Gallmaker 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (262)

タイムライン

言語

en202
zh48
es4
ru4
pl2

国・地域

la222
us16
cn2

アクター

Cobalt Strike11
Ave Maria8
RedLine Stealer6
AsyncRAT5
Remcos4

アクティビティ

関心

タイムライン

タイプ

Not Defined104
Content Management System20
WordPress Plugin14
Operating System8
Firewall Software6

ベンダー

Not Defined110
Microsoft10
Cisco8
Adobe6
Google6

製品

Google Android6
Microsoft Windows6
Adobe ColdFusion4
WordPress4
Revive Adserver4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
2Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009365.70CVE-2020-15906
3LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000007.09
4SPIP spip.php クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.29CVE-2022-28959
5Drupal Sanitization API クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
6LiteSpeed Cache Plugin Shortcode クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
7WebTitan Appliance Extensions Persistent クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
8ipTIME NAS-I Bulletin Manage 特権昇格7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.06CVE-2020-7847
9request-baskets API Request {name} 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.07CVE-2023-27163
10DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.17CVE-2010-0966
11PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.00CVE-2007-1287
12nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.22CVE-2020-12440
13Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.184890.00CVE-2021-34480
14DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd 特権昇格4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.00CVE-2022-41479
15Basilix Webmail login.php3 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
16JoomlaTune Com Jcomments admin.jcomments.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.07CVE-2010-5048
17Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001990.03CVE-2023-21735
18Alt-N MDaemon Worldclient 特権昇格4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.07CVE-2021-27182
19CouchCMS mysql2i.func.php Path 情報の漏洩3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
20Esri ArcGIS Server SQLインジェクション8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.00CVE-2021-29114

