Gallmaker Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (355)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en274
zh68
de8
ru2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

LA: Laos314
US: USA14
CN: China2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
Ave Maria9
Remcos8
UAC-00508
AsyncRAT8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined146
Content Management System18
Operating System12
Application Server Software10
Groupware Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined130
Microsoft20
Apache12
Oracle8
Google6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Google Android6
CodeIgniter6
Microsoft Exchange Server6
novel-plus4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042770.05CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869680.38CVE-2020-15906
3Leo Khoa Laragon file_upload.php unrestricted upload8.08.0$0-$5k$0-$5kNot definedNot defined 0.016450.00CVE-2024-0864
4Adobe ColdFusion access control7.47.2$0-$5k$0-$5kNot definedOfficial fixexpected0.879190.00CVE-2023-26347
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.33
6Apache ZooKeeper SASL Quorum Peer Authentication authorization7.37.2$5k-$25k$0-$5kNot definedOfficial fix 0.004810.05CVE-2023-44981
7Totolink N200RE cstecgi.cgi loginAuth stack-based overflow7.26.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.002430.05CVE-2024-1004
87-Zip Zstandard Decompression integer underflow7.37.2$0-$5k$0-$5kNot definedOfficial fix 0.275620.05CVE-2024-11477
9EyouCMS Backend login.php deserialization4.74.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.003620.00CVE-2024-3431
10KOHA MARC search.pl cross site scripting4.14.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.002080.00CVE-2023-5025
11CodeIgniter DB_query_builder.php sql injection8.07.9$0-$5k$0-$5kNot definedNot defined 0.000560.06CVE-2022-40835
12Matomo Plugin cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.015160.00CVE-2023-6923
13CodeIgniter old deserialization6.66.5$0-$5k$0-$5kNot definedOfficial fix 0.108660.00CVE-2022-21647
14SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.010200.27CVE-2022-28959
15Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.004930.00CVE-2020-13672
16LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot definedNot defined 0.001640.00CVE-2023-4372
17WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot definedNot defined 0.000000.00
18ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot definedNot defined 0.002740.00CVE-2020-7847
19request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot definedNot definedpossible0.594870.08CVE-2023-27163
20DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.05CVE-2010-0966

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.140.116.124Gallmaker12/17/2020verifiedLow
2XX.XXX.XXX.XXXXxxxxxxxx12/17/2020verifiedLow
3XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxxx12/17/2020verifiedLow

