Gafgyt Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (460)

Sprache

en	366
ru	72
de	8
pl	4
es	4

Land

us	250
sc	140
ru	16
li	14
ca	6

Akteure

Mirai	6
Bashlite	4
Cobalt Strike	3
Nanocore RAT	3
Gafgyt	2

Interesse

Typ

Not Defined	128
Content Management System	44
Operating System	22
Web Server	22
Groupware Software	12

Hersteller

Not Defined	126
Microsoft	42
Apache	24
Joomla	20
Siemens	12

Produkt

Joomla CMS	20
Microsoft Windows	18
Apache HTTP Server	18
WordPress	10
Microsoft Exchange Server	8

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	3.69	0.00000
2	Zyxel ARMOR Z1/ARMOR Z2 CGI Program erweiterte Rechte	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00053	CVE-2021-4029
3	Joomla CMS com_actionslogs erweiterte Rechte	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.01685	CVE-2019-12765
4	esoftpro Online Guestbook Pro ogp_show.php SQL Injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.04	0.00135	CVE-2010-4996
5	Microsoft Windows Active Directory Federation Services ls erweiterte Rechte	7.9	7.9	$25k-$100k	$25k-$100k	Not Defined	Not Defined	0.02	0.00481	CVE-2018-16794
6	CKFinder File Name erweiterte Rechte	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00155	CVE-2019-15862
7	Joomla CMS Cache Information Disclosure	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00326	CVE-2017-9933
8	Joomla CMS CSRF Token Cross Site Scripting	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00571	CVE-2017-9934
9	Jetty URI erweiterte Rechte	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.47555	CVE-2021-34429
10	Microsoft Windows SNMP GET Remote Code Execution	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.45448	CVE-1999-0517
11	GitLab Community Edition/Enterprise Edition Password Reset erweiterte Rechte	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.80716	CVE-2023-7028
12	Kyocera MFP Net View Information Disclosure	6.9	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01011	CVE-2022-1026
13	WordPress SQL Injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00467	CVE-2022-21664
14	SAP Knowledge Warehouse KW Cross Site Scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00418	CVE-2021-42063
15	portable SDK for UPnP unique_service_name Pufferüberlauf	10.0	9.5	$0-$5k	$0-$5k	High	Official Fix	0.03	0.97445	CVE-2012-5958
16	Dropbear SSH erweiterte Rechte	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.02911	CVE-2016-7406
17	Joomla CMS mod_latestactions Cross Site Scripting	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00103	CVE-2020-24599
18	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.14	0.00668	CVE-2022-27228
19	Communigate Pro Pronto! Mail Composer Stored Cross Site Scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00165	CVE-2018-18621
20	phpPgAds adclick.php unbekannte Schwachstelle	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.94	0.00317	CVE-2005-3791

Kampagnen (3)

These are the campaigns that can be associated with the actor:

CVE-2014-8361 / CVE-2017-17215 / CVE-2017-18368
Xxx-xxxx-xxxx / Xxx-xxxx-xxxx
Xxxx Xxxxxxx

