MosaicRegressor Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh22
en18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn34

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MosaicRegressor5
Cobalt Strike3
Venom RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Groupware Software4
Web Server4
Content Management System2
Enterprise Resource Planning Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Microsoft4
Synacor4
Kentico2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Synacor Zimbra Collaboration4
Kentico CMS2
Oracle PeopleSoft Enterprise PeopleTools2
OpenProject2
Synology SSO Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.05CVE-2023-3233
2Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.00CVE-2016-9924
3MikroTik RouterOS Resolver memory corruption4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002010.00CVE-2020-20249
4Oracle Secure Backup Remote Code Execution9.89.8$25k-$100k$0-$5kNot DefinedNot Defined0.955190.00CVE-2011-2261
5Oracle Secure Backup improper authentication5.35.3$5k-$25k$0-$5kHighNot Defined0.125700.00CVE-2010-0904
6OpenProject Public Project robots.txt information disclosure6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.06CVE-2023-33960
7Synology SSO Server WebAPI path traversal4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2022-27620
8All-in-One WP Migration Plugin class-ai1wm-backups.php path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000970.04CVE-2022-1476
9Joomla CMS sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.814230.06CVE-2015-7857
10CKeditor FCKeditor print_textinputs_var cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004670.00CVE-2012-4000
11webTareas New Profile cross-site request forgery3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001740.00CVE-2021-41916
12WordPress wp_crop_image path traversal5.95.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.955640.03CVE-2019-8943
13Concrete CMS File Manager injection5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.009790.03CVE-2021-22968
14WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.938470.09CVE-2022-21661
15Linux Kernel msr access control5.14.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001960.04CVE-2013-0268
16HP Printer/MFP cross-site request forgery6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000730.00CVE-2018-5921
17Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.04CVE-2020-11583
18FreePBX index_amp.php cross site scripting8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007730.00CVE-2012-4870
19Thycotic Secret Server Remote Desktop Launcher Temporary credentials management7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.00CVE-2014-4861
20ZyXEL VMG3312-B10B default.cfg credentials management8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002010.05CVE-2018-18754

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
143.252.228.75MosaicRegressor08/10/2022verifiedHigh
243.252.228.84MosaicRegressor08/10/2022verifiedHigh
343.252.228.179MosaicRegressor08/10/2022verifiedHigh
443.252.228.252MosaicRegressor08/10/2022verifiedHigh
5XX.XXX.XXX.XXXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
6XX.XXX.XXX.XXXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
7XXX.XX.XXX.XXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
8XXX.XX.XX.XXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
9XXX.XX.XX.XXXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
10XXX.XXX.XX.XXXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
11XXX.XX.X.XXxxxxxxxxxxxxxx08/10/2022verifiedHigh
12XXX.XX.XX.XXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
13XXX.XX.XXX.XXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
14XXX.XX.XXX.XXXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
15XXX.XXX.XX.XXXxxxxxxxxxxxxxx08/10/2022verifiedHigh
16XXX.XXX.XXX.XXXxxxxxxxxxxxxxx08/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/dev/cpu/*/msrpredictiveHigh
2File/index_amp.phppredictiveHigh
3File/xxxxxx.xxxpredictiveMedium
4File/xxx/xxx/xxxxxpredictiveHigh
5Filexxx/xxxxxxxxxx/xx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
7Filexxx/xxxxxxx.xxxpredictiveHigh
8Filexxx/xxxx/xxx.xpredictiveHigh
9Library~/xxx/xxxxx/xxxxx-xxxxx-xxxxxxx.xxxpredictiveHigh
10ArgumentxxxxxxxpredictiveLow
11ArgumentxxxxpredictiveLow
12ArgumentxxxxxxxxxpredictiveMedium
13Input Value.xxx?/../../xxxx.xxxpredictiveHigh
14Input Valuexxxx+x@!xxxx+predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!