GIMF Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (269)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en222
zh36
fr4
pl4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

LA: Laos236
GB: Great Britain12
CN: China10
US: USA8
VN: Vietnam2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
Ave Maria9
AsyncRAT6
RedLine Stealer6
UAC-00504

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined110
Content Management System30
WordPress Plugin10
Application Server Software8
E-Commerce Management Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined110
Microsoft6
Revive4
Apache4
Sophos4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
DedeCMS4
AWStats4
Ecommerce-CodeIgniter-Bootstrap4
Revive Adserver4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.41CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.74CVE-2020-15906
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.46
4Matomo Plugin cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.06CVE-2023-6923
5CodeIgniter old deserialization6.66.5$0-$5kCalculatingNot DefinedOfficial Fix0.099900.05CVE-2022-21647
6SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.64CVE-2022-28959
7Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
8LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
9WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
10ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.06CVE-2020-7847
11request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.094300.05CVE-2023-27163
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.36CVE-2010-0966
13PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.04CVE-2007-1287
14nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.33CVE-2020-12440
15Microsoft Windows Scripting Engine Remote Code Execution5.95.2$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.426260.00CVE-2021-34480
16NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
17DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.04CVE-2022-41479
18Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
19JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
20Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.002540.03CVE-2023-21735

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cyber Jihad

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1111.90.148.5server1.kamon.laGIMFCyber Jihad06/16/2021verifiedLow
2XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedLow
3XXX.XXX.XXX.XXXXxxxXxxxx Xxxxx06/16/2021verifiedLow
4XXX.XXX.XXX.XXxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedLow
5XXX.XXX.XXX.XXXxxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedLow

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (139)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/admin/index2.htmlpredictiveHigh
3File/adminPage/conf/reloadpredictiveHigh
4File/api/baskets/{name}predictiveHigh
5File/api/v2/cli/commandspredictiveHigh
6File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
7File/DXR.axdpredictiveMedium
8File/forum/away.phppredictiveHigh
9File/mfsNotice/pagepredictiveHigh
10File/novel/bookSetting/listpredictiveHigh
11File/novel/userFeedback/listpredictiveHigh
12File/owa/auth/logon.aspxpredictiveHigh
13File/register.phppredictiveHigh
14File/spip.phppredictiveMedium
15File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
16File/zm/index.phppredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx.xxpredictiveMedium
21Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxx.xxxpredictiveMedium
23Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
24Filexxxx_xxxxxxx.xxxpredictiveHigh
25Filexxx-xxx/xxxxxxx.xxpredictiveHigh
26Filexxx-xxx/xxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
29Filexxxxx-xxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
32Filexxxxxxxxxxx.xxxpredictiveHigh
33Filexxxx-xxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Filexxxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxx/xxxxxx.xxxpredictiveHigh
39Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
40Filexxxxx.xxxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
43Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
44Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
45Filexxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxx.xxxxpredictiveMedium
49Filexx_xxxx.xpredictiveMedium
50Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
51Filexxxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
58Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
59Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
60Filexxxx_xxxxx.xxxxpredictiveHigh
61Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
63Filexxx/xxxx/xxxxpredictiveHigh
64Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
65Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
67Filexxxx_xxxxxx.xxpredictiveHigh
68Filexxxx-xxxxx.xxxpredictiveHigh
69Filexxxx-xxxxxxxx.xxxpredictiveHigh
70Filexxxxxx_xxxxx.xxxpredictiveHigh
71Filexxxxxx.xxxpredictiveMedium
72Filexxxxxxx-xxxxx.xxxpredictiveHigh
73Filexxxx_xxxxx.xxxpredictiveHigh
74Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
75Filexxxx.xxxpredictiveMedium
76Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
77Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
78Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
79Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
80Filexxxx.xxxpredictiveMedium
81File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
82File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
83Libraryxxxxxx.xxxpredictiveMedium
84Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
85Argumentxxx_xxxpredictiveLow
86ArgumentxxxxpredictiveLow
87ArgumentxxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxxpredictiveMedium
89Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
90Argumentxxxxx_xxxxpredictiveMedium
91Argumentxxxx_xxx_xxxxpredictiveHigh
92ArgumentxxxxxxxxxxpredictiveMedium
93Argumentxxx_xxpredictiveLow
94ArgumentxxxpredictiveLow
95ArgumentxxxxxxxxxxxxxxxpredictiveHigh
96ArgumentxxxxxxpredictiveLow
97ArgumentxxxxpredictiveLow
98Argumentxxxxxxxxx_xxxxxxpredictiveHigh
99ArgumentxxxxxxxxxpredictiveMedium
100Argumentxx_xxxxxxxpredictiveMedium
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxpredictiveLow
104Argumentxxxxxx_xxxxxpredictiveMedium
105Argumentxxxxxxxxx/xxxxxxpredictiveHigh
106Argumentxx_xxpredictiveLow
107Argumentxxxxxxx[xxxxxxx]predictiveHigh
108ArgumentxxxxxxxpredictiveLow
109ArgumentxxxxxxpredictiveLow
110ArgumentxxxxxpredictiveLow
111ArgumentxxpredictiveLow
112ArgumentxxxpredictiveLow
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxxpredictiveLow
115ArgumentxxxxpredictiveLow
116Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
117ArgumentxxxxxxxxpredictiveMedium
118Argumentxx_xxpredictiveLow
119Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
120ArgumentxxxxxxxpredictiveLow
121ArgumentxxxxpredictiveLow
122Argumentxxxxxx_xxxxxxpredictiveHigh
123Argumentxxxxxxxx_xxpredictiveMedium
124Argumentxxxxxx_xxxxxpredictiveMedium
125Argumentxxxx_xxxxpredictiveMedium
126ArgumentxxxxpredictiveLow
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxxxxpredictiveLow
129ArgumentxxxpredictiveLow
130ArgumentxxxxxpredictiveLow
131ArgumentxxxpredictiveLow
132ArgumentxxxxxxxxpredictiveMedium
133Argument\xxxx\xxxxpredictiveMedium
134Argument_xxx_xxxxxxxxxxx_predictiveHigh
135Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
136Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
137Pattern|xx xx xx xx|predictiveHigh
138Network PortxxxxxpredictiveLow
139Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!