Gafgyt Analysis

IOB - Indicator of Behavior (460)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en396
ru58
ja2
pl2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us236
sc154
li12
ca8
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server24
Microsoft Windows22
Joomla CMS22
WordPress12
GitLab Community Edition10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable5.800.00000
2Zyxel ARMOR Z1/ARMOR Z2 CGI Program os command injection8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00053CVE-2021-4029
3Joomla CMS com_actionslogs injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01685CVE-2019-12765
4esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.060.00135CVE-2010-4996
5Microsoft Windows Active Directory Federation Services ls server-side request forgery7.97.9$25k-$100k$25k-$100kNot DefinedNot Defined0.020.00481CVE-2018-16794
6CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00155CVE-2019-15862
7Joomla CMS Cache information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00326CVE-2017-9933
8Joomla CMS CSRF Token cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00571CVE-2017-9934
9Jetty URI access control5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.45704CVE-2021-34429
10Microsoft Windows SNMP GET Remote Code Execution7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.45448CVE-1999-0517
11GitLab Community Edition/Enterprise Edition Password Reset password recovery8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.80716CVE-2023-7028
12Kyocera MFP Net View insufficiently protected credentials6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01011CVE-2022-1026
13WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00467CVE-2022-21664
14SAP Knowledge Warehouse KW cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00418CVE-2021-42063
15portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.030.97445CVE-2012-5958
16Dropbear SSH input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02911CVE-2016-7406
17Joomla CMS mod_latestactions cross site scripting5.24.9$5k-$25kCalculatingNot DefinedOfficial Fix0.000.00103CVE-2020-24599
18Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00668CVE-2022-27228
19Communigate Pro Pronto! Mail Composer Stored cross site scripting5.25.2$0-$5kCalculatingNot DefinedNot Defined0.000.00165CVE-2018-18621
20phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined1.400.00317CVE-2005-3791

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (129)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adfs/lspredictiveMedium
2File/admin/sysmon.phppredictiveHigh
3File/api/content/posts/commentspredictiveHigh
4File/cimompredictiveLow
5File/debug/pprofpredictiveMedium
6File/forum/away.phppredictiveHigh
7File/Home/GetAttachmentpredictiveHigh
8File/LogoStore/search.phppredictiveHigh
9File/MIME/INBOX-MM-1/predictiveHigh
10File/modules/projects/vw_files.phppredictiveHigh
11File/sm/api/v1/firewall/zone/servicespredictiveHigh
12File/usr/bin/pkexecpredictiveHigh
13File/var/run/zabbixpredictiveHigh
14Fileadclick.phppredictiveMedium
15Filexxxxx/xxxxxx.xxxpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxx-xxxx.xpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictiveHigh
21Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxx-xxx/xxxxxxx.xxpredictiveHigh
23Filexxx-xxx/xxxx_xxx.xxxpredictiveHigh
24Filexxxxxx.xpredictiveMedium
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxx/xxxxpredictiveMedium
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx_xxx.xpredictiveMedium
29Filexxxxxxxxxxxxxx.xxpredictiveHigh
30Filexxxxxxxx.xxxxpredictiveHigh
31Filexxxxxxxxxx.xxxxpredictiveHigh
32Filexx/xxxxxxx/xxx.xpredictiveHigh
33Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveHigh
34Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxx_xxxxxxx.xxxxpredictiveHigh
38Filexxxxxx.xpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxx_x.xx.xpredictiveHigh
41Filexxxxxx.xxpredictiveMedium
42Filexxxxxxxxxxxx/xxx.xpredictiveHigh
43Filexxx_xxxxxxxxx.xpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxx_xxxx.xxxpredictiveMedium
46Filexxx_xxxxx_xxxx.xpredictiveHigh
47Filexxxxxxxxxxxxxx.xxxxxpredictiveHigh
48Filexxx_xxxx.xxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxx/xxxxpredictiveMedium
51Filexxx/xxxxx.xxxxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
54Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveHigh
58Filexxx_xxxxx_xxxxxxxxx.xpredictiveHigh
59Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
60Filexxxxx.xxxpredictiveMedium
61Filexxx/xxxx.xxpredictiveMedium
62Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveHigh
64Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
65Filexxxx.xxxpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxx.xxxpredictiveLow
68Filexxx xxxx xxxxxxxpredictiveHigh
69Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
71Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
72Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
73Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveHigh
74Libraryxxxx.xxxpredictiveMedium
75Argument-xpredictiveLow
76ArgumentxxxxxxpredictiveLow
77ArgumentxxxxxxxxxxxxxxpredictiveHigh
78ArgumentxxxxxxxpredictiveLow
79ArgumentxxxxxxpredictiveLow
80Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveHigh
81ArgumentxxxxxxxpredictiveLow
82Argumentxxxxxx/xxxxxxxpredictiveHigh
83Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxpredictiveLow
86Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
87ArgumentxxxxpredictiveLow
88Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveHigh
89ArgumentxxpredictiveLow
90ArgumentxxxxxxxxxxxpredictiveMedium
91Argumentxxxxxxx_xxxxpredictiveMedium
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxxxxxxxpredictiveMedium
96Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveHigh
97ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
98ArgumentxxxxxxxpredictiveLow
99ArgumentxxxxxxxxpredictiveMedium
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102Argumentxxxx_xxpredictiveLow
103ArgumentxxpredictiveLow
104ArgumentxxxxxpredictiveLow
105Argumentxxxxx/xxxxxxxxpredictiveHigh
106ArgumentxxxxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108Argumentxxxxxx_xxxxxxpredictiveHigh
109Argumentxxxxxx_xxxxxxpredictiveHigh
110Argumentxxxxx_xxxxxx_xxxxxxxxpredictiveHigh
111ArgumentxxxpredictiveLow
112Argumentxx_xxx_xxxxxpredictiveMedium
113ArgumentxxxxxxxxxxxpredictiveMedium
114ArgumentxxxpredictiveLow
115Argumentxxxxxxxx/xxxxpredictiveHigh
116ArgumentxxxxxpredictiveLow
117Input Value../predictiveLow
118Input Valuex!x@x#x$x%xpredictiveMedium
119Input Valuexxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=predictiveHigh
120Input Value\xpredictiveLow
121Patternxxxxxxx-xxxx|xx|predictiveHigh
122Pattern|xx|xx|xx|predictiveMedium
123Pattern|xx xx xx xx|predictiveHigh
124Network Portxxxx/xxxxpredictiveMedium
125Network Portxxx/xx (xxxx)predictiveHigh
126Network Portxxx/xxpredictiveLow
127Network Portxxx/xxxpredictiveLow
128Network Portxxx/xxxxpredictiveMedium
129Network Portxxx/xxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!