GoldBrute Analysis

IOB - Indicator of Behavior (20)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn16
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SmartMesh2
tcpdump2
Swsoft Plesk2
BusyBox2
GetSimple CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Anti-Web write.cgi path traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.010.14903CVE-2017-9097
2ChurchInfo GET Request CartView.php unrestricted upload7.57.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.58140CVE-2021-43258
3GetSimple CMS theme-edit.php credentials management8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.030.79620CVE-2019-11231
4Google Chrome Resource Timing API redirect5.45.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.01213CVE-2017-15419
5Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.090.07767CVE-2020-1927
6Technicolor DPC3928SL cross site scripting4.54.5$0-$5kCalculatingNot DefinedNot Defined0.010.00885CVE-2018-20379
7Joomla CMS File Upload media.php input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.070.85088CVE-2013-5576
8SmartMesh transferProxy integer overflow7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00954CVE-2018-10376
9BusyBox DHCP Server input validation7.57.2$0-$5kCalculatingNot DefinedOfficial Fix0.010.01537CVE-2011-2716
10nanopool Claymore Dual Miner API input validation6.26.2$0-$5k$0-$5kHighNot Defined0.010.60894CVE-2018-1000049
11Dasan GPON ONT WiFi Router H640X login_action.cgi login_action memory corruption8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.020.05785CVE-2017-18046
12Zhone Technologies Gpon 2520 input validation7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.07584CVE-2015-2055
13Wireshark netmon.c netmonrec_comment_destroy memory corruption8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.040.01213CVE-2018-6836
14Ovislink AirLive WL2600CAM Camera access control9.89.3$0-$5kCalculatingProof-of-ConceptNot Defined0.020.01055CVE-2013-3686
15AirLive BU-2015/BU-3026/WL-2000CAM/POE-200CAM Web Server wireless_mft.cgi os command injection8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01213CVE-2014-8389
16ZTE ZXDSL tr69cfg.cgi cross site scripting4.34.3$0-$5kCalculatingNot DefinedNot Defined0.000.01213CVE-2014-9021
17Swsoft Plesk login_up.php3 cross site scripting4.33.9$0-$5kCalculatingProof-of-ConceptOfficial Fix0.020.03129CVE-2004-2702
18Google Chrome PDFium use after free7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01319CVE-2017-5111
19tcpdump print-sl.c sliplink_print memory corruption8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01108CVE-2017-11543

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1104.156.249.231104.156.249.231.vultrusercontent.comGoldBruteverifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/login_action.cgipredictiveHigh
2Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
3FileCartView.phppredictiveMedium
4Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictiveHigh
5Filexxx-xxx/xxxxx.xxxpredictiveHigh
6Filexxxxx_xx.xxxxpredictiveHigh
7Filexxxxx-xx.xpredictiveMedium
8Filexxxxx-xxxx.xxxpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxx/xxxxxx.xpredictiveHigh
11ArgumentxxxxxxxxpredictiveMedium
12Argumentxxxxx_xxxxpredictiveMedium
13ArgumentxxxxxxxxxxxpredictiveMedium
14ArgumentxxxxxxxpredictiveLow
15ArgumentxxxxxxxxpredictiveMedium
16Argument_xxx/_xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!