Gustuff تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

التسلسل الزمني

اللغة

en70

البلد

de68
me2

الفاعلين

Gustuff4
Cobalt Strike2
Stealc1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined26
Web Server10
Operating System4
Application Server Software4
Cloud Software2

المجهز

Not Defined18
Microsoft8
Apache6
IBM4
Oracle4

منتج

Apache HTTP Server6
Microsoft Windows4
Microsoft Azure Stack Edge2
Microsoft Azure Arc-enabled Kubernetes Cluster2
Yii2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1MK-AUTH auth تجاوز الصلاحيات9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00289CVE-2020-14072
2Yii ActiveRecord.php findByCondition حقن إس كيو إل8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00119CVE-2018-7269
3Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
4SolarWinds Dameware Mini Remote Client Agent SmartCard Authentication DWRCS.exe تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.010.01347CVE-2019-3980
5JCK Editor links.php حقن إس كيو إل8.58.3$0-$5k$0-$5kHighNot Defined0.020.81623CVE-2018-17254
6IBM Lotus Domino domcfg.nsf الكشف عن المعلومات5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.030.00000
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
8DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.700.00943CVE-2010-0966
9Cisco ASA Authentication تجاوز الصلاحيات6.46.3$5k-$25k$0-$5kHighOfficial Fix0.030.97429CVE-2018-0296
10Apple watchOS WebKit تجاوز الصلاحيات4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00089CVE-2023-38572
11Phpletter Ajax File/Image Manager تجاوز الصلاحيات7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.96910CVE-2011-4825
12Microsoft Azure Stack Edge تجاوز الصلاحيات10.08.7$100k أو أكثر$25k-$100kUnprovenOfficial Fix0.040.00188CVE-2022-37968
13Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.070.00258CVE-2020-1927
14MK-AUTH Web Login executar_login.php توثيق ضعيف8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00341CVE-2020-14070
15PHP enchant.c enchant_broker_request_dict تلف الذاكرة7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000.18929CVE-2014-9705
16OpenSSL Certificate Chain Verification توثيق ضعيف6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00260CVE-2021-3450
17IBM Aspera Connect DLL تجاوز الصلاحيات7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00299CVE-2020-4545
18GetSimple CMS XML External Entity5.34.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00814CVE-2014-8790
19Microsoft ASP.NET Core Kestrel Web Application تجاوز الصلاحيات8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.02783CVE-2018-0787
20PHP EXIF exif_process_IFD_in_TIFF تلف الذاكرة9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.02863CVE-2019-9641

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
178.46.201.36static.36.201.46.78.clients.your-server.deGustuff29/03/2022verifiedعالي
288.99.170.43static.43.170.99.88.clients.your-server.deGustuff29/03/2022verifiedعالي
3XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx29/03/2022verifiedعالي
4XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx29/03/2022verifiedعالي
5XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx29/03/2022verifiedعالي
6XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx29/03/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/authpredictiveواطئ
2File/uncpath/predictiveمتوسط
3Fileadmin/executar_login.phppredictiveعالي
4Filexxxxxxx/xxxxxxxxxx.xxxpredictiveعالي
5Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveعالي
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
7Filexxxxxx.xxxpredictiveمتوسط
8Filexxxxx.xxxpredictiveمتوسط
9Filexxxxxxx.xpredictiveمتوسط
10Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveعالي
11Filexxx/xxxxxx.xxxpredictiveعالي
12Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveعالي
13Filexxxxxxxxxxxxxxx.xxxpredictiveعالي
14Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
15Filexxxxxx.xxxpredictiveمتوسط
16Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveعالي
17Argument-xpredictiveواطئ
18Argumentxxxxxxxxpredictiveمتوسط
19Argumentxxxxpredictiveواطئ
20Argumentxxxxxxpredictiveواطئ
21Argumentxxxxxxxx_xxxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!