiveLow
45Argumentxxx_xxxxpredictiveMedium
46Argumentxxxxxx['xxxx']predictiveHigh
47ArgumentxxxxpredictiveLow
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxxpredictiveLow
50Argumentxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveHigh
51ArgumentxxxxxxxxxpredictiveMedium
52Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictiveHigh
53ArgumentxxxxxxxxpredictiveMedium
54Input Value../../predictiveLow
55Network Portxxx/xx (xxx)predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!