Gelsemium Analysis

IOB - Indicator of Behavior (26)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh12
en10
pt2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn18
us4
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Oracle Database Server2
Parallels Plesk Panel2
D-Link DIR-550A2
D-Link DIR-604M2
NVIDIA GeForce Experience2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1ZCMS ThinkPHP sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-19705
2prototypejs Prototype JavaScript framework Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.24563CVE-2008-7220
3KDE Django Extract sql injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.15351CVE-2022-34265
4NVIDIA GeForce Experience nvcontainer.exe access control7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2020-5978
5Microsoft Windows Runtime Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.000.12761CVE-2022-21971
6Parallels Plesk Panel index.htm cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-18793
7Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-19464
8ZCMS sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00954CVE-2015-7346
9ZCMS cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-9078
10Microsoft Windows Print Spooler Local Privilege Escalation7.56.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.16435CVE-2021-1675
11Jfinal CMS FileManagerController.java FileManager.rename access control6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.01978CVE-2020-19155
12Redis BIT Command out-of-bounds7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.05822CVE-2021-32761
13OpenLiteSpeed WebAdmin Console input validation9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2020-5519
14FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2015-10003
15ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-10225
16Oracle Database Server Java VM access control3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2019-2547
17Oracle Database Server Java VM access control8.78.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00890CVE-2018-3110
18Oracle E-Business Suite Scripting iesfootprint.jsp access control9.18.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.12885CVE-2017-3549
19Kerio Control print.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01139CVE-2014-3857
20Hikvision NVR DS-77xxxNI-E4 PSIA memory corruption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2015-4407

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/public/login.htmpredictiveHigh
3Fileadmin.phppredictiveMedium
4Filexxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
7Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
8Filexxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictiveHigh
11Filexxxx/xxx.xxx?xx=xxxxxxpredictiveHigh
12ArgumentxxxxxxxxpredictiveMedium
13Argumentxxxx/xxxxxx_xxxxpredictiveHigh
14ArgumentxxxxxxxxpredictiveMedium
15Argumentx_xxpredictiveLow
16Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveHigh
17Input ValuexxxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!