Guccifer 2.0 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en56
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

FR: France4
US: USA4
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Guccifer 2.01

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined28
WordPress Plugin6
Wireless LAN Software4
Web Server4
Testing Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Monroe Electronics6
Microsoft6
IBM6
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Monroe Electronics R189 One-Net EAS6
Cisco Wireless LAN Controller Software4
IBM Rational Quality Manager4
wsecure Plugin2
QEMU2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1ProFTPD mod_copy File access control7.37.0$0-$5k$0-$5kHighOfficial fixexpected0.940670.00CVE-2015-3306
2LOCKON EC-CUBE path traversal5.35.3$0-$5k$0-$5kNot definedNot defined 0.003200.00CVE-2013-3654
3Monroe Electronics R189 One-Net EAS Default Configuration cryptographic issues9.89.4$0-$5k$0-$5kNot definedOfficial fixpossible0.629380.00CVE-2013-0137
4Choice-wireless WIXFMR-111 ajax.cgi improper authentication9.89.8$0-$5k$0-$5kNot definedNot defined 0.011690.00CVE-2013-4731
5Monroe Electronics R189 One-Net EAS credentials management9.89.8$0-$5k$0-$5kNot definedNot defined 0.011990.00CVE-2013-4732
6Monroe Electronics R189 One-Net EAS access control7.57.2$0-$5k$0-$5kNot definedOfficial fix 0.006380.08CVE-2013-4733
7Linux Kernel xdp_umem.c xdp_umem_reg out-of-bounds write6.56.3$5k-$25k$0-$5kNot definedOfficial fix 0.001330.09CVE-2020-12659
8SAE FW-50 Remote Telemetry Unit path traversal7.27.2$0-$5k$0-$5kNot definedNot defined 0.004720.00CVE-2020-10634
9IBM Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.002270.02CVE-2016-6022
10IBM Rational Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.002270.00CVE-2016-6031
11IBM Rational Quality Manager cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.002270.00CVE-2016-6036
12IBM Curam Social Program Management xml external entity reference7.87.8$5k-$25k$5k-$25kNot definedNot defined 0.004070.02CVE-2016-6111
13Nagios cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.005860.02CVE-2016-6209
14Cisco 2100 Wireless LAN Controller resource management7.57.2$5k-$25k$0-$5kNot definedOfficial fix 0.004270.00CVE-2012-0369
15Cisco Wireless LAN Controller Software resource management7.57.2$5k-$25k$0-$5kNot definedOfficial fix 0.003930.00CVE-2012-0370
16Cisco Wireless LAN Controller Software access control9.89.4$25k-$100k$0-$5kNot definedOfficial fix 0.004840.06CVE-2012-0371
17ninja-forms Plugin cross-site request forgery5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.001920.05CVE-2020-12462
18jQuery html cross site scripting6.25.9$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.026360.05CVE-2020-11022
19Netgear WNR2000v5 stack-based overflow6.46.3$5k-$25k$0-$5kNot definedOfficial fix 0.003340.02CVE-2018-21181
20BigBlueButton information disclosure6.46.1$0-$5k$0-$5kNot definedOfficial fix 0.085950.00CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
195.130.9.198Guccifer 2.012/23/2020verifiedLow
295.130.15.34Guccifer 2.012/23/2020verifiedLow
3XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedLow
4XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedLow
5XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedLow
6XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedLow
7XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedLow

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Forms/predictiveLow
2File/see_more_details.phppredictiveHigh
3Fileajax.cgipredictiveMedium
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxxxxxx.xxxpredictiveMedium
6Filexx/xxxxxxx-xxxxxxx.xpredictiveHigh
7Filexxx/xxx/xxx_xxxx.xpredictiveHigh
8Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxxpredictiveHigh
9Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxxpredictiveHigh
10Filexxxxxxx-xxxxxx.xxxpredictiveHigh
11Argumentxxxx/xxxxpredictiveMedium
12ArgumentxxpredictiveLow
13ArgumentxxxpredictiveLow
14ArgumentxxxxxxxpredictiveLow
15Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
16Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!