Goldfin Analysis

IOB - Indicator of Behavior (55)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Exim2
PHP2
nginx2
HP LaserJet2
WordPress2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
3Amazon Echo/Echo Dot/Echo Show/Echo Spot Listening Spying session fixiation3.83.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01018CVE-2018-11567
4Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.25101CVE-2022-23277
5vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.01564CVE-2016-6195
6YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.01213CVE-2004-2402
7Oracle MySQL Server InnoDB access control7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01282CVE-2018-3064
8Hangzhou Xiongmai XMeye P2P Cloud Server hard-coded credentials6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-17919
9Microsoft Exchange Server information disclosure5.85.3$5k-$25k$0-$5kUnprovenOfficial Fix0.020.01150CVE-2022-24463
10Kubernetes kubelet pprof information disclosure7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.62923CVE-2019-11248
11Zeus Zeus Web Server Admin Server cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2010-0363
12Moodle Quiz Question injection5.85.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00954CVE-2018-10891
13Cisco Identity Services Engine Support Tunnel config6.05.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2018-0275
14Green Packet DX-350 hard-coded credentials8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-9932
15PHP AES-CCM openssl_encrypt input validation4.24.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02686CVE-2020-7069
16WordPress Post Type input validation6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01104CVE-2018-20152
17Schneider Electric Modicon M580 access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-7842
18Schneider Electric Modicon M221 Password Change access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2018-7791
19Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
20Exim Expansion data processing9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.53745CVE-2019-13917

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/debug/pprofpredictiveMedium
2File/redbin/rpwebutilities.exe/textpredictiveHigh
3File/rules/REQUEST-932-APPLICATION-ATTACK-RCE.confpredictiveHigh
4File/uncpath/predictiveMedium
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxx/xxx/x_xxx.xpredictiveHigh
7Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxx.xxpredictiveLow
16ArgumentxxxxxxxxpredictiveMedium
17ArgumentxxxxxpredictiveLow
18Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
19ArgumentxxxpredictiveLow
20ArgumentxxxxxxpredictiveLow
21ArgumentxxxxxxxpredictiveLow
22Argumentxxxx_xxpredictiveLow
23ArgumentxxxpredictiveLow
24Network Portxxx/xx (xxxxxx)predictiveHigh
25Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!