Matanbuchus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en118
fr6
sv2
zh2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us32
de22
ru8
tt8
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Matanbuchus4
Cobalt Strike3
RedLine Stealer2
Quasar RAT1
Nanocore RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Network Attached Storage Software16
Smartphone Operating System4
Virtualization Software4
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
QNAP18
SourceCodester6
Tenda6
Microsoft6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

QNAP QTS16
QNAP QuTS hero12
QNAP QuTScloud10
Microsoft IIS4
Apple iOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1QNAP QuTScloud/QTS/QuTS hero authorization5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.07CVE-2023-32967
2QNAP QTS/QuTS hero/QuTScloud os command injection6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39302
3QNAP QTS/QuTS hero/QuTScloud os command injection8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.08CVE-2023-39297
4SonicBOOM riscv-boom authorization5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000550.00CVE-2020-29561
5QNAP QTS/QuTS hero/QuTScloud os command injection5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-50358
6QNAP QTS/QuTS hero/QuTScloud injection5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2024-21900
7QNAP Systems Photo Station path traversal4.64.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.05CVE-2023-47221
8SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.09CVE-2023-6765
9Magento Admin Panel Path information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2019-7852
10XenForo privileges management8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
11United Planet Intrexx Professional cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2020-24188
12Huawei Mate 20 Digital Balance authorization3.93.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2020-1831
13Aviatrix Controller Web Interface cross-site request forgery5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2020-13416
14Facebook WhatsApp MP4 File stack-based overflow7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000850.07CVE-2019-11931
15Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.12CVE-2017-0055
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
17cPanel File Extension code injection8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004320.02CVE-2020-26108
18Western Digital WD My Cloud Session improper authentication8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.018340.03CVE-2018-9148
19Western Digital My Cloud/WD Cloud link following8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.006630.00CVE-2022-22995
20QNAP QTS/QuTS hero/QuTScloud improper authentication6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.04CVE-2023-39303

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.94.151.129129.151.94.34.bc.googleusercontent.comBelialDemonMatanbuchus08/29/2021verifiedMedium
234.105.89.8282.89.105.34.bc.googleusercontent.comBelialDemonMatanbuchus08/29/2021verifiedMedium
334.106.243.174174.243.106.34.bc.googleusercontent.comBelialDemonMatanbuchus08/29/2021verifiedMedium
444.208.127.245ec2-44-208-127-245.compute-1.amazonaws.comMatanbuchusCobalt Strike07/22/2022verifiedMedium
5XXX.XX.XX.XXXXxxxxxxxxxx03/08/2024verifiedHigh
6XXX.XX.XX.XXXXxxxxxxxxxx03/08/2024verifiedHigh
7XXX.XX.XX.XXXXxxxxxxxxxx03/08/2024verifiedHigh
8XXX.XX.XX.XXXXxxxxxxxxxx03/08/2024verifiedHigh
9XXX.XXX.X.XXXxxxxxxxxxxXxxxxx Xxxxxx07/22/2022verifiedHigh
10XXX.XXX.XX.XXXXxxxxxxxxxxXxxxxx Xxxxxx07/22/2022verifiedHigh
11XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedHigh
12XXX.XXX.X.XXXXxxxxxxxxxx04/05/2024verifiedHigh
13XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedHigh
14XXX.XXX.X.XXXXxxxxxxxxxx04/04/2024verifiedHigh
15XXX.XX.XXX.XXXxxxxxxxxxx03/31/2024verifiedHigh
16XXX.XX.XXX.XXXxxxxxxxxxx03/30/2024verifiedHigh
17XXX.XXX.XXX.XXXxxxxxxxxxx07/06/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/?page=user/manage_user&id=3predictiveHigh
2File/Admin/add-student.phppredictiveHigh
3File/admin/attendance_row.phppredictiveHigh
4File/admin/request-received-bydonar.phppredictiveHigh
5File/admin/test_status.phppredictiveHigh
6File/admin_route/inc_service_credits.phppredictiveHigh
7File/cgi-bin/cstecgi.cgipredictiveHigh
8File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
9File/xxxxxxxx.xxxpredictiveHigh
10File/xxx/xxxxxxpredictiveMedium
11File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
13File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
14File/xxxxxpredictiveLow
15File/xxxxx/xxxxx_xx_xxxx.xxxpredictiveHigh
16File/xxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
17File/xxxxxxx/predictiveMedium
18Filexxxxxxx.xxxxx.xxxpredictiveHigh
19Filexxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxxx.xxxpredictiveHigh
22Filexxx:.xxxpredictiveMedium
23Filexxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx_xxxxx.xxxpredictiveHigh
27Filexxxxxxx/xx/xxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
28Filexxxxxxx/xxxx.xxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexx/xxxxxx.xxx.xxpredictiveHigh
31Filexxxxxxx-xxxx.xxxpredictiveHigh
32Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx.xpredictiveMedium
34Filexxxxxxxxx.xpredictiveMedium
35Filexxxxxxxxxxxx.xxxpredictiveHigh
36Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictiveHigh
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxxxx_xxpredictiveMedium
39ArgumentxxxpredictiveLow
40ArgumentxxxxxxxxxxpredictiveMedium
41Argumentxxxxx/xxxxxxpredictiveMedium
42ArgumentxxxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxxxxpredictiveMedium
44ArgumentxxxxxxxxpredictiveMedium
45Argumentxxxxx xxxxpredictiveMedium
46Argumentxxxxx xxxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxpredictiveLow
49ArgumentxxxxxxxpredictiveLow
50ArgumentxxxxpredictiveLow
51ArgumentxxxxpredictiveLow
52ArgumentxxxxxxxxpredictiveMedium
53Argumentxxxxxxxxxx[x]predictiveHigh
54ArgumentxxxxxxxxxpredictiveMedium
55Argumentxx_xxxxpredictiveLow
56Argumentxx_xxpredictiveLow
57Argumentxxxxxx_xxpredictiveMedium
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxpredictiveLow
61ArgumentxxxxxxxxxxpredictiveMedium
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64Input Value-x'%xxxxxxx%xxxxxxxx%xxxx,xxxx(),xxx,xxx--+predictiveHigh
65Input Valuexxxxxxxxx-xxxxxxxx-xxxxxx-xx.x-xxxxxxx-xx.x%x%x%x%xx%x%x%x%x%x%x%x%x%x%x%x%x%x.xxxpredictiveHigh
66Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
67Pattern() {predictiveLow

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!