GoldBrute Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en17
fr1

Country

cn15
us3

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Anti-Web write.cgi path traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-9097
2Google Chrome Resource Timing API redirect5.45.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2017-15419
3Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.94CVE-2020-1927
4Technicolor DPC3928SL cross site scripting4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2018-20379
5Joomla CMS File Upload media.php input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.04CVE-2013-5576
6SmartMesh transferProxy integer overflow7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2018-10376
7BusyBox DHCP Server input validation7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2011-2716
8nanopool Claymore Dual Miner API input validation6.26.2$0-$5k$0-$5kHighNot Defined0.05CVE-2018-1000049
9Dasan GPON ONT WiFi Router H640X login_action.cgi login_action memory corruption8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.00CVE-2017-18046
10Zhone Technologies Gpon 2520 input validation7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.06CVE-2015-2055
11Wireshark netmon.c netmonrec_comment_destroy memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-6836
12Ovislink AirLive WL2600CAM Camera access control9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.07CVE-2013-3686
13AirLive BU-2015/BU-3026/WL-2000CAM/POE-200CAM Web Server wireless_mft.cgi os command injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2014-8389
14ZTE ZXDSL tr69cfg.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2014-9021
15Swsoft Plesk login_up.php3 cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2004-2702
16Google Chrome PDFium use after free7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.00CVE-2017-5111
17tcpdump print-sl.c sliplink_print memory corruption8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2017-11543

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
1104.156.249.231104.156.249.231.vultrusercontent.comGoldBruteHigh
2XXX.XXX.XXX.XXXXxxxxxxxxHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/cgi-bin/login_action.cgiHigh
2Fileadministrator/components/com_media/helpers/media.phpHigh
3Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxHigh
4Filexxx-xxx/xxxxx.xxxHigh
5Filexxxxx_xx.xxxxHigh
6Filexxxxx-xx.xMedium
7Filexxxxxxx.xxxMedium
8Filexxxxxxx/xxxxxx.xHigh
9ArgumentxxxxxxxxMedium
10Argumentxxxxx_xxxxMedium
11ArgumentxxxxxxxxxxxMedium
12ArgumentxxxxxxxLow
13ArgumentxxxxxxxxMedium
14Argument_xxx/_xxxxxMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!