GALLIUM Analysisinfo

IOB - Indicator of Behavior (127)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en68
zh40
ru14
pl4
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Traefik4
WordPress4
Linux Kernel4
gVectors wpDiscuz Plugin4
Microsoft IIS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.08CVE-2009-4935
2Synacor Zimbra Collaboration mboximport pathname traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.950820.04CVE-2022-27925
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.12
4Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.08CVE-2009-2441
5Apache Struts ExceptionDelegator input validation8.88.4$5k-$25k$0-$5kHighOfficial Fix0.186480.04CVE-2012-0391
6Schneider Electric Vijeo Designer path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.00CVE-2021-22704
7Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.26CVE-2020-15906
8MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.18CVE-2007-0354
9Hscripts PHP File Browser Script index.php path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2018-16549
10Laravel Framework Token Encrypter.php decrypt deserialization6.86.8$0-$5k$0-$5kHighNot Defined0.967880.05CVE-2018-15133
11Laravel Image Upload ValidatesAttributes.php unrestricted upload5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.028580.03CVE-2021-43617
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.16CVE-2014-4078
13DHIS 2 API Endpoint trackedEntityInstances sql injection7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2021-41187
14UnrealIRCd input validation7.37.3$0-$5k$0-$5kHighNot Defined0.666130.08CVE-2010-2075
15Znuny AJAX Request sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-32493
16JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
17Apache HTTP Server mod_reqtimeout resource management5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.00CVE-2007-6750
18Atlassian JIRA Server/Data Center Private Project key information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.04CVE-2021-39121
19WordPress Admin Pages type confusion6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002740.03CVE-2019-17675
20tough-cookie Cookies prototype pollution7.97.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003030.04CVE-2023-26136

