Curious Gorge Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (146)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en72
zh66
ru4
pl2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China112
US: USA22
CA: Canada4
RU: Russia4
PL: Poland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
Cobalt Strike2
BadBazaar2
Sliver2
pupy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Operating System12
Forum Software6
Web Browser4
Cloud Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined50
Microsoft8
SourceCodester4
Mozilla4
Apple4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Postfix6
Simple Machines Forum4
Mozilla Firefox4
Foxit Reader4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kHighOfficial fixverified0.943980.08CVE-2023-32315
2RoundCube sql injection8.68.5$0-$5k$0-$5kHighOfficial fixverified0.702370.08CVE-2021-44026
3Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25k$0-$5kNot definedOfficial fix 0.003460.00CVE-2003-0882
4Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.013780.04CVE-2020-11583
5OpenVPN Access Server Web Portal entropy5.65.5$0-$5k$0-$5kNot definedOfficial fix 0.002590.00CVE-2022-33738
6Essential Addons for Elementor Plugin password recovery8.07.9$0-$5k$0-$5kNot definedNot definedexpected0.897960.00CVE-2023-32243
7Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot definedNot defined 0.000870.00CVE-2019-12215
8SmarterTools SmarterMail Service Port 17001 uninitialized pointer8.58.4$0-$5k$0-$5kNot definedOfficial fixexpected0.826670.03CVE-2019-7214
9Vesta Control Panel sed main.sh argument injection6.16.1$0-$5k$0-$5kNot definedOfficial fix 0.000320.18CVE-2022-3967
10web2py notifySendHandler os command injection7.27.0$0-$5k$0-$5kNot definedOfficial fix 0.367440.03CVE-2023-45158
11Redmine Textile Formatter cross site scripting4.84.7$0-$5k$0-$5kNot definedOfficial fix 0.004890.02CVE-2023-47259
12BlueCoat K9 Web Protection k9filter.exe memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.447520.00CVE-2007-1685
13Mozilla Firefox Header4.34.1$25k-$100k$5k-$25kNot definedOfficial fix 0.001560.09CVE-2024-5687
14Elastic Elasticsearch Simulate Pipeline API exceptional condition6.16.0$0-$5k$0-$5kNot definedOfficial fix 0.005730.00CVE-2023-46673
15Minio Console Operator Console missing authentication8.68.5$0-$5k$0-$5kNot definedOfficial fixpossible0.777460.08CVE-2021-41266
16CRMEB Java list sql injection6.76.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.004840.08CVE-2023-25223
17Oracle Integrated Lights Out Manager (ILOM) Web Remote Code Execution9.89.4$5k-$25k$0-$5kNot definedOfficial fix 0.009190.04CVE-2015-4821
18Foxit Reader absPageSpan type conversion7.57.5$0-$5k$0-$5kNot definedNot defined 0.002640.00CVE-2018-9938
19Foxit Reader addField use after free7.57.5$0-$5k$0-$5kNot definedNot defined 0.003870.00CVE-2018-1178
20Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosure5.35.1$0-$5k$0-$5kNot definedOfficial fixexpected0.925650.07CVE-2020-14179

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.108.119t200514-1.comCurious Gorge03/30/2022verifiedLow
2XX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedLow
3XX.XXX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedLow
4XXX.XX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedLow
5XXX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/admin/user/listpredictiveHigh
2File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
3File/classes/Master.phppredictiveHigh
4File/classes/Master.php?f=delete_servicepredictiveHigh
5File/etc/postfix/sender_loginpredictiveHigh
6File/file/upload/1predictiveHigh
7File/filemanager/ajax_calls.phppredictiveHigh
8File/Items/*/RemoteImages/DownloadpredictiveHigh
9File/xxxxxxx/xx/xxxxxxxxxxxx/xxx-xxxxxxxxxxpredictiveHigh
10File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
11File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
12File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHigh
13Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHigh
17Filexxxx_xxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
22Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxx/xxxx.xxpredictiveMedium
25Filexxxxxxxxx.xxx.xxxpredictiveHigh
26Filexx_xxx_xx.xpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
31Filexxxxx.xpredictiveLow
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxx.xpredictiveMedium
34Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxx.xxxxpredictiveHigh
40Filexxx_xxxxx.xxxpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxxxxx-xxxxxx.xxpredictiveHigh
43Filexxxxxxxx/predictiveMedium
44Libraryxxx.xxxpredictiveLow
45Argumentxxx_xxpredictiveLow
46Argumentxxx_xxxxpredictiveMedium
47ArgumentxxxxpredictiveLow
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxpredictiveLow
52ArgumentxxxxxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
55ArgumentxxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxxpredictiveHigh
59Argumentxxx xxxpredictiveLow
60ArgumentxxpredictiveLow
61Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
62Argumentxxxx_xxxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64ArgumentxxxxxxxxxxxxpredictiveMedium
65Argumentxxxxxx[]predictiveMedium
66ArgumentxxxxpredictiveLow
67Input Value\xxx\xxxpredictiveMedium
68Network PortxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!