Guccifer 2.0 Analysis

IOB - Indicator of Behavior (58)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en56
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us8
fr2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Guccifer 2.01

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
WordPress Plugin8
Wireless LAN Software6
Operating System6
Application Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
Cisco6
IBM6
Linux4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Cisco Wireless LAN Controller Software4
Cisco 2100 Wireless LAN Controller2
Symantec My VIP Portal2
wp-social-bookmarking-light Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1ProFTPD mod_copy File access control7.37.0$0-$5k$0-$5kHighOfficial Fix0.050.93768CVE-2015-3306
2LOCKON EC-CUBE path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.01213CVE-2013-3654
3Monroe Electronics R189 One-Net EAS Default Configuration cryptographic issues9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01319CVE-2013-0137
4Choice-wireless WIXFMR-111 ajax.cgi improper authentication9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.010.01055CVE-2013-4731
5Monroe Electronics R189 One-Net EAS credentials management9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.090.01213CVE-2013-4732
6Monroe Electronics R189 One-Net EAS access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01213CVE-2013-4733
7Linux Kernel xdp_umem.c xdp_umem_reg out-of-bounds write6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01282CVE-2020-12659
8SAE FW-50 Remote Telemetry Unit path traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2020-10634
9IBM Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2016-6022
10IBM Rational Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2016-6031
11IBM Rational Quality Manager cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2016-6036
12IBM Curam Social Program Management xml external entity reference7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.080.01055CVE-2016-6111
13Nagios cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2016-6209
14Cisco 2100 Wireless LAN Controller resource management7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2012-0369
15Cisco Wireless LAN Controller Software resource management7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2012-0370
16Cisco Wireless LAN Controller Software access control9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2012-0371
17ninja-forms Plugin cross-site request forgery5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2020-12462
18jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.52164CVE-2020-11022
19Netgear WNR2000v5 stack-based overflow6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2018-21181
20BigBlueButton information disclosure6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.15351CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
195.130.9.198Guccifer 2.0verifiedHigh
295.130.15.34Guccifer 2.0verifiedHigh
3XX.XXX.XX.XXXxxxxxxx X.xverifiedHigh
4XX.XXX.XX.XXXxxxxxxx X.xverifiedHigh
5XX.XXX.XX.XXXxxxxxxx X.xverifiedHigh
6XX.XXX.XX.XXXxxxxxxx X.xverifiedHigh
7XX.XXX.XX.XXXxxxxxxx X.xverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Forms/predictiveLow
2File/see_more_details.phppredictiveHigh
3Fileajax.cgipredictiveMedium
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxxxxxx.xxxpredictiveMedium
6Filexx/xxxxxxx-xxxxxxx.xpredictiveHigh
7Filexxx/xxx/xxx_xxxx.xpredictiveHigh
8Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxxpredictiveHigh
9Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxxpredictiveHigh
10Filexxxxxxx-xxxxxx.xxxpredictiveHigh
11Argumentxxxx/xxxxpredictiveMedium
12ArgumentxxpredictiveLow
13ArgumentxxxpredictiveLow
14ArgumentxxxxxxxpredictiveLow
15Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
16Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!