Gustuff 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

言語

en	70

国・地域

de	68
me	2

アクター

Gustuff	4
Cobalt Strike	2
Stealc	1

関心

タイプ

Not Defined	22
Web Server	8
Cloud Software	4
Groupware Software	4
Directory Service Software	2

ベンダー

Not Defined	18
IBM	8
Microsoft	6
Apache	2
Red Hat	2

製品

MK-AUTH	4
nginx	4
IBM Lotus Domino	4
Apache HTTP Server	2
IBM Tivoli Monitoring	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	MK-AUTH auth 特権昇格	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.00	CVE-2020-14072
2	Yii ActiveRecord.php findByCondition SQLインジェクション	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00119	0.03	CVE-2018-7269
3	Microsoft IIS クロスサイトスクリプティング	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.00	CVE-2017-0055
4	SolarWinds Dameware Mini Remote Client Agent SmartCard Authentication DWRCS.exe 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01041	0.04	CVE-2019-3980
5	JCK Editor links.php SQLインジェクション	8.5	8.3	$0-$5k	$0-$5k	High	Not Defined	0.81623	0.04	CVE-2018-17254
6	IBM Lotus Domino domcfg.nsf 情報の漏洩	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
7	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.00	CVE-2007-1192
8	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.10	CVE-2010-0966
9	Cisco ASA Authentication 特権昇格	6.4	6.3	$5k-$25k	$0-$5k	High	Official Fix	0.97436	0.05	CVE-2018-0296
10	Apple watchOS WebKit 特権昇格	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.00	CVE-2023-38572
11	Phpletter Ajax File/Image Manager 特権昇格	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.96927	0.08	CVE-2011-4825
12	Microsoft Azure Stack Edge 特権昇格	10.0	8.7	$100k 以上	$25k-$100k	Unproven	Official Fix	0.00193	0.00	CVE-2022-37968
13	Apache HTTP Server mod_rewrite Redirect	6.7	6.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00258	0.21	CVE-2020-1927
14	MK-AUTH Web Login executar_login.php 弱い認証	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00341	0.00	CVE-2020-14070
15	PHP enchant.c enchant_broker_request_dict メモリ破損	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.18929	0.04	CVE-2014-9705
16	OpenSSL Certificate Chain Verification 弱い認証	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00231	0.03	CVE-2021-3450
17	IBM Aspera Connect DLL 特権昇格	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00287	0.00	CVE-2020-4545
18	GetSimple CMS XML External Entity	5.3	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00575	0.04	CVE-2014-8790
19	Microsoft ASP.NET Core Kestrel Web Application 特権昇格	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02783	0.14	CVE-2018-0787
20	PHP EXIF exif_process_IFD_in_TIFF メモリ破損	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02863	0.07	CVE-2019-9641

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	78.46.201.36	static.36.201.46.78.clients.your-server.de	Gustuff	2022年03月29日	verified	高
2	88.99.170.43	static.43.170.99.88.clients.your-server.de	Gustuff	2022年03月29日	verified	高
3	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	2022年03月29日	verified	高
4	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	2022年03月29日	verified	高
5	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	2022年03月29日	verified	高
6	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	2022年03月29日	verified	高

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
12	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/auth	predictive	低
2	File	/uncpath/	predictive	中
3	File	admin/executar_login.php	predictive	高
4	File	xxxxxxx/xxxxxxxxxx.xxx	predictive	高
5	File	xxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxx	predictive	高
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
7	File	xxxxxx.xxx	predictive	中
8	File	xxxxx.xxx	predictive	中
9	File	xxxxxxx.x	predictive	中
10	File	xxxxxxxxx/xx/xxxxxxxxxxxx.xxx	predictive	高
11	File	xxx/xxxxxx.xxx	predictive	高
12	File	xxxxxxxxx/xxxxxxx/xxxxx.xxx	predictive	高
13	File	xxxxxxxxxxxxxxx.xxx	predictive	高
14	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	高
15	File	xxxxxx.xxx	predictive	中
16	Library	xxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxx	predictive	高
17	Argument	-x	predictive	低
18	Argument	xxxxxxxx	predictive	中
19	Argument	xxxx	predictive	低
20	Argument	xxxxxx	predictive	低
21	Argument	xxxxxxxx_xxxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!