SparklingGoblin تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

التسلسل الزمني

اللغة

en14
es4
sv2
pl2
ru2

البلد

us12
ru8
nl4

الفاعلين

Meterpreter1
BazarBackdoor1
SparklingGoblin1
Responder1
RedLine Stealer1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined10
Ticket Tracking Software2
SSH Server Software2
Mail Client Software2
Application Server Software2

المجهز

Not Defined8
Qt-cute2
Discuz2
Wired Community Software2
RoundCube2

منتج

Qt-cute QuickTalk guestbook2
Request Tracker2
Discuz UCenter Home2
Wired Community Software WWWThreads2
SSH2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1SSH SSH-1 Protocol تشفير ضعيف7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002580.04CVE-2001-1473
2Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.139590.01CVE-2023-32031
3IBM WebSphere Application Server Sequence تجاوز الصلاحيات9.29.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003990.04CVE-2023-23477
4EmpireCMS AdClass.php حقن إس كيو إل6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.05CVE-2022-28585
5Veritas NetBackup الحرمان من الخدمة6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000810.00CVE-2022-36984
6Geeklog Media Gallery ftpmedia.php تجاوز الصلاحيات7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.131040.02CVE-2007-2706
7Qt-cute QuickTalk guestbook qtg_msg_view.php حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.002690.00CVE-2007-3538
8GitLab Community Edition/Enterprise Edition ipynb File سكربتات مشتركة6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.000890.00CVE-2021-39906
9Microsoft Power BI Report Server Privilege Escalation7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.012370.03CVE-2021-31984
10Laravel Image Upload ValidatesAttributes.php تجاوز الصلاحيات5.55.1$0-$5k$0-$5kNot DefinedOfficial Fix0.012310.02CVE-2021-43617
11Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
12Request Tracker File Upload سكربتات مشتركة5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001070.04CVE-2016-6127
13RoundCube Webmail Password Plugin تجاوز الصلاحيات7.56.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003380.00CVE-2017-8114
14Gallarific PHP Photo Gallery script gallery.php حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001120.04CVE-2011-0519
15SoftEther VPN Server See.sys Kernel تجاوز الصلاحيات6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.02CVE-2019-11868
16Typecho write-post.php سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2017-16230
17D-Link DNS-345 Cookie توثيق ضعيف8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005610.00CVE-2014-7857
18Zoho ManageEngine ServiceDesk Plus FileDownload.jsp اجتياز الدليل5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005560.00CVE-2011-2757
19Wired Community Software WWWThreads register.php حقن إس كيو إل6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.004710.02CVE-2006-1958
20Russcom Network Loginphp register.php سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.006770.02CVE-2006-2160

حملات (1)

These are the campaigns that can be associated with the actor:

  • SideWalk

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
166.42.103.22266.42.103.222.vultrusercontent.comSparklingGoblin05/10/2022verifiedعالي
2XX.XX.XXX.XXxxxx.xxxxxx.xx.x.xxxxx.xxxXxxxxxxxxxxxxxxXxxxxxxx05/03/2022verifiedعالي
3XXX.XX.XX.XXXXxxxxxxxxxxxxxxXxxxxxxx05/03/2022verifiedعالي
4XXX.XX.X.XXXxxxxxxxxxxxxxx05/10/2022verifiedعالي
5XXX.XX.XX.XXXxxxx-xxxxxxxxxx.xxxxxxx.xxXxxxxxxxxxxxxxxXxxxxxxx05/03/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1CAPEC-10CWE-20, CWE-73, CWE-287, CWE-404Unknown Vulnerabilitypredictiveعالي
2T1006CAPEC-126CWE-22Path Traversalpredictiveعالي
3TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx Xxxxxxxxxpredictiveعالي
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCAPEC-0CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
7TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictiveعالي
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1FileAdClass.phppredictiveمتوسط
2Fileadmin/write-post.phppredictiveعالي
3FileFileDownload.jsppredictiveعالي
4Filexxxxxxx.xxxpredictiveمتوسط
5Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
6Filexxxxx/xxxxxxxx.xxxpredictiveعالي
7Filexxx_xxx_xxxx.xxxpredictiveعالي
8Filexxxxxxxx.xxxpredictiveمتوسط
9Filexxxx.xxxpredictiveمتوسط
10Filexxxx-xxxxxxxx.xxxpredictiveعالي
11Libraryxxx.xxxpredictiveواطئ
12Argumentxxxpredictiveواطئ
13Argumentxxxxxxxxpredictiveمتوسط
14Argumentxxpredictiveواطئ
15Argumentxxxxxxxxpredictiveمتوسط
16Argumentxxxxxxpredictiveواطئ
17Argumentxxxxxpredictiveواطئ
18Argument_xx_xxxx[xxxx_xxxx]predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!