GoTitan Botnet Analysisinfo

IOB - Indicator of Behavior (20)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en12
zh4
pl2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Zyxel NWA-1100-NH2
Phplinkdirectory PHP Link Directory2
Open-Xchange OX App Suite2
mySCADA myPRO2
Ipswitch IMail2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Form.io Email Template injection8.68.6$0-$5k$0-$5kNot DefinedNot Defined0.005710.00CVE-2020-28246
2TP-LINK TL-WR841ND popupSiteSurveyRpm.htm stack-based overflow6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.13CVE-2024-9284
3EGavilan Media Contact-Form-With-Messages-Entry-Management Addmessage.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001740.00CVE-2021-44097
4francoisjacquet rosariosis length parameter8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001970.00CVE-2022-2714
5Ipswitch IMail IMonitor status.cgi denial of service5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005930.08CVE-2000-0056
6Zyxel NWA-1100-NH Web Interface os command injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.065690.02CVE-2021-4039
7Jedox erpc.php path traversal8.07.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.033680.05CVE-2022-47875
8Jedox rpc.php code injection7.16.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.017130.00CVE-2022-47879
9Jedox Test Connection rpc.php information disclosure5.55.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.004950.00CVE-2022-47880
10Enonic XP session fixiation7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003030.00CVE-2024-23679
11BD Totalys MultiProcessor hard-coded credentials8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2022-40263
12GNU adns config6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010530.06CVE-2008-4100
13Grafana information disclosure5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2019-19499
14NVIDIA Windows GPU Display Driver DLL Loader untrusted search path5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001000.00CVE-2019-5694
15Open-Xchange OX App Suite App Loader cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.05CVE-2023-41708
16Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.004240.02CVE-2011-0643
17NextCloud Mail Mail Metadata permission6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.04CVE-2021-32652
18Mozilla Thunderbird Composition Area code injection5.04.8$25k-$100k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2021-43528
19mySCADA myPRO Email os command injection9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.00CVE-2021-43981

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/be/erpc.phppredictiveMedium
2File/be/rpc.phppredictiveMedium
3File/xxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxxxxxxx.xxxpredictiveHigh
5Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
6Filexxxxxx.xxxpredictiveMedium
7ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!