GIMF Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (349)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en262
zh76
pl4
de4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

LA: Laos322
GB: Great Britain16
CN: China6
US: USA4
IR: Iran2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
Ave Maria9
Remcos8
UAC-00507
RedLine Stealer7

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined122
Content Management System26
WordPress Plugin18
Operating System12
Application Server Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined144
Microsoft18
Apache10
Oracle8
Revive4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Microsoft Exchange Server6
Apache Tomcat6
Revive Adserver4
nginx4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042771.04CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.911381.96CVE-2020-15906
3Leo Khoa Laragon file_upload.php unrestricted upload8.08.0$0-$5k$0-$5kNot definedNot defined 0.030430.00CVE-2024-0864
4Adobe ColdFusion access control7.47.2$0-$5k$0-$5kNot definedOfficial fixexpected0.885020.23CVE-2023-26347
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable 0.000000.23
6Apache ZooKeeper SASL Quorum Peer Authentication authorization7.37.2$5k-$25k$0-$5kNot definedOfficial fix 0.000320.03CVE-2023-44981
7Totolink N200RE cstecgi.cgi loginAuth stack-based overflow7.26.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000600.07CVE-2024-1004
87-Zip Zstandard Decompression integer underflow7.37.2$0-$5k$0-$5kNot definedOfficial fix 0.320510.04CVE-2024-11477
9EyouCMS Backend login.php deserialization6.15.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.58CVE-2024-3431
10KOHA MARC search.pl cross site scripting4.14.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000760.03CVE-2023-5025
11CodeIgniter DB_query_builder.php sql injection8.07.9$0-$5k$0-$5kNot definedNot defined 0.000560.04CVE-2022-40835
12Matomo Plugin cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.025330.04CVE-2023-6923
13CodeIgniter old deserialization6.66.5$0-$5k$0-$5kNot definedOfficial fix 0.108660.06CVE-2022-21647
14SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.023051.34CVE-2022-28959
15Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.007660.00CVE-2020-13672
16LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot definedNot defined 0.015320.04CVE-2023-4372
17WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot definedNot defined 0.000000.05
18ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot definedNot defined 0.002740.06CVE-2020-7847
19request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot definedNot definedexpected0.928160.04CVE-2023-27163
20DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.23CVE-2010-0966

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cyber Jihad

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1111.90.148.5server1.kamon.laGIMFCyber Jihad06/16/2021verifiedLow
2XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedLow
3XXX.XXX.XXX.XXXXxxxXxxxx Xxxxx06/16/2021verifiedLow
4XXX.XXX.XXX.XXxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedLow
5XXX.XXX.XXX.XXXxxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedLow

