GuptiMiner Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (109)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en108
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA16
CN: China8
ES: Spain6
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Kimsuky1
Exploit Kit1
Fodcha1
RedLine Stealer1
PrivateLoader1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined38
Operating System12
Web Server6
Database Software4
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Microsoft12
IBM8
Oracle4
F54

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
F5 BIG-IP4
Microsoft IIS4
FreeBSD2
EasyBlocks IPv62

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2Rarlab WinRar Recovery Volume array index6.36.0$0-$5k$0-$5kNot definedOfficial fix 0.124580.00CVE-2023-40477
3Zh YandexMap sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.014860.00CVE-2018-6604
4Microsoft Windows Network File System Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial fixpossible0.689580.02CVE-2022-26937
5OPC Foundation Local Discovery Server buffer overflow5.35.1$0-$5kCalculatingNot definedOfficial fix 0.005730.00CVE-2021-40142
6Autodesk PDF File type confusion6.36.3$0-$5k$0-$5kNot definedNot defined 0.003200.00CVE-2021-27038
7IBM Datacap Fastdoc Capture Web UI cross site scripting4.44.3$0-$5k$0-$5kNot definedOfficial fix 0.001940.00CVE-2020-4935
8Mozilla Firefox Filename Cache information disclosure3.23.1$0-$5k$0-$5kNot definedOfficial fix 0.004240.00CVE-2021-29960
9Best Quiz, Exam and Survey Plugin Quiz Result Page access control5.55.3$0-$5kCalculatingNot definedOfficial fix 0.001900.00CVE-2021-24368
10ConnectWise Automate Core Agent Inventory Communication sql injection5.04.8$0-$5kCalculatingNot definedOfficial fix 0.005110.00CVE-2021-32582
11Teltonika Firmware Package File unrestricted upload8.88.4$0-$5kCalculatingNot definedOfficial fix 0.004720.00CVE-2020-5772
12Microsoft Visual Studio Code Remote Code Execution6.45.6$5k-$25k$0-$5kUnprovenOfficial fix 0.024060.00CVE-2021-31211
13D-Link DGS-1500 Ax hard-coded credentials8.58.2$5k-$25k$0-$5kNot definedOfficial fix 0.007360.00CVE-2017-15909
14Advanced Order Export for WooCommerce Plugin Admin Panel cross site scripting4.84.7$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.016930.03CVE-2021-24169
15XStream deserialization6.86.5$0-$5k$0-$5kNot definedOfficial fix 0.040990.00CVE-2021-21349
16PostgreSQL Windows Installer access control6.96.6$0-$5k$0-$5kNot definedOfficial fix 0.000650.00CVE-2019-10127
17F5 BIG-IP TMUI privilege escalation8.88.4$25k-$100k$0-$5kNot definedOfficial fix 0.023840.00CVE-2021-22988
18PEEL Shopping Cart change_params.php cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.030510.00CVE-2021-27190
19NetApp OnCommand System Manager Cache privilege escalation5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.001800.00CVE-2020-8587
20SAP 3D Visual Enterprise Viewer dib File out-of-bounds write6.56.5$5k-$25k$5k-$25kNot definedNot defined 0.004790.00CVE-2021-21455

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • GuptiMiner

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.195.101.1a23-195-101-1.deploy.static.akamaitechnologies.comGuptiMiner04/24/2024verifiedVery High
2XXX.XX.XXX.XXXxxxxxxxxx04/24/2024verifiedVery High
3XXX.XXX.XXX.XXXxxxxxxxxxx.xxxXxxxxxxxxx04/24/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/config/getuserpredictiveHigh
2File/dev/ptpXpredictiveMedium
3Fileapp\modules\polygon\controllers\ProblemControllerpredictiveHigh
4Filechecklist-icon.phppredictiveHigh
5Filexxxxx_xx_xxxx_xxxxxxxx.xxxpredictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxxx/xxx.xpredictiveMedium
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
11Filexxxxxxxxxxxx/xxxxxx_xxxxxx.xxxpredictiveHigh
12Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
13Libraryxxxxxxxxxx.xxxpredictiveHigh
14Libraryxxxxx/xxxxxxxx/xxxx/xxxx/xxxx_xxxxxxx.xpredictiveHigh
15Argument-xpredictiveLow
16ArgumentxxxxxxxpredictiveLow
17ArgumentxxxxpredictiveLow
18ArgumentxxpredictiveLow
19ArgumentxxxxpredictiveLow
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23Argumentxxxxxx_xxpredictiveMedium
24ArgumentxxxpredictiveLow
25Argumentxxxxxxxx_xxpredictiveMedium
26Input Value..predictiveLow
27Input Value/../predictiveLow
28Input Valuexxxx://%xxpredictiveMedium
29Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHigh
30Pattern|xx|xx|xx|predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!