Curious Gorge Analysis

IOB - Indicator of Behavior (76)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
zh14
ru4
pl2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn48
us12
ca8
ru4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHPMailer6
MediaWiki4
Postfix4
OpenSSH4
Microsoft Office for Mac 20112

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2003-0882
2Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2019-12215
3Telerik Progress UI for ASP.NET AJAX Telerik.Web.UI inadequate encryption8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.51031CVE-2017-11317
4WFS HeavenBurnsRed Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01404CVE-2022-42046
5Mozilla Firefox/Firefox ESR/Thunderbird Top-Level Await code injection6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.16660CVE-2022-1802
6Apache Tomcat Client Connection race condition3.13.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01246CVE-2021-43980
7Fortinet FortiOS Local Privilege Escalation4.24.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-36169
8vTiger CRM Logo Upload CompanyDetailsSave.php unrestricted upload5.95.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.07308CVE-2019-5009
9Microsoft Office for Mac 2011 HTML5 Mail Message Parser information disclosure5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.080.29797CVE-2013-0095
10Postfix access control7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.06088CVE-2011-0411
11postfix link following8.48.4$5k-$25k$0-$5kNot DefinedNot Defined0.000.00885CVE-2009-2939
12Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.040.01232CVE-2014-2655
13Postfix backup.php pacrypt sql injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01132CVE-2012-0811
14Postfix Berkeley DB access control5.95.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00950CVE-2017-10140
15Postfix sender_login data authenticity6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2020-12063
16PHP GD Graphics Library gd_gif_in.c imagecreatefromstring resource consumption5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01537CVE-2018-5711
17Phpletter Ajax File/Image Manager code injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.050.81845CVE-2011-4825
18ProFTPD Telnet netio.c pr_netio_telnet_gets memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.020.85681CVE-2010-4221
19Mozilla Firefox/Firefox ESR/Thunderbird WebGPU IPC Framework use after free6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.020.00885CVE-2022-26486
20Responsive Filemanager ajax_calls.php path traversal7.06.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00885CVE-2018-15535

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/etc/postfix/sender_loginpredictiveHigh
3File/filemanager/ajax_calls.phppredictiveHigh
4File/Items/*/RemoteImages/DownloadpredictiveHigh
5File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
6File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
7Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxx.xxxxpredictiveMedium
12Filexxxxxx.xxxpredictiveMedium
13Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
14Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxxxx.xxx.xxxpredictiveHigh
17Filexx_xxx_xx.xpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxpredictiveMedium
20Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
21Filexxxxx.xpredictiveLow
22Filexxxxxx.xpredictiveMedium
23Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxxx.xxxpredictiveMedium
27Filexxx_xxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxxx-xxxxxx.xxpredictiveHigh
30Filexxxxxxxx/predictiveMedium
31Libraryxxx.xxxpredictiveLow
32Argumentxxx_xxpredictiveLow
33Argumentxxx_xxxxpredictiveMedium
34ArgumentxxxxpredictiveLow
35ArgumentxxxxxxxxpredictiveMedium
36ArgumentxxxxxxpredictiveLow
37ArgumentxxpredictiveLow
38ArgumentxxxxxxxpredictiveLow
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxpredictiveLow
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxxxxxxpredictiveHigh
43Argumentxxx xxxpredictiveLow
44ArgumentxxpredictiveLow
45Argumentxxxx_xxxxxpredictiveMedium
46ArgumentxxxpredictiveLow
47Argumentxxxxxx[]predictiveMedium
48ArgumentxxxxpredictiveLow
49Input Value\xxx\xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!