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (192)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/admin/file_manager/exportpredictiveHigh
3File/admin/index2.htmlpredictiveHigh
4File/adminPage/conf/reloadpredictiveHigh
5File/api/baskets/{name}predictiveHigh
6File/api/cron/settings/setJob/predictiveHigh
7File/api/v2/cli/commandspredictiveHigh
8File/api2/html/predictiveMedium
9File/bitrix/admin/ldap_server_edit.phppredictiveHigh
10File/cgi-bin/cstecgi.cgipredictiveHigh
11File/cgi-bin/koha/catalogue/search.plpredictiveHigh
12File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
13File/DXR.axdpredictiveMedium
14File/forum/away.phppredictiveHigh
15File/h/restpredictiveLow
16File/index/ajax/langpredictiveHigh
17File/log/decodmail.phppredictiveHigh
18File/login.php?m=admin&c=Field&a=channel_editpredictiveHigh
19File/log_proxypredictiveMedium
20File/mailcleaner.php/getStatspredictiveHigh
21File/mfsNotice/pagepredictiveHigh
22File/novel/bookSetting/listpredictiveHigh
23File/xxxxx/xxxxxxxxxxxx/xxxxpredictiveHigh
24File/xxx/xxxx/xxxxx.xxxxpredictiveHigh
25File/xxxxxxxx.xxxpredictiveHigh
26File/xxxx.xxxpredictiveMedium
27File/xxxxxxx/xxx/xxxxxxxxxx.xxxx?xxxxxx=xxxxxxxxxxpredictiveHigh
28File/x_xxxxxx_xxxxxxxx_xxxxxxx/xxxxx/xxxxxx/xxxx?x=x.x.x-x-xxxxxxxpredictiveHigh
29File/xx/xxxxx.xxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxx.xxxxxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
34Filexxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxpredictiveMedium
36Filexxxxxxx/xxxxxxxx/xxxxxxxxxxx.xxpredictiveHigh
37Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
40Filexxxxxxx.xpredictiveMedium
41Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
42Filexxxx_xxxxxxx.xxxpredictiveHigh
43Filexxx-xxx/xxxxxxx.xxpredictiveHigh
44Filexxx-xxx/xxxxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
47Filexxx_xxxxx.xxxpredictiveHigh
48Filexxxxx-xxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
51Filexxxxxxxxxxx.xxxpredictiveHigh
52Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxx.xxxxx.xxxpredictiveHigh
54Filexx.xxxpredictiveLow
55Filexxxxxxx/xxx/xxxxxxxx/xxxxxx/xxxxxxx.xpredictiveHigh
56Filexxxx-xxxxxx.xxxpredictiveHigh
57Filexxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
59Filexxxx_xxxxxx.xxxpredictiveHigh
60Filexxxxx.xxxpredictiveMedium
61Filexxxx.xxxpredictiveMedium
62Filexxxxx_xxxx.xxxpredictiveHigh
63Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
64Filexxxxx/xxxx/xxxx.xxxpredictiveHigh
65Filexxx/xxxxxx.xxxpredictiveHigh
66Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
67Filexxxxx.xxxxpredictiveMedium
68Filexxxxx.xxxpredictiveMedium
69Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
70Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
71Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
72Filexxxx_xxxxxxx.xxxpredictiveHigh
73Filexxxxx.xxxxpredictiveMedium
74Filexxxxx.xxxpredictiveMedium
75Filexxxx.xxxxpredictiveMedium
76Filexxxxxxxxx.xpredictiveMedium
77Filexx_xxxx.xpredictiveMedium
78Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
79Filexxxxxxx_xxxx.xxxpredictiveHigh
80Filexxxxxx.xxxpredictiveMedium
81Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxxx.xxxpredictiveMedium
83Filexxxxxxxxxxxxxx.xxxpredictiveHigh
84Filexxxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxx.xxxpredictiveMedium
86Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxx=xxxxxxxxxxpredictiveHigh
87Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
88Filexxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx_xxxx.xxpredictiveHigh
89Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictiveHigh
90Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
91Filexxxxxxx_xxxxxx.xxxpredictiveHigh
92Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
93Filexxxx_xxxxx.xxxxpredictiveHigh
94Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
96Filexxx/xxxx/xxxxpredictiveHigh
97Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
98Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
99Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
100Filexxxx_xxxxxx.xxpredictiveHigh
101Filexxxx-xxxxx.xxxpredictiveHigh
102Filexxxx-xxxxxxxx.xxxpredictiveHigh
103Filexxxxxxxxx.xxxpredictiveHigh
104Filexxxxxx_xxxxx.xxxpredictiveHigh
105Filexxxxxx.xxxpredictiveMedium
106Filexxxxxxx-xxxxx.xxxpredictiveHigh
107Filexxxx_xxxxx.xxxpredictiveHigh
108Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
109Filexxxx.xxxpredictiveMedium
110Filexxxx_xxxxxxx.xxxpredictiveHigh
111Filexxxxxx.xxxpredictiveMedium
112Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
113Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
114Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
115Filexxxx.xxxpredictiveMedium
116File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
117File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
118Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
119Libraryxxxxxxxx.xxxpredictiveMedium
120Argumentxxx_xxxpredictiveLow
121ArgumentxxxxpredictiveLow
122Argumentxxx_xxxxx_xxxxpredictiveHigh
123ArgumentxxxxxxxxxpredictiveMedium
124Argumentx_xxxxpredictiveLow
125ArgumentxxxxxxxxpredictiveMedium
126Argumentxxxxx xxxxxxx xxxx xxxxpredictiveHigh
127Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
128Argumentxxxxx_xxxxpredictiveMedium
129Argumentxxxx_xxx_xxxxpredictiveHigh
130ArgumentxxxxxxxxxxpredictiveMedium
131Argumentxxxxxxx_xxpredictiveMedium
132ArgumentxxxpredictiveLow
133ArgumentxxxxxxxxxxxxxxxpredictiveHigh
134ArgumentxxxxxxpredictiveLow
135Argumentxxxxxxx_xxxxpredictiveMedium
136ArgumentxxxxxxxxxxxxpredictiveMedium
137ArgumentxxxxpredictiveLow
138Argumentxxxxxxxxx_xxxxxxpredictiveHigh
139ArgumentxxxxxxxxxpredictiveMedium
140Argumentxx_xxxxxxxpredictiveMedium
141ArgumentxxxxpredictiveLow
142ArgumentxxxxxxxxpredictiveMedium
143Argumentxxxxxxxx/xxpredictiveMedium
144ArgumentxxxxxpredictiveLow
145Argumentxxxxxx_xxxxxpredictiveMedium
146Argumentxxxxxxxxx/xxxxxxpredictiveHigh
147Argumentxx_xxpredictiveLow
148Argumentxxxxxxx[xxxxxxx]predictiveHigh
149ArgumentxxxxxxxpredictiveLow
150ArgumentxxxxxxpredictiveLow
151ArgumentxxxxxpredictiveLow
152Argumentxxxx_xxxxpredictiveMedium
153ArgumentxxpredictiveLow
154ArgumentxxxpredictiveLow
155ArgumentxxxxxxpredictiveLow
156ArgumentxxxxpredictiveLow
157ArgumentxxxxpredictiveLow
158Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
159ArgumentxxxxxxxxpredictiveMedium
160Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
161ArgumentxxxxxxxpredictiveLow
162ArgumentxxxxpredictiveLow
163ArgumentxxxxpredictiveLow
164Argumentxxxxxx_xxxxxxpredictiveHigh
165ArgumentxxxpredictiveLow
166Argumentxxxxxxxx_xxpredictiveMedium
167Argumentxxxxxx_xxxxxpredictiveMedium
168ArgumentxxxxxxpredictiveLow
169ArgumentxxxxpredictiveLow
170Argumentxxxx_xxxxpredictiveMedium
171ArgumentxxxxpredictiveLow
172ArgumentxxxxxxpredictiveLow
173Argumentxxxxxx[]predictiveMedium
174ArgumentxxxxxxxxxpredictiveMedium
175ArgumentxxxxxxpredictiveLow
176ArgumentxxxxxxxpredictiveLow
177ArgumentxxxpredictiveLow
178ArgumentxxxxxpredictiveLow
179Argumentxxxxx/xxxpredictiveMedium
180Argumentxxxx_xxpredictiveLow
181Argumentxxxxxx[xxx][xxxx]predictiveHigh
182ArgumentxxxpredictiveLow
183ArgumentxxxxxxxxpredictiveMedium
184Argumentxxx:xxxxpredictiveMedium
185Argument\xxxx\xxxxpredictiveMedium
186Argument_xxx_xxxxxxxxxxx_predictiveHigh
187Input Value../predictiveLow
188Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
189Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
190Pattern|xx xx xx xx|predictiveHigh
191Network PortxxxxxpredictiveLow
192Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!