Goldfin Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en70
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA40
IR: Iran8
RU: Russia8
SE: Sweden2
AU: Australia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Patchwork2
Carbanak1
Goldfin1
Silence1
Baldr1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Forum Software6
SCADA Software4
WordPress Plugin4
E-Commerce Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Schneider Electric4
TRENDnet4
D-Link2
Zeus2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

TRENDnet TEW-652BRP4
YaBB2
Schneider Electric Modicon M5802
Schneider Electric Modicon M3402
Schneider Electric Modicon Quantum2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.00CVE-2010-0966
2TYPO3 ImageMagick/GraphicsMagick input validation7.47.2$5k-$25k$0-$5kNot definedOfficial fix 0.008990.02CVE-2019-11832
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
4Amazon Echo/Echo Dot/Echo Show/Echo Spot Listening Spying session fixiation3.63.5$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.002090.05CVE-2018-11567
5Microsoft Exchange Server privilege escalation8.88.3$25k-$100k$0-$5kHighOfficial fixpossible0.729900.00CVE-2022-23277
6vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial fixexpected0.847730.07CVE-2016-6195
7YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.005210.00CVE-2004-2402
8Oracle MySQL Server InnoDB access control7.17.0$5k-$25k$0-$5kNot definedOfficial fix 0.003550.08CVE-2018-3064
9ProFTPD mod_copy File access control7.37.0$0-$5k$0-$5kHighOfficial fixexpected0.941110.35CVE-2015-3306
10Joseph C Dolson My Calendar Plugin cross site scripting4.44.4$0-$5k$0-$5kNot definedOfficial fix 0.001130.02CVE-2024-1274
11Contact Form 7 Plugin unrestricted upload6.76.6$0-$5k$0-$5kNot definedNot defined 0.165600.08CVE-2023-6449
12Omnisend Email Marketing for WooCommerce Plugin information disclosure5.75.7$0-$5k$0-$5kNot definedNot defined 0.004750.00CVE-2023-47244
13PixelYourSite Plugin cross site scripting2.42.4$0-$5k$0-$5kNot definedNot defined 0.001760.00CVE-2023-2584
14TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption7.56.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.00CVE-2023-0618
15TRENDnet TEW-652BRP Web Interface ping.ccp command injection8.17.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.006900.04CVE-2023-0640
16PHP Cookie input validation6.05.9$5k-$25k$0-$5kNot definedOfficial fix 0.320380.06CVE-2022-31629
171C-Bitrix Bitrix24 AD/LDAP ldap_server_edit.php insufficiently protected credentials4.64.5$0-$5k$0-$5kNot definedNot defined 0.004260.00CVE-2022-43959
18Profile Builder Plugin wppb_front_end_password_recovery unverified password change8.18.1$0-$5k$0-$5kNot definedNot defined 0.001810.00CVE-2023-2297
19WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot definedNot defined 0.207960.00CVE-2022-3590
20Abraham Williams TwitterOAuth input validation6.56.5$0-$5k$0-$5kNot definedNot defined 0.001340.00CVE-2011-5243

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.8.88.64Goldfin12/22/2020verifiedLow
2X.XXX.XX.XXXXxxxxxx12/22/2020verifiedLow
3XX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxxx12/22/2020verifiedLow
4XX.XXX.XXX.XXXXxxxxxx12/22/2020verifiedLow
5XXX.XX.XX.XXXxx.xxxxxxx.xxXxxxxxx12/22/2020verifiedLow

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bitrix/admin/ldap_server_edit.phppredictiveHigh
2File/debug/pprofpredictiveMedium
3File/redbin/rpwebutilities.exe/textpredictiveHigh
4File/rules/REQUEST-932-APPLICATION-ATTACK-RCE.confpredictiveHigh
5File/xxxxxxx/predictiveMedium
6Filexxx_xx.xxxpredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx/xxx/x_xxx.xpredictiveHigh
9Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxx.xxxpredictiveHigh
18Filexxxx.xxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveLow
21Argumentxxxx/xxxxpredictiveMedium
22Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
23ArgumentxxxpredictiveLow
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxxxxxpredictiveLow
26Argumentxxxx_xxpredictiveLow
27ArgumentxxxpredictiveLow
28Network Portxxx/xx (xxxxxx)predictiveHigh
29Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!