Goldfin Analysis

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en64
fr2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
PHP4
Microsoft Exchange Server4
IBM WebSphere Application Server2
Web4Future eCommerce2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.58CVE-2010-0966
2TYPO3 ImageMagick/GraphicsMagick input validation7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.007750.00CVE-2019-11832
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4Amazon Echo/Echo Dot/Echo Show/Echo Spot Listening Spying session fixiation3.83.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001050.00CVE-2018-11567
5Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.015020.04CVE-2022-23277
6vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.01CVE-2016-6195
7YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
8Oracle MySQL Server InnoDB access control7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001560.02CVE-2018-3064
9Contact Form 7 Plugin unrestricted upload6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.001610.04CVE-2023-6449
10Omnisend Email Marketing for WooCommerce Plugin information disclosure5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-47244
11PixelYourSite Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-2584
12TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000970.04CVE-2023-0618
13TRENDnet TEW-652BRP Web Interface ping.ccp command injection8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.08CVE-2023-0640
14PHP Cookie input validation5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005480.00CVE-2022-31629
151C-Bitrix Bitrix24 AD/LDAP ldap_server_edit.php insufficiently protected credentials4.64.5$0-$5k$0-$5kNot DefinedNot Defined0.001040.03CVE-2022-43959
16Profile Builder Plugin wppb_front_end_password_recovery unverified password change8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.000730.00CVE-2023-2297
17WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
18Abraham Williams TwitterOAuth input validation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000930.00CVE-2011-5243
19Hangzhou Xiongmai XMeye P2P Cloud Server hard-coded credentials6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000800.04CVE-2018-17919
20Microsoft Exchange Server information disclosure5.85.3$5k-$25k$0-$5kUnprovenOfficial Fix0.001440.00CVE-2022-24463

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bitrix/admin/ldap_server_edit.phppredictiveHigh
2File/debug/pprofpredictiveMedium
3File/redbin/rpwebutilities.exe/textpredictiveHigh
4File/rules/REQUEST-932-APPLICATION-ATTACK-RCE.confpredictiveHigh
5File/xxxxxxx/predictiveMedium
6Filexxx_xx.xxxpredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx/xxx/x_xxx.xpredictiveHigh
9Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxx.xxxpredictiveHigh
18Filexxxx.xxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveLow
21Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
22ArgumentxxxpredictiveLow
23ArgumentxxxxxxpredictiveLow
24ArgumentxxxxxxxpredictiveLow
25Argumentxxxx_xxpredictiveLow
26ArgumentxxxpredictiveLow
27Network Portxxx/xx (xxxxxx)predictiveHigh
28Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!