SparklingGoblin Analysis

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	14
de	2

Country

us	8
nl	4
ru	2
cn	2

Actors

Backdoor	2
RedLine	1
Raccoon Stealer	1
SparklingGoblin	1

Activities

Interest

Timeline

Type

Not Defined	10
Reporting Software	2
Web Server	2
Mail Client Software	2

Vendor

Not Defined	4
D-Link	2
Microsoft	2
Russcom Network	2
Discuz	2

Product

D-Link DNS-320B	2
D-Link DNS-320L	2
D-Link DNS-322L	2
D-Link DNS-325	2
D-Link DNR-326	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	GitLab Community Edition/Enterprise Edition ipynb File cross site scripting	6.1	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00954	CVE-2021-39906
2	Microsoft Power BI Report Server Privilege Escalation	7.0	6.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.01	0.01728	CVE-2021-31984
3	Laravel Image Upload ValidatesAttributes.php unrestricted upload	5.5	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.29468	CVE-2021-43617
4	Apache HTTP Server mod_rewrite redirect	6.7	6.7	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.08	0.07767	CVE-2020-1927
5	Request Tracker File Upload cross site scripting	5.2	4.9	$0-$5k	Calculating	Not Defined	Official Fix	0.07	0.01136	CVE-2016-6127
6	RoundCube Webmail Password Plugin access control	7.5	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00950	CVE-2017-8114
7	Gallarific PHP Photo Gallery script gallery.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00986	CVE-2011-0519
8	SoftEther VPN Server See.sys Kernel 7pk security	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00890	CVE-2019-11868
9	Typecho write-post.php cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.00885	CVE-2017-16230
10	D-Link DNS-345 Cookie improper authentication	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.01213	CVE-2014-7857
11	Zoho ManageEngine ServiceDesk Plus FileDownload.jsp path traversal	5.3	5.0	$0-$5k	Calculating	Proof-of-Concept	Not Defined	0.04	0.01055	CVE-2011-2757
12	Wired Community Software WWWThreads register.php sql injection	6.5	6.2	$0-$5k	Calculating	Proof-of-Concept	Unavailable	0.06	0.01319	CVE-2006-1958
13	Russcom Network Loginphp register.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00	0.01213	CVE-2006-2160
14	Discuz UCenter Home shop.php sql injection	7.3	7.1	$0-$5k	Calculating	High	Unavailable	0.06	0.00986	CVE-2010-4912
15	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.36	0.01136	CVE-2006-6168

Campaigns (1)

These are the campaigns that can be associated with the actor:

SideWalk

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Type	Confidence
1	66.42.103.222	66.42.103.222.vultrusercontent.com	SparklingGoblin		verified	High
2	XX.XX.XXX.XX	xxxx.xxxxxx.xx.x.xxxxx.xxx	Xxxxxxxxxxxxxxx	Xxxxxxxx	verified	High
3	XXX.XX.XX.XXX		Xxxxxxxxxxxxxxx	Xxxxxxxx	verified	High
4	XXX.XX.X.XX		Xxxxxxxxxxxxxxx		verified	High
5	XXX.XX.XX.XXX	xxxx-xxxxxxxxxx.xxxxxxx.xx	Xxxxxxxxxxxxxxx	Xxxxxxxx	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
5	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	admin/write-post.php	predictive	High
2	File	FileDownload.jsp	predictive	High
3	File	gallery.php	predictive	Medium
4	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx	predictive	High
5	File	xxxxxxxx.xxx	predictive	Medium
6	File	xxxx.xxx	predictive	Medium
7	File	xxxx-xxxxxxxx.xxx	predictive	High
8	Library	xxx.xxx	predictive	Low
9	Argument	xxx	predictive	Low
10	Argument	xxxxxxxx	predictive	Medium
11	Argument	xx	predictive	Low
12	Argument	xxxxxxxx	predictive	Medium
13	Argument	xxxxxx	predictive	Low
14	Argument	xxxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!