Curious Gorge 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

タイムライン

言語

en78
zh50
fr2
es2
ru2

国・地域

cn86
us22
ru12
ca10
pl2

アクター

Curious Gorge5
Cobalt Strike2
BadBazaar2
Meterpreter1
APT411

アクティビティ

関心

タイムライン

タイプ

Not Defined48
Operating System6
Content Management System6
Groupware Software4
WordPress Plugin4

ベンダー

Not Defined44
Microsoft8
Synacor4
Foxit4
Oracle4

製品

Microsoft Windows6
Synacor Zimbra Collaboration4
Foxit Reader4
Postfix4
PHPMailer4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Ignite Realtime Openfire Administration Console 弱い認証7.87.7$0-$5k$0-$5kHighOfficial Fix0.974090.04CVE-2023-32315
2Apple Mac OS X TCP Timestamp 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.00CVE-2003-0882
3Plesk Obsidian Reflected クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2020-11583
4OpenVPN Access Server Web Portal 弱い暗号化5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.05CVE-2022-33738
5Essential Addons for Elementor Plugin 特権昇格8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.038930.02CVE-2023-32243
6Matomo safemode.twig Path 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-12215
7Oracle Integrated Lights Out Manager (ILOM) Web Remote Code Execution9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006920.03CVE-2015-4821
8Foxit Reader absPageSpan 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.015860.00CVE-2018-9938
9Foxit Reader addField メモリ破損7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.022380.00CVE-2018-1178
10Atlassian JIRA Server/Data Center QueryComponent!Default.jspa 情報の漏洩5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006280.08CVE-2020-14179
11Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.000430.05CVE-2023-36036
12Freemius SDK Plugin fs_request_get クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2023-33999
13ZFile 1 特権昇格7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.002830.04CVE-2022-40050
14Hytec Inter HWL-2511-SS Command Line Interface 特権昇格9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.001250.04CVE-2022-36554
15Cortex Alertmanager Config 特権昇格5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.05CVE-2022-23536
16Jitsi Meet 弱い認証8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
17Fortinet FortiOS CLI Command ディレクトリトラバーサル6.86.8$0-$5k$0-$5kHighNot Defined0.067520.08CVE-2022-41328
18Weaver E-Office File Upload utility_all.php 特権昇格7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.04CVE-2023-2647
19Rocket.Chat 2FA 弱い認証7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000910.02CVE-2023-28316
20SourceCodester Lost and Found Information System 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.04CVE-2023-2670

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.188.108.119t200514-1.comCurious Gorge2022年03月30日verified
2XX.XXX.XX.XXXXxxxxxx Xxxxx2022年03月30日verified
3XX.XXX.XXX.XXXxxxxxx Xxxxx2022年03月30日verified
4XXX.XX.XXX.XXXxxxxxx Xxxxx2022年03月30日verified
5XXX.XXX.XX.XXXXxxxxxx Xxxxx2022年03月30日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/supervisor/PwdGrp.cgipredictive
2File/classes/Master.phppredictive
3File/classes/Master.php?f=delete_servicepredictive
4File/etc/postfix/sender_loginpredictive
5File/file/upload/1predictive
6File/filemanager/ajax_calls.phppredictive
7File/Items/*/RemoteImages/Downloadpredictive
8File/restapi/v1/certificates/FFM-SSLInspectpredictive
9File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictive
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictive
11File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictive
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxxxxxx.xxxpredictive
15Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictive
16Filexxxx_xxxxx.xxxpredictive
17Filexxxxxxx.xxxpredictive
18Filexxxxxxx.xxxxpredictive
19Filexxxxxx.xxxpredictive
20Filexxx-xxx/xxxxx_xxx_xxxpredictive
21Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
22Filexxxxxxx.xxxpredictive
23Filexxxxxxxxx.xxx.xxxpredictive
24Filexx_xxx_xx.xpredictive
25Filexxxxx.xxxpredictive
26Filexxxxxxx.xxxpredictive
27Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictive
28Filexxxxx.xpredictive
29Filexxxxxxxx.xxxpredictive
30Filexxxxxx.xpredictive
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
32Filexxxxxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
35Filexxxxxx.xxxpredictive
36Filexxxxxxxxxxxxx.xxxxpredictive
37Filexxx_xxxxx.xxxpredictive
38Filexxxx.xxxpredictive
39Filexxxxxx-xxxxxx.xxpredictive
40Filexxxxxxxx/predictive
41Libraryxxx.xxxpredictive
42Argumentxxx_xxpredictive
43Argumentxxx_xxxxpredictive
44Argumentxxxxpredictive
45Argumentxxxxxxxxpredictive
46Argumentxxxxxxpredictive
47Argumentxxxxxxxxpredictive
48Argumentxxpredictive
49Argumentxxxxxxxpredictive
50Argumentxxxxxxxxpredictive
51Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxxpredictive
54Argumentxxxxxxxxpredictive
55Argumentxxxxxxxxxxxxxpredictive
56Argumentxxx xxxpredictive
57Argumentxxpredictive
58Argumentxxxx_xxxxxpredictive
59Argumentxxxpredictive
60Argumentxxxxxxxxxxxxpredictive
61Argumentxxxxxx[]predictive
62Argumentxxxxpredictive
63Input Value\xxx\xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!