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (184)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/admin/file_manager/exportpredictiveHigh
3File/admin/index2.htmlpredictiveHigh
4File/adminPage/conf/reloadpredictiveHigh
5File/admin_topic.php?action=delallpredictiveHigh
6File/api/baskets/{name}predictiveHigh
7File/api/cron/settings/setJob/predictiveHigh
8File/api/v2/cli/commandspredictiveHigh
9File/api2/html/predictiveMedium
10File/bitrix/admin/ldap_server_edit.phppredictiveHigh
11File/cgi-bin/cstecgi.cgipredictiveHigh
12File/cgi-bin/koha/catalogue/search.plpredictiveHigh
13File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
14File/DXR.axdpredictiveMedium
15File/forum/away.phppredictiveHigh
16File/h/restpredictiveLow
17File/index/ajax/langpredictiveHigh
18File/log/decodmail.phppredictiveHigh
19File/login.php?m=admin&c=Field&a=channel_editpredictiveHigh
20File/log_proxypredictiveMedium
21File/mailcleaner.php/getStatspredictiveHigh
22File/xxxxxxxxx/xxxxpredictiveHigh
23File/xxxxx/xxxxxxxxxxx/xxxxpredictiveHigh
24File/xxxxx/xxxxxxxxxxxx/xxxxpredictiveHigh
25File/xxx/xxxx/xxxxx.xxxxpredictiveHigh
26File/xxxxxxxx.xxxpredictiveHigh
27File/xxxx.xxxpredictiveMedium
28File/xxxxxxx/xxx/xxxxxxxxxx.xxxx?xxxxxx=xxxxxxxxxxpredictiveHigh
29File/x_xxxxxx_xxxxxxxx_xxxxxxx/xxxxx/xxxxxx/xxxx?x=x.x.x-x-xxxxxxxpredictiveHigh
30File/xx/xxxxx.xxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
34Filexxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxpredictiveMedium
36Filexxxxxxx/xxxxxxxx/xxxxxxxxxxx.xxpredictiveHigh
37Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
40Filex:\xxxxxxx xxxxx (xxx)\xxxxxxxx\xxx\xxxxxx.xxxpredictiveHigh
41Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
42Filexxxx_xxxxxxx.xxxpredictiveHigh
43Filexxx-xxx/xxxxxxx.xxpredictiveHigh
44Filexxx-xxx/xxxxxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
47Filexxx_xxxxx.xxxpredictiveHigh
48Filexxxxx-xxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
51Filexxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxx.xxxxx.xxxpredictiveHigh
53Filexxxx-xxxxxx.xxxpredictiveHigh
54Filexxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
56Filexxxx_xxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexxxxx_xxxx.xxxpredictiveHigh
60Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxxx/xxxx/xxxx.xxxpredictiveHigh
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
64Filexxxxx.xxxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
67Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
68Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
69Filexxxx_xxxxxxx.xxxpredictiveHigh
70Filexxxxx.xxxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxx.xxxxpredictiveMedium
73Filexx_xxxx.xpredictiveMedium
74Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
75Filexxxxxxx_xxxx.xxxpredictiveHigh
76Filexxxxxx.xxxpredictiveMedium
77Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxx.xxxpredictiveMedium
79Filexxxxxxx.xxxpredictiveMedium
80Filexxxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxx=xxxxxxxxxxpredictiveHigh
83Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
84Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
85Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
87Filexxxx_xxxxx.xxxxpredictiveHigh
88Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
89Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
90Filexxx/xxxx/xxxxpredictiveHigh
91Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
92Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
93Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
94Filexxxx_xxxxxx.xxpredictiveHigh
95Filexxxx-xxxxx.xxxpredictiveHigh
96Filexxxx-xxxxxxxx.xxxpredictiveHigh
97Filexxxxxx_xxxxx.xxxpredictiveHigh
98Filexxxxxx.xxxpredictiveMedium
99Filexxxxxxx-xxxxx.xxxpredictiveHigh
100Filexxxx_xxxxx.xxxpredictiveHigh
101Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
102Filexxxx.xxxpredictiveMedium
103Filexxxx_xxxxxxx.xxxpredictiveHigh
104Filexxxxxx.xxxpredictiveMedium
105Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
106Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
107Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
108Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
109Filexxxx.xxxpredictiveMedium
110File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
111File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
112Libraryxxxxxx.xxxpredictiveMedium
113Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
114Libraryxxxxxxxx.xxxpredictiveMedium
115Argumentxxx_xxxpredictiveLow
116ArgumentxxxxpredictiveLow
117Argumentxxx_xxxxx_xxxxpredictiveHigh
118ArgumentxxxxxxxxxpredictiveMedium
119Argumentx_xxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121Argumentxxxxx xxxxxxx xxxx xxxxpredictiveHigh
122Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
123Argumentxxxxx_xxxxpredictiveMedium
124Argumentxxxx_xxx_xxxxpredictiveHigh
125ArgumentxxxxxxxxxxpredictiveMedium
126Argumentxxx_xxpredictiveLow
127Argumentxxxxxxx_xxpredictiveMedium
128ArgumentxxxpredictiveLow
129ArgumentxxxxxxxxxxxxxxxpredictiveHigh
130ArgumentxxxxxxpredictiveLow
131Argumentxxxxxxx_xxxxpredictiveMedium
132ArgumentxxxxpredictiveLow
133Argumentxxxxxxxxx_xxxxxxpredictiveHigh
134ArgumentxxxxxxxxxpredictiveMedium
135Argumentx_xxpredictiveLow
136Argumentxx_xxxxxxxpredictiveMedium
137ArgumentxxxxpredictiveLow
138ArgumentxxxxxxxxpredictiveMedium
139Argumentxxxxxxxx/xxpredictiveMedium
140ArgumentxxxxxpredictiveLow
141Argumentxxxxxx_xxxxxpredictiveMedium
142Argumentxxxxxxxxx/xxxxxxpredictiveHigh
143Argumentxx_xxpredictiveLow
144Argumentxxxxxxx[xxxxxxx]predictiveHigh
145ArgumentxxxxxxxpredictiveLow
146ArgumentxxxxxxpredictiveLow
147ArgumentxxxxxpredictiveLow
148Argumentxxxx_xxxxpredictiveMedium
149ArgumentxxpredictiveLow
150ArgumentxxxpredictiveLow
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxpredictiveLow
153ArgumentxxxxpredictiveLow
154Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
155ArgumentxxxxxxxxpredictiveMedium
156Argumentxx_xxpredictiveLow
157Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
158ArgumentxxxxxxxpredictiveLow
159ArgumentxxxxpredictiveLow
160ArgumentxxxxpredictiveLow
161Argumentxxxxxx_xxxxxxpredictiveHigh
162Argumentxxxxxxxx_xxpredictiveMedium
163Argumentxxxxxx_xxxxxpredictiveMedium
164ArgumentxxxxpredictiveLow
165Argumentxxxx_xxxxpredictiveMedium
166ArgumentxxxxpredictiveLow
167ArgumentxxxxxxpredictiveLow
168Argumentxxxxxx[]predictiveMedium
169ArgumentxxxxxxxxxpredictiveMedium
170ArgumentxxxxxxpredictiveLow
171ArgumentxxxxxxxpredictiveLow
172ArgumentxxxpredictiveLow
173ArgumentxxxxxpredictiveLow
174Argumentxxxxxx[xxx][xxxx]predictiveHigh
175ArgumentxxxpredictiveLow
176ArgumentxxxxxxxxpredictiveMedium
177Argument\xxxx\xxxxpredictiveMedium
178Argument_xxx_xxxxxxxxxxx_predictiveHigh
179Input Value../predictiveLow
180Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
181Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
182Pattern|xx xx xx xx|predictiveHigh
183Network PortxxxxxpredictiveLow
184Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!