Goldfin تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

التسلسل الزمني

اللغة

en66
fr2

البلد

us34
ru10
ir8
se2
cn2

الفاعلين

Patchwork2
Carbanak1
Goldfin1
Silence1
Baldr1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined16
SCADA Software4
Web Server4
E-Commerce Management Software2
Database Administration Software2

المجهز

Not Defined26
Schneider Electric4
Cisco4
Web4Future2
Abraham Williams2

منتج

Web4Future eCommerce2
XenForo2
phpMyAdmin2
WordPress2
Schneider Electric Modicon M2212

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.710.00943CVE-2010-0966
2TYPO3 ImageMagick/GraphicsMagick تجاوز الصلاحيات7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00775CVE-2019-11832
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
4Amazon Echo/Echo Dot/Echo Show/Echo Spot Listening Spying توثيق ضعيف3.83.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00105CVE-2018-11567
5Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01502CVE-2022-23277
6vBulletin moderation.php حقن إس كيو إل7.37.0$0-$5k$0-$5kHighOfficial Fix0.010.00284CVE-2016-6195
7YaBB yabb.pl سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01240CVE-2004-2402
8Oracle MySQL Server InnoDB تجاوز الصلاحيات7.17.0$5k-$25kجاري الحسابNot DefinedOfficial Fix0.000.00156CVE-2018-3064
9Contact Form 7 Plugin تجاوز الصلاحيات6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.040.00161CVE-2023-6449
10Omnisend Email Marketing for WooCommerce Plugin الكشف عن المعلومات5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.040.00087CVE-2023-47244
11PixelYourSite Plugin سكربتات مشتركة2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00051CVE-2023-2584
12TRENDnet TEW-652BRP Web Service cfg_op.ccp تلف الذاكرة7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00097CVE-2023-0618
13TRENDnet TEW-652BRP Web Interface ping.ccp تجاوز الصلاحيات8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.01049CVE-2023-0640
14PHP Cookie تجاوز الصلاحيات5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00130CVE-2022-31629
151C-Bitrix Bitrix24 AD/LDAP ldap_server_edit.php الكشف عن المعلومات4.64.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00104CVE-2022-43959
16Profile Builder Plugin wppb_front_end_password_recovery توثيق ضعيف8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00073CVE-2023-2297
17WordPress Pingback تجاوز الصلاحيات5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00120CVE-2022-3590
18Abraham Williams TwitterOAuth تجاوز الصلاحيات6.56.5$0-$5kجاري الحسابNot DefinedNot Defined0.000.00093CVE-2011-5243
19Hangzhou Xiongmai XMeye P2P Cloud Server توثيق ضعيف6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00080CVE-2018-17919
20Microsoft Exchange Server الكشف عن المعلومات5.85.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00144CVE-2022-24463

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
15.8.88.64Goldfin22/12/2020verifiedعالي
2X.XXX.XX.XXXXxxxxxx22/12/2020verifiedعالي
3XX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxxx22/12/2020verifiedعالي
4XX.XXX.XXX.XXXXxxxxxx22/12/2020verifiedعالي
5XXX.XX.XX.XXXxx.xxxxxxx.xxXxxxxxx22/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/bitrix/admin/ldap_server_edit.phppredictiveعالي
2File/debug/pprofpredictiveمتوسط
3File/redbin/rpwebutilities.exe/textpredictiveعالي
4File/rules/REQUEST-932-APPLICATION-ATTACK-RCE.confpredictiveعالي
5File/xxxxxxx/predictiveمتوسط
6Filexxx_xx.xxxpredictiveمتوسط
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
8Filexxxxxxx/xxx/x_xxx.xpredictiveعالي
9Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveعالي
10Filexxxxxxxxxxxx.xxxpredictiveعالي
11Filexxx/xxxxxx.xxxpredictiveعالي
12Filexxxxx.xxxpredictiveمتوسط
13Filexxxxx.xxxpredictiveمتوسط
14Filexxxx.xxxpredictiveمتوسط
15Filexxxx.xxxpredictiveمتوسط
16Filexxxxx.xxxpredictiveمتوسط
17Filexxxxxxxxx.xxxpredictiveعالي
18Filexxxx.xxpredictiveواطئ
19Argumentxxxxxxxxpredictiveمتوسط
20Argumentxxxxxpredictiveواطئ
21Argumentxxx_xxxx/xxx_xxxxxxxpredictiveعالي
22Argumentxxxpredictiveواطئ
23Argumentxxxxxxpredictiveواطئ
24Argumentxxxxxxxpredictiveواطئ
25Argumentxxxx_xxpredictiveواطئ
26Argumentxxxpredictiveواطئ
27Network Portxxx/xx (xxxxxx)predictiveعالي
28Network Portxxx/xxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!