menuPass Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (154)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en100
zh36
fr8
it4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us130
cn6
ua4
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

menuPass3
FIN71
Dridex1
TrickBot1
Conti1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined64
Content Management System12
Operating System10
Application Server Software6
Smartphone Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Apache8
Apple6
Oracle6
Xiaomi4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Tomcat6
Apple iOS4
FreeBSD4
WordPress4
Diffie-Hellman Key Agreement Protocol2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.04CVE-2019-11248
2EyouCMS Backend deserialization4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.24CVE-2024-3431
3shell-quote Windows Drive Letter exec os command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001650.06CVE-2021-42740
4Rockwellautomation 1756-ENBT series A Firmware perform access control10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.493280.00CVE-2010-2965
5Simple Link Directory Plugin SQL Statement qcopd_upvote_action sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.027050.00CVE-2022-0760
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.73CVE-2020-12440
7Litespeed Technologies OpenLiteSpeed access control8.07.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.062850.00CVE-2021-26758
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.64CVE-2010-0966
9emercoin Header resource consumption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.002450.00CVE-2018-19152
10OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.32CVE-2016-6210
11Apache HTTP Server mod_cache null pointer dereference5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.041470.06CVE-2013-4352
12Joomla CMS Media Form Field cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001370.04CVE-2019-9714
13Joomla CMS Edit View cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001370.00CVE-2019-9711
14PHP exif.c exif_read_data use after free8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005360.04CVE-2018-12882
15Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.18CVE-2020-15906
16TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.12CVE-2006-6168
17eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.32
18Oracle Database Server Privilege Escalation6.36.3$5k-$25k$0-$5kHighNot Defined0.051170.04CVE-2010-0866
19WP ALL Export Pro Plugin cross-site request forgery4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001360.00CVE-2023-5882
20EMC Replication Manager credentials management4.03.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2013-3272

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
160.2.148.167menuPassPoison Ivy12/17/2020verifiedHigh
260.10.1.114hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedHigh
360.10.1.115hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedHigh
460.10.1.120hebei.10.60.in-addr.arpamenuPassPoison Ivy12/17/2020verifiedHigh
5XX.XX.X.XXXxxxxx.xx.xx.xx-xxxx.xxxxXxxxxxxxXxxxxx Xxx12/17/2020verifiedHigh
6XX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxXxxxx Xxxxxx12/17/2020verifiedHigh
7XX.XXX.XXX.XXxxx.xxxxxxxx.xxxXxxxxxxx12/17/2020verifiedHigh
8XX.XXX.XXX.XXXxxxxx.xxxxxxxxxx.xxxXxxxxxxxXxxxxxx12/17/2020verifiedHigh
9XX.XXX.XXX.XXXXxxxxxxx02/13/2024verifiedHigh
10XX.XXX.XXX.XXXxxxxxxxx.xxXxxxxxxx02/13/2024verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxXxxxxx Xxx12/17/2020verifiedHigh
12XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxxxxxXxxxx Xxxxxx12/17/2020verifiedHigh
13XXX.XX.XX.XXXxxxxxxxXxxxxxx12/17/2020verifiedHigh
14XXX.XXX.XX.XXXXxxxxxxx12/17/2020verifiedHigh
15XXX.XX.XXX.XXXXxxxxxxx12/17/2020verifiedHigh
16XXX.XX.XXX.XXXxxxxxxx.xxxxx.xxxXxxxxxxx12/17/2020verifiedHigh
17XXX.XX.XXX.XXXXxxxxxxx02/13/2024verifiedHigh
18XXX.XX.XXX.XXxxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxx03/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/anony/mjpg.cgipredictiveHigh
2File/debug/pprofpredictiveMedium
3File/login.php?m=admin&c=Field&a=channel_editpredictiveHigh
4File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
5File/uncpath/predictiveMedium
6FileArchivesMapper.xmlpredictiveHigh
7Fileblind\source\high.phppredictiveHigh
8Filecart.phppredictiveMedium
9Filecat.phppredictiveLow
10Filecategorie.php3predictiveHigh
11Filexxxxx/xxxxxxxx-xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
12Filexxx.xxxxxxx.xxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxx.xxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxx_xxxxxx_xxx_xxxxxx.xpredictiveHigh
17Filexxx/xxxx/xxxx.xpredictiveHigh
18Filexxxxxxxxxxx.xxx/xxxxxxxxxxxpredictiveHigh
19Filexxxxxxxxx/xxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xxpredictiveMedium
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxxxxxx_xxxx/xxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxx/xxx_xxxxxxxx.xxxpredictiveHigh
25Filexxx.xpredictiveLow
26Filexxxxxxxx/xxxxxxxxxpredictiveHigh
27Filexxxxxxx/xxxxx/xx/xxxxxx.xxxxx.xxxpredictiveHigh
28Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
29Filexxx.xxxpredictiveLow
30Filexxxx_xxx.xxxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
33Filexxxx/xxxxxpredictiveMedium
34Filexxxxxx_xxxxxx.xxxpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
40Filexxxx-xxxxx.xxxpredictiveHigh
41Filexxxx-xxxxxxxx.xxxpredictiveHigh
42Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
43Filexx-xxxx.xxxpredictiveMedium
44Filexxxx.xxpredictiveLow
45ArgumentxxxxxxxxxxxpredictiveMedium
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxpredictiveLow
48ArgumentxxxxxpredictiveLow
49Argumentxxxxxxx_xxpredictiveMedium
50ArgumentxxxpredictiveLow
51ArgumentxxxxxxxxxxxxxxpredictiveHigh
52ArgumentxxxxxxxpredictiveLow
53ArgumentxxpredictiveLow
54ArgumentxxxxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxxxxxxxxpredictiveHigh
56Argumentxxxxxxx_xxxxxxxpredictiveHigh
57Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
58Argumentxxxx_xxxx/xxxxxxx_xxxxxxxxxxxpredictiveHigh
59ArgumentxxpredictiveLow
60Argumentxxxx_xxxxxpredictiveMedium
61ArgumentxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63ArgumentxxxxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65Argumentxxxx/xxxxxxxpredictiveMedium
66Argumentxxxxxx xxxxxxpredictiveHigh
67ArgumentxxxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71Argumentxxx_xxxxpredictiveMedium
72Argumentxxxx_xxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxpredictiveLow
75ArgumentxxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxxpredictiveMedium
77Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
78Input ValuexxxxpredictiveLow
79Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!