Curious Gorge Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (131)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en80
zh46
es2
ru2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn88
us26
ca10
ru6
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
Cobalt Strike2
BadBazaar2
APT411
pupy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Operating System12
Firewall Software6
Content Management System6
Web Browser6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Microsoft8
Apple4
Oracle4
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Mozilla Firefox4
Mozilla Firefox ESR4
Mozilla Thunderbird4
Apple Mac OS X2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.97384CVE-2023-32315
2Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25kCalculatingNot DefinedOfficial Fix0.050.00342CVE-2003-0882
3Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00151CVE-2020-11583
4OpenVPN Access Server Web Portal entropy5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00151CVE-2022-33738
5Essential Addons for Elementor Plugin password recovery8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.020.03267CVE-2023-32243
6Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2019-12215
7Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00628CVE-2020-14179
8Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.040.00043CVE-2023-36036
9Freemius SDK Plugin fs_request_get cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00000CVE-2023-33999
10ZFile 1 unrestricted upload7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00252CVE-2022-40050
11Hytec Inter HWL-2511-SS Command Line Interface command injection9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00108CVE-2022-36554
12Cortex Alertmanager Config file inclusion5.45.3$0-$5kCalculatingNot DefinedOfficial Fix0.030.00082CVE-2022-23536
13Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00196CVE-2020-11878
14Fortinet FortiOS CLI Command path traversal6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.080.06752CVE-2022-41328
15Weaver E-Office File Upload utility_all.php command injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00064CVE-2023-2647
16Rocket.Chat 2FA session fixiation7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00091CVE-2023-28316
17SourceCodester Lost and Found Information System access control7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00067CVE-2023-2670
18SourceCodester Online Computer and Laptop Store Master.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00077CVE-2023-2661
19SourceCodester AC Repair and Services System sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00077CVE-2023-2656
20Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2018-25085

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.108.119t200514-1.comCurious Gorge03/30/2022verifiedHigh
2XX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedHigh
3XX.XXX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedHigh
4XXX.XX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedHigh
5XXX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/classes/Master.phppredictiveHigh
3File/classes/Master.php?f=delete_servicepredictiveHigh
4File/etc/postfix/sender_loginpredictiveHigh
5File/file/upload/1predictiveHigh
6File/filemanager/ajax_calls.phppredictiveHigh
7File/Items/*/RemoteImages/DownloadpredictiveHigh
8File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
9File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
11File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHigh
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHigh
16Filexxxx_xxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
21Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxx.xxxpredictiveHigh
24Filexx_xxx_xx.xpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
28Filexxxxx.xpredictiveLow
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxx_xxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexxxxxx-xxxxxx.xxpredictiveHigh
40Filexxxxxxxx/predictiveMedium
41Libraryxxx.xxxpredictiveLow
42Argumentxxx_xxpredictiveLow
43Argumentxxx_xxxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxxxxxpredictiveLow
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxpredictiveLow
49ArgumentxxxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
52ArgumentxxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxxxxxxpredictiveHigh
56Argumentxxx xxxpredictiveLow
57ArgumentxxpredictiveLow
58Argumentxxxx_xxxxxpredictiveMedium
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxxxxxpredictiveMedium
61Argumentxxxxxx[]predictiveMedium
62ArgumentxxxxpredictiveLow
63Input Value\xxx\xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!