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	46.249.32.109	reverse.hostingbb.com	Gafgyt	DDoS Ukraine	25.02.2022	verifiziert	High
2	172.245.6.134	172-245-6-134-host.colocrossing.com	Gafgyt		25.02.2022	verifiziert	High
3	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xx.xxx.xx	Xxxxxx	Xxx-xxxx-xxxx / Xxx-xxxx-xxxx	29.08.2021	verifiziert	High
4	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xx.xxx.xx	Xxxxxx	Xxx-xxxx-xxxx / Xxx-xxxx-xxxx	29.08.2021	verifiziert	High
5	XXX.XXX.XXX.XXX		Xxxxxx	Xxx-xxxx-xxxx / Xxx-xxxx-xxxxx / Xxx-xxxx-xxxxx	30.08.2021	verifiziert	High
6	XXX.XXX.XXX.X	xxxxxxxxxxxxxxx.xxxx	Xxxxxx		25.02.2022	verifiziert	High
7	XXX.XXX.XX.XX		Xxxxxx	Xxxx Xxxxxxx	25.02.2022	verifiziert	High
8	XXX.XXX.XXX.XX		Xxxxxx	Xxxx Xxxxxxx	25.02.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-21, CWE-22, CWE-23	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CWE-94	Argument Injection	prädiktiv	High
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
5	T1068	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	prädiktiv	High
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXXX	Xxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx Xxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
10	TXXXX.XXX	CWE-XXXX	Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
13	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
14	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
15	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	prädiktiv	High
16	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	prädiktiv	High
17	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
18	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
19	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
20	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	prädiktiv	High
21	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (129)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/adfs/ls	prädiktiv	Medium
2	File	/admin/sysmon.php	prädiktiv	High
3	File	/api/content/posts/comments	prädiktiv	High
4	File	/cimom	prädiktiv	Low
5	File	/debug/pprof	prädiktiv	Medium
6	File	/forum/away.php	prädiktiv	High
7	File	/Home/GetAttachment	prädiktiv	High
8	File	/LogoStore/search.php	prädiktiv	High
9	File	/MIME/INBOX-MM-1/	prädiktiv	High
10	File	/modules/projects/vw_files.php	prädiktiv	High
11	File	/sm/api/v1/firewall/zone/services	prädiktiv	High
12	File	/usr/bin/pkexec	prädiktiv	High
13	File	/var/run/zabbix	prädiktiv	High
14	File	adclick.php	prädiktiv	Medium
15	File	xxxxx/xxxxxx.xxx	prädiktiv	High
16	File	xxxxxxx.xxx	prädiktiv	Medium
17	File	xxxxxxxxxxxxxxxxxxxxx.xxx	prädiktiv	High
18	File	xxxx-xxxx.x	prädiktiv	Medium
19	File	xxxxxx.xxx	prädiktiv	Medium
20	File	xxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xx	prädiktiv	High
21	File	xxxxxxxxxxxxxxx.xxx	prädiktiv	High
22	File	xxx-xxx/xxxxxxx.xx	prädiktiv	High
23	File	xxx-xxx/xxxx_xxx.xxx	prädiktiv	High
24	File	xxxxxx.x	prädiktiv	Medium
25	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
26	File	xxxx/xxxx	prädiktiv	Medium
27	File	xxxxxx.xxx	prädiktiv	Medium
28	File	xxxxxx_xxx.x	prädiktiv	Medium
29	File	xxxxxxxxxxxxxx.xx	prädiktiv	High
30	File	xxxxxxxx.xxxx	prädiktiv	High
31	File	xxxxxxxxxx.xxxx	prädiktiv	High
32	File	xx/xxxxxxx/xxx.x	prädiktiv	High
33	File	xxx/xx/xxxx/xxxx.xxxxx.xxx	prädiktiv	High
34	File	xxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxx	prädiktiv	High
35	File	xxxxx.xxx	prädiktiv	Medium
36	File	xxxxxxx.xxx	prädiktiv	Medium
37	File	xxxx_xxxxxxx.xxxx	prädiktiv	High
38	File	xxxxxx.x	prädiktiv	Medium
39	File	xxxxxxxx.xxx	prädiktiv	Medium
40	File	xxxxxx_x.xx.x	prädiktiv	High
41	File	xxxxxx.xx	prädiktiv	Medium
42	File	xxxxxxxxxxxx/xxx.x	prädiktiv	High
43	File	xxx_xxxxxxxxx.x	prädiktiv	High
44	File	xxxxxxx.xxx	prädiktiv	Medium
45	File	xxx_xxxx.xxx	prädiktiv	Medium
46	File	xxx_xxxxx_xxxx.x	prädiktiv	High
47	File	xxxxxxxxxxxxxx.xxxxx	prädiktiv	High
48	File	xxx_xxxx.xxx	prädiktiv	Medium
49	File	xxxxxxx.xxx	prädiktiv	Medium
50	File	xxxxxxx/xxxx	prädiktiv	Medium
51	File	xxx/xxxxx.xxxx	prädiktiv	High
52	File	xxxxxxx.xxx	prädiktiv	Medium
53	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	prädiktiv	High
54	File	xxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxx	prädiktiv	High
55	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	prädiktiv	High
56	File	xxxxxxxx.xxx	prädiktiv	Medium
57	File	xxxxxxxx_xxxxxxxxxxxx_xxxxxx.xx	prädiktiv	High
58	File	xxx_xxxxx_xxxxxxxxx.x	prädiktiv	High
59	File	xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx	prädiktiv	High
60	File	xxxxx.xxx	prädiktiv	Medium
61	File	xxx/xxxx.xx	prädiktiv	Medium
62	File	xxxxxxxxxxxxxxx.xxx	prädiktiv	High
63	File	xxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxx	prädiktiv	High
64	File	xxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxx	prädiktiv	High
65	File	xxxx.xxx	prädiktiv	Medium
66	File	xxxxx.xxx	prädiktiv	Medium
67	File	xxx.xxx	prädiktiv	Low
68	File	xxx xxxx xxxxxxx	prädiktiv	High
69	File	xx-xxxxx/xxxxx-xxxxxx.xxx	prädiktiv	High
70	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	prädiktiv	High
71	File	xx-xxxxxxxx/xxxx.xxx	prädiktiv	High
72	File	xxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=x	prädiktiv	High
73	Library	xxx-xx-xxx-xxxx-xxxx-xx-x-x.xxx	prädiktiv	High
74	Library	xxxx.xxx	prädiktiv	Medium
75	Argument	-x	prädiktiv	Low
76	Argument	xxxxxx	prädiktiv	Low
77	Argument	xxxxxxxxxxxxxx	prädiktiv	High
78	Argument	xxxxxxx	prädiktiv	Low
79	Argument	xxxxxx	prädiktiv	Low
80	Argument	xxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxx	prädiktiv	High
81	Argument	xxxxxxx	prