Curious Gorge Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (133)

Zeitverlauf

Sprache

en76
zh52
ru4
pl2

Land

cn98
us18
ru8
ca8
pl2

Akteure

Curious Gorge5
Cobalt Strike2
BadBazaar2
pupy1
Sliver1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined52
Firewall Software8
Application Server Software6
Office Suite Software4
Cloud Software4

Hersteller

Not Defined36
Microsoft6
SourceCodester4
Oracle4
Apache4

Produkt

Apache Tomcat4
Mozilla Firefox4
Mozilla Firefox ESR4
Mozilla Thunderbird4
SourceCodester Online Computer and Laptop Store2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Ignite Realtime Openfire Administration Console schwache Authentisierung7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.97384CVE-2023-32315
2Apple Mac OS X TCP Timestamp Information Disclosure5.35.1$5k-$25kWird berechnetNot DefinedOfficial Fix0.050.00342CVE-2003-0882
3Plesk Obsidian Reflected Cross Site Scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00151CVE-2020-11583
4OpenVPN Access Server Web Portal schwache Verschlüsselung5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00151CVE-2022-33738
5Essential Addons for Elementor Plugin erweiterte Rechte8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.020.03267CVE-2023-32243
6Matomo safemode.twig Path Information Disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2019-12215
7Foxit Reader absPageSpan erweiterte Rechte7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01361CVE-2018-9938
8Foxit Reader addField Pufferüberlauf7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.02238CVE-2018-1178
9Atlassian JIRA Server/Data Center QueryComponent!Default.jspa Information Disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00628CVE-2020-14179
10Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.040.00043CVE-2023-36036
11Freemius SDK Plugin fs_request_get Cross Site Scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00000CVE-2023-33999
12ZFile 1 erweiterte Rechte7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00252CVE-2022-40050
13Hytec Inter HWL-2511-SS Command Line Interface erweiterte Rechte9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00108CVE-2022-36554
14Cortex Alertmanager Config erweiterte Rechte5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00082CVE-2022-23536
15Jitsi Meet schwache Authentisierung8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00196CVE-2020-11878
16Fortinet FortiOS CLI Command Directory Traversal6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000.06752CVE-2022-41328
17Weaver E-Office File Upload utility_all.php erweiterte Rechte7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00064CVE-2023-2647
18Rocket.Chat 2FA schwache Authentisierung7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00091CVE-2023-28316
19SourceCodester Lost and Found Information System erweiterte Rechte7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00067CVE-2023-2670
20SourceCodester Online Computer and Laptop Store Master.php SQL Injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00077CVE-2023-2661

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
15.188.108.119t200514-1.comCurious Gorge30.03.2022verifiziertHigh
2XX.XXX.XX.XXXXxxxxxx Xxxxx30.03.2022verifiziertHigh
3XX.XXX.XXX.XXXxxxxxx Xxxxx30.03.2022verifiziertHigh
4XXX.XX.XXX.XXXxxxxxx Xxxxx30.03.2022verifiziertHigh
5XXX.XXX.XX.XXXXxxxxxx Xxxxx30.03.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-21, CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/cgi-bin/supervisor/PwdGrp.cgiprädiktivHigh
2File/classes/Master.phpprädiktivHigh
3File/classes/Master.php?f=delete_serviceprädiktivHigh
4File/etc/postfix/sender_loginprädiktivHigh
5File/file/upload/1prädiktivHigh
6File/filemanager/ajax_calls.phpprädiktivHigh
7File/Items/*/RemoteImages/DownloadprädiktivHigh
8File/restapi/v1/certificates/FFM-SSLInspectprädiktivHigh
9File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxprädiktivHigh
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/prädiktivHigh
11File/xxxxxxx/xxx/xxxxxxx_xxx.xxxprädiktivHigh
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxprädiktivHigh
13Filexxxxxxx.xxxprädiktivMedium
14Filexxxxxxxxx.xxxprädiktivHigh
15Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxprädiktivHigh
16Filexxxx_xxxxx.xxxprädiktivHigh
17Filexxxxxxx.xxxprädiktivMedium
18Filexxxxxxx.xxxxprädiktivMedium
19Filexxxxxx.xxxprädiktivMedium
20Filexxx-xxx/xxxxx_xxx_xxxprädiktivHigh
21Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxprädiktivHigh
22Filexxxxxxx.xxxprädiktivMedium
23Filexxxxxxxxx.xxx.xxxprädiktivHigh
24Filexx_xxx_xx.xprädiktivMedium
25Filexxxxx.xxxprädiktivMedium
26Filexxxxxxx.xxxprädiktivMedium
27Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xprädiktivHigh
28Filexxxxx.xprädiktivLow
29Filexxxxxxxx.xxxprädiktivMedium
30Filexxxxxx.xprädiktivMedium
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxprädiktivHigh
32Filexxxxxxxxx.xxxprädiktivHigh
33Filexxxxxxxx.xxxprädiktivMedium
34Filexxxxxxxxxx_xxxxx.xxxxxxprädiktivHigh
35Filexxxxxx.xxxprädiktivMedium
36Filexxxxxxxxxxxxx.xxxxprädiktivHigh
37Filexxx_xxxxx.xxxprädiktivHigh
38Filexxxx.xxxprädiktivMedium
39Filexxxxxx-xxxxxx.xxprädiktivHigh
40Filexxxxxxxx/prädiktivMedium
41Libraryxxx.xxxprädiktivLow
42Argumentxxx_xxprädiktivLow
43Argumentxxx_xxxxprädiktivMedium
44ArgumentxxxxprädiktivLow
45ArgumentxxxxxxxxprädiktivMedium
46ArgumentxxxxxxprädiktivLow
47ArgumentxxxxxxxxprädiktivMedium
48ArgumentxxprädiktivLow
49ArgumentxxxxxxxprädiktivLow
50ArgumentxxxxxxxxprädiktivMedium
51Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxprädiktivHigh
52ArgumentxxxxprädiktivLow
53ArgumentxxxxprädiktivLow
54ArgumentxxxxxxxxprädiktivMedium
55ArgumentxxxxxxxxxxxxxprädiktivHigh
56Argumentxxx xxxprädiktivLow
57ArgumentxxprädiktivLow
58Argumentxxxx_xxxxxprädiktivMedium
59ArgumentxxxprädiktivLow
60ArgumentxxxxxxxxxxxxprädiktivMedium
61Argumentxxxxxx[]prädiktivMedium
62ArgumentxxxxprädiktivLow
63Input Value\xxx\xxxprädiktivMedium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!