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
194.140.116.124Gallmaker2020年12月17日verified
2XX.XXX.XXX.XXXXxxxxxxxx2020年12月17日verified
3XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxxx2020年12月17日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
17TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (146)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/dl_sendmail.phppredictive
2File/adminPage/conf/reloadpredictive
3File/api/baskets/{name}predictive
4File/api/v2/cli/commandspredictive
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
6File/DXR.axdpredictive
7File/forum/away.phppredictive
8File/mfsNotice/pagepredictive
9File/novel/bookSetting/listpredictive
10File/novel/userFeedback/listpredictive
11File/owa/auth/logon.aspxpredictive
12File/spip.phppredictive
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictive
14File/zm/index.phppredictive
15Fileadclick.phppredictive
16Fileadmin.cropcanvas.phppredictive
17Filexxxxx.xxxxxxxxx.xxxpredictive
18Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictive
19Filexxxxxxx.xxpredictive
20Filexxxx/xxxxxxxxxxxx.xxxpredictive
21Filexxxx.xxxpredictive
22Filexx_xxxx_xx_xxxx_xxxx.xxxpredictive
23Filexxxxxxx.xpredictive
24Filexxxx_xxxxxxx.xxxpredictive
25Filexxx-xxx/xxxxxxx.xxpredictive
26Filexxx-xxx/xxxxxpredictive
27Filexxxxx.xxxpredictive
28Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictive
29Filexxxxx-xxxxxxx.xxxpredictive
30Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictive
31Filexxxxxxxxxx\xxxx.xxxpredictive
32Filexxxxxxxxxxx.xxxpredictive
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
34Filexx.xxxpredictive
35Filexxxxxxx/xxx/xxxxxxxx/xxxxxx/xxxxxxx.xpredictive
36Filexxxx-xxxxxx.xxxpredictive
37Filexxxxxxxxxxx.xxxxx.xxxpredictive
38Filexxxx.xxxpredictive
39Filexxxxx_xxxx.xxxpredictive
40Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictive
41Filexxx/xxxxxx.xxxpredictive
42Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictive
43Filexxxxx.xxxxpredictive
44Filexxxxx.xxxpredictive
45Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictive
46Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictive
47Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictive
48Filexxxx_xxxxxxx.xxxpredictive
49Filexxxxx.xxxxpredictive
50Filexxxxx.xxxpredictive
51Filexxxx.xxxxpredictive
52Filexxxxxxxxx.xpredictive
53Filexx_xxxx.xpredictive
54Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictive
55Filexxxxxxx_xxxx.xxxpredictive
56Filexxxxxx.xxxpredictive
57Filexxxxxxxxxxxxxxxxx.xxxpredictive
58Filexxxxxxx.xxxpredictive
59Filexxxxxxxxxxxxxx.xxxpredictive
60Filexxxxxxxxxx_xxxxxxxxx.xxxpredictive
61Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictive
62Filexxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx_xxxx.xxpredictive
63Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictive
64Filexxxx_xxxx_xxxxxx.xxxpredictive
65Filexxxxxxx_xxxxxx.xxxpredictive
66Filexxxx_xxxxx.xxxxpredictive
67Filexxxxxxxxxx_xxxx.xxxpredictive
68Filexxx/xxxx/xxxxpredictive
69Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictive
70Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
71Filexxxxxxxxx/xxxxxxxx.xxxpredictive
72Filexxxx_xxxxxx.xxpredictive
73Filexxxx-xxxxx.xxxpredictive
74Filexxxx-xxxxxxxx.xxxpredictive
75Filexxxxxxxxx.xxxpredictive
76Filexxxxxx_xxxxx.xxxpredictive
77Filexxxxxx.xxxpredictive
78Filexxxxxxx-xxxxx.xxxpredictive
79Filexxxx_xxxxx.xxxpredictive
80Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
81Filexxxx.xxxpredictive
82Filexx-xxxxx-xxxxxx.xxxpredictive
83Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
84Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictive
85Filexxxx.xxxpredictive
86File~/xxx/xxxx-xxxxxxxxx.xxxpredictive
87File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictive
88Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictive
89Argumentxxx_xxxpredictive
90Argumentxxxxpredictive
91Argumentxxxxxxxxxpredictive
92Argumentxxxxxxxxpredictive
93Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictive
94Argumentxxxxx_xxxxpredictive
95Argumentxxxx_xxx_xxxxpredictive
96Argumentxxxxxxxxxxpredictive
97Argumentxxxpredictive
98Argumentxxxxxxxxxxxxxxxpredictive
99Argumentxxxxxxpredictive
100Argumentxxxxxxxxxxxxpredictive
101Argumentxxxxpredictive
102Argumentxxxxxxxxx_xxxxxxpredictive
103Argumentxxxxxxxxxpredictive
104Argumentxx_xxxxxxxpredictive
105Argumentxxxxpredictive
106Argumentxxxxxxxxpredictive
107Argumentxxxxxpredictive
108Argumentxxxxxx_xxxxxpredictive
109Argumentxxxxxxxxx/xxxxxxpredictive
110Argumentxx_xxpredictive
111Argumentxxxxxxx[xxxxxxx]predictive
112Argumentxxxxxxxpredictive
113Argumentxxxxxxpredictive
114Argumentxxxxxpredictive
115Argumentxxpredictive
116Argumentxxxpredictive
117Argumentxxxxpredictive
118Argumentxxxxpredictive
119Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxxx/xxxxx/xxxxpredictive
122Argumentxxxxxxxpredictive
123Argumentxxxxpredictive
124Argumentxxxxxx_xxxxxxpredictive
125Argumentxxxpredictive
126Argumentxxxxxxxx_xxpredictive
127Argumentxxxxxx_xxxxxpredictive
128Argumentxxxxxxpredictive
129Argumentxxxx_xxxxpredictive
130Argumentxxxxpredictive
131Argumentxxxxxxpredictive
132Argumentxxxxxxxpredictive
133Argumentxxxpredictive
134Argumentxxxxxpredictive
135Argumentxxxxx/xxxpredictive
136Argumentxxxx_xxpredictive
137Argumentxxxpredictive
138Argumentxxxxxxxxpredictive
139Argumentxxx:xxxxpredictive
140Argument\xxxx\xxxxpredictive
141Argument_xxx_xxxxxxxxxxx_predictive
142Input Valuexxxxxxxxx' xxx 'x'='xpredictive
143Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictive
144Pattern|xx xx xx xx|predictive
145Network Portxxxxxpredictive
146Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!