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • PingPull

IOC - Indicator of Compromise (127)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.58.242.229242-58-2-229.hostinginside.comGALLIUM06/22/2022verifiedLow
22.58.242.230242-58-2-230.hostinginside.comGALLIUM06/22/2022verifiedLow
32.58.242.231242-58-2-231.hostinginside.comGALLIUM06/22/2022verifiedLow
42.58.242.232242-58-2-232.hostinginside.comGALLIUM06/22/2022verifiedLow
52.58.242.235242-58-2-235.hostinginside.comGALLIUM06/22/2022verifiedLow
62.58.242.236242-58-2-236.hostinginside.comGALLIUM06/22/2022verifiedLow
75.8.71.97goodluck23.jp.usGALLIUMPingPull06/22/2022verifiedMedium
85.181.25.55vps76.example.comGALLIUMPingPull06/22/2022verifiedLow
95.188.33.237firman00467.example.comGALLIUM06/22/2022verifiedMedium
1037.61.229.104theodore974.example.comGALLIUM06/22/2022verifiedMedium
1137.61.229.106oliver7891.example.comGALLIUM06/22/2022verifiedMedium
1243.254.218.43GALLIUM06/22/2022verifiedMedium
1343.254.218.57GALLIUM06/22/2022verifiedMedium
1443.254.218.98GALLIUM06/22/2022verifiedMedium
1543.254.218.104GALLIUM06/22/2022verifiedMedium
1643.254.218.114GALLIUM06/22/2022verifiedMedium
1745.14.66.23045.14.66.230.static.xtom.comGALLIUM06/22/2022verifiedMedium
1845.76.113.16345.76.113.163.vultrusercontent.comGALLIUM06/22/2022verifiedLow
1945.116.13.15345.116.13.153.static.xtom.hkGALLIUM06/22/2022verifiedMedium
2045.121.50.230GALLIUM06/22/2022verifiedMedium
2145.128.221.61GALLIUM06/22/2022verifiedMedium
2245.128.221.66GALLIUM06/22/2022verifiedMedium
2345.128.221.169GALLIUM06/22/2022verifiedMedium
2445.128.221.172GALLIUM06/22/2022verifiedMedium
2545.128.221.182GALLIUM06/22/2022verifiedMedium
2645.128.221.186GALLIUM06/22/2022verifiedMedium
27XX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
28XX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
29XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
30XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
31XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
32XX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
33XX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
34XX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
35XX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
36XX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
37XX.XXX.XXX.XXXxxxxxx06/22/2022verifiedMedium
38XX.XXX.XXX.XXXxxxxxx06/22/2022verifiedMedium
39XX.XXX.XXX.XXXxxxxxx06/22/2022verifiedMedium
40XX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
41XX.XXX.XXX.XXxxxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
42XX.XX.XX.XXxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
43XX.XX.XXX.XXXxx--xxx-xxxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
44XX.XX.XXX.XXXxx--xxxx-xxxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
45XX.XX.XXX.XXxxxx.xxxXxxxxxxXxxxxxxx06/22/2022verifiedMedium
46XX.XX.XXX.XXXxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
47XX.XX.XXX.XXxxxx.xxxxXxxxxxx06/22/2022verifiedMedium
48XX.XX.XXX.XXXxxxxxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
49XX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
50XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
51XX.XX.XXX.XXxxxxxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
52XX.XXX.XX.XXxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
53XX.XXX.XX.XXXxxxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
54XX.XXX.XX.XXxxxx.xxXxxxxxx06/22/2022verifiedMedium
55XX.XXX.XX.XXXxxxx.xxxXxxxxxx06/22/2022verifiedMedium
56XX.XXX.XX.XXXxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
57XX.XXX.XX.XXXxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
58XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
59XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
60XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
61XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
62XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
63XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
64XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
65XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
66XXX.XX.XXX.XXXxxxx.xxxxxxx.xxXxxxxxx06/22/2022verifiedLow
67XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
68XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
69XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
70XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
71XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
72XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
73XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
74XXX.XX.XX.XXXxxxxxx06/22/2022verifiedMedium
75XXX.XX.XX.XXXXxxxxxx06/22/2022verifiedMedium
76XXX.XXX.XX.XXXxxxxxx06/22/2022verifiedMedium
77XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx-xx.xxxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
78XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx-xx.xxxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
79XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx-xx.xxxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
80XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx-xx.xxxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
81XXX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
82XXX.XXX.XX.XXXxxxxxx06/22/2022verifiedMedium
83XXX.XXX.XX.XXXxxxxxx06/22/2022verifiedMedium
84XXX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
85XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxx.xxXxxxxxx06/22/2022verifiedLow
86XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
87XXX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
88XXX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
89XXX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
90XXX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
91XXX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
92XXX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
93XXX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium
94XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
95XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
96XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
97XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
98XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxx06/22/2022verifiedLow
99XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
100XXX.XXX.XXX.XXXxxxx.xxXxxxxxx06/22/2022verifiedMedium
101XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
102XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
103XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
104XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
105XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
106XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
107XXX.XXX.XXX.XXXxxxxxx06/22/2022verifiedMedium
108XXX.XXX.XXX.XXXxxxxxx06/22/2022verifiedMedium
109XXX.XXX.XX.XXXxxxxxx06/22/2022verifiedMedium
110XXX.XXX.XX.XXXxxxxxx06/22/2022verifiedMedium
111XXX.XXX.XX.XXXxxxxxx06/22/2022verifiedMedium
112XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
113XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
114XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
115XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
116XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
117XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
118XXX.XXX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
119XXX.XXX.XXX.XXXxxxxxx06/22/2022verifiedMedium
120XXX.XXX.XXX.XXXxxxxxx06/22/2022verifiedMedium
121XXX.XXX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
122XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxx06/22/2022verifiedMedium
123XXX.XX.XXX.XXXXxxxxxx06/22/2022verifiedMedium
124XXX.XX.XXX.XXxxxx.xxx.xx.xxx.xx.xxxxxxxxxxx.xxxXxxxxxx06/22/2022verifiedMedium
125XXX.XX.XXX.XXXxxxxxx06/22/2022verifiedMedium
126XXX.XXX.XX.XXXxxxxxx06/22/2022verifiedMedium
127XXX.XXX.XX.XXXXxxxxxx06/22/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/trackedEntityInstancespredictiveHigh
2File/cgi-bin/portalpredictiveHigh
3File/index.phppredictiveMedium
4File/Items/*/RemoteImages/DownloadpredictiveHigh
5File/members/view_member.phppredictiveHigh
6File/mhds/clinic/view_details.phppredictiveHigh
7File/owa/auth/logon.aspxpredictiveHigh
8File/xxxx/xxx/xxxxxx/xxxxxxxxxxxxxxx/xxxpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxx.xxxpredictiveMedium
12Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxx/xxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxxxxpredictiveMedium
22Filexxx_xxxx.xxxpredictiveMedium
23Filexxxxxxxxxx.xxxpredictiveHigh
24Filexxxx-xxxxx.xxxpredictiveHigh
25Filexxx.xpredictiveLow
26Filexxxxxx.xxxpredictiveMedium
27Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
28Libraryxxx/xxxxxx.xpredictiveMedium
29Libraryxxx/xxxxx/xxx/xxx_xx.xxpredictiveHigh
30Libraryxxxx/xxx.xxxpredictiveMedium
31ArgumentxxxxxxxxpredictiveMedium
32ArgumentxxxxxxxxxxxxxxxpredictiveHigh
33ArgumentxxxxxxxxxpredictiveMedium
34ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
35ArgumentxxxxpredictiveLow
36ArgumentxxxxxxxpredictiveLow
37ArgumentxxxxxpredictiveLow
38Argumentxx_xxpredictiveLow
39ArgumentxxxxpredictiveLow
40ArgumentxxpredictiveLow
41ArgumentxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxx xxxxxxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxxxxpredictiveLow
47Argumentxxxxx_xxpredictiveMedium
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxpredictiveLow
50ArgumentxxxxxxpredictiveLow
51Argumentxxxxxxxx[xxxx]predictiveHigh
52ArgumentxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxpredictiveLow
55Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
56Argumentx-xxxx-xxxxxpredictiveMedium
57Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!