Gootkit Analysisinfo

IOB - Indicator of Behavior (274)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en232
ru14
de10
sv10
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

nginx8
OpenSSH8
Microsoft Office6
SugarCRM6
Microsoft Exchange Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1SugarCRM sql injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.011660.06CVE-2020-17373
2SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.05CVE-2023-1504
3nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.17CVE-2020-12440
4SugarCRM Emails sql injection7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.003710.00CVE-2019-17319
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.09CVE-2010-0966
6SugarCRM Configurator input validation5.95.8$0-$5k$0-$5kNot definedOfficial fix 0.005250.08CVE-2019-17306
7SugarCRM Administration sql injection7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.003710.00CVE-2019-17298
8Bitcoin wallet.dat AES Encryption Padding missing encryption7.16.3$0-$5k$0-$5kNot definedOfficial fix 0.000000.15
9Kamailio SIP Invite Request buffer overflow6.66.6$0-$5k$0-$5kNot definedOfficial fix 0.000790.05CVE-2020-27507
10Fortinet FortiOS SSL-VPN out-of-bounds write9.89.7$100k and more$25k-$100kAttackedOfficial fixverified0.915350.03CVE-2024-21762
11Palo Alto Networks PAN-OS GlobalProtect command injection9.49.2$0-$5k$0-$5kAttackedOfficial fixverified0.942940.00CVE-2024-3400
12jQuery Property extend Pollution cross site scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.020220.04CVE-2019-11358
13OpenSSH scp scp.c os command injection6.96.9$5k-$25k$5k-$25kNot definedUnavailablepossible0.661120.13CVE-2020-15778
14jQuery html cross site scripting5.95.8$0-$5k$0-$5kAttackedOfficial fixverified0.118000.03CVE-2020-11023
15Microweber controller.php information disclosure6.46.1$0-$5k$0-$5kNot definedOfficial fix 0.268660.00CVE-2020-13405
16Naviwebs Navigate CMS File Upload navigate_upload.php unrestricted upload7.17.0$0-$5k$0-$5kHighOfficial fixexpected0.806410.07CVE-2018-17553
17Sunny WebBox cross-site request forgery7.57.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.001510.00CVE-2019-13529
18Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix 0.155470.03CVE-2014-4078
19AlienVault Open Source Security Information Management radar-iso27001-potential.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.003040.09CVE-2013-5967
20WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.088390.04CVE-2017-5611

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/addnews.htmlpredictiveHigh
3File/api/runs/search/run/predictiveHigh
4File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
5File/dental_form.phppredictiveHigh
6File/downloadpredictiveMedium
7File/secure/admin/ImporterFinishedPage.jspapredictiveHigh
8File/sp/ListSp.phppredictiveHigh
9File/uncpath/predictiveMedium
10File/_errorpredictiveLow
11File/_xxxxpredictiveLow
12Filexxx.xpredictiveLow
13Filexxxxx/xxxx.xxx?xxxx=xxxxxx_x&xxxx_xxxxpredictiveHigh
14Filexxxx-xxxx.xpredictiveMedium
15Filexxxx_xxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxx/xxxx/xxxx_xxxxxxxx_xxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx.xxxpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxx/xxxxx/xxxxx.xpredictiveHigh
21Filexxxxxxxxxx/xxxxxxxxxxxxxxxx.xxxxxpredictiveHigh
22Filexxxxxx_xxxx.xxxpredictiveHigh
23Filexx-xxxxxxx/xxxxxxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxx/xxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxx_xxxx.xxxpredictiveHigh
28Filexxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxxpredictiveHigh
29Filexxx?xxxx.xxxpredictiveMedium
30Filex_xxxxxxxx_xxxxxpredictiveHigh
31Filexxxxx/xxx_xxxxxxxxpredictiveHigh
32Filexxxxx/xxxxxxxxxpredictiveHigh
33Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
34Filexxxx.xpredictiveLow
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxxpredictiveHigh
38Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
39Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xpredictiveHigh
40Filexxx_xxxxx.xpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
43Filexxxxxx.xpredictiveMedium
44Filexxxxxxxxxxxxx.xpredictiveHigh
45Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
46Filexxx_xxxxx_xxxxxxx.xpredictiveHigh
47Filexxxxxx_xxxx.xpredictiveHigh
48Filexxx.xpredictiveLow
49Filexxxx-xxxxxx.xpredictiveHigh
50Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveHigh
51Filexxxxx-xxxx.xxxpredictiveHigh
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxxxxx.xxxpredictiveMedium
56Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
57Filexx-xxxxx/xxxxx.xxxpredictiveHigh
58Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
59Filexxxxxxx.xxxxpredictiveMedium
60Argument$xxxxx_xxxxxxxxxxpredictiveHigh
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64ArgumentxxxxxxxxxxxxxxxpredictiveHigh
65Argumentxxxx_xxxxpredictiveMedium
66ArgumentxxxxxxxxxxxpredictiveMedium
67Argumentxxxxx/xxxxxxxxpredictiveHigh
68ArgumentxxxxxxxxpredictiveMedium
69Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveHigh
70ArgumentxxpredictiveLow
71Argumentxx_xxxxxpredictiveMedium
72Argumentxxx_xxpredictiveLow
73Argumentxxx_xx/xxxxxx_xxpredictiveHigh
74Argumentx_xxxxxxxxpredictiveMedium
75Argumentxxxx_xxxxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveHigh
80ArgumentxxxxxpredictiveLow
81Argumentxxxx-xxxxx/xxxxxxxpredictiveHigh
82Argumentxxxx/xx/xxxxpredictiveMedium
83ArgumentxxxxxpredictiveLow
84Input Valuexxx?xxxx.xxxpredictiveMedium
85Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh
86Network Portxxx/xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!