Gorgon Group Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

PK: Pakistan14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NjRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Web Server6
Not Defined4
Cloud Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft8
Not Defined2
MailCleaner2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS6
ROCBOSS2
Microsoft Azure IoT Edge2
Microsoft Hub Device Client SDK for Azure IoT2
MailCleaner Community Edition2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked:

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix
 
0.126630.13CVE-2017-0055
2nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined
 
0.000000.49CVE-2020-12440
3Microsoft Azure IoT Edge/Hub Device Client SDK for Azure IoT MQTT Object memory corruption6.96.8$25k-$100k$5k-$25kNot definedOfficial fix
 
0.186800.00CVE-2018-8531
4PHP GD Extension imagewebp input validation5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial fix
 
0.083380.04CVE-2014-5120
5Microsoft Windows Phone SMS Service cryptographic issues5.75.6$5k-$25k$5k-$25kProof-of-ConceptUnavailable
 
0.067310.02CVE-2012-2993
6Apache HTTP Server ap_some_auth_required access control3.73.2$25k-$100k$0-$5kUnprovenOfficial fix
 
0.248770.03CVE-2015-3185
7MailCleaner Community Edition Logs.php os command injection7.57.5$0-$5k$0-$5kHighNot definedpossible0.759720.00CVE-2018-20323
8ROCBOSS POST Request PostController.php doReward sql injection8.58.5$0-$5k$0-$5kNot definedNot defined
 
0.002640.00CVE-2019-11362
9portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial fixpossible0.884330.03CVE-2012-5958
10Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix
 
0.065950.31CVE-2014-4078
11Microsoft IIS File Name Tilde privileges management6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix
 
0.801400.02CVE-2005-4360
12FiberHome VDSL2 Modem HG 150-UB improper authentication8.58.5$0-$5k$0-$5kNot definedNot defined
 
0.005230.03CVE-2018-9249

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1115.186.136.237115-186-136-237.nayatel.pkGorgon Group12/17/2020verifiedLow

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileapp/controllers/frontend/PostController.phppredictiveHigh
3Filexxx/xxxx/xxxxxxxxxxx/xxxxxx/xxxx.xxxpredictiveHigh
4ArgumentxxxxxpredictiveLow
5Input Value%xxpredictiveLow
6Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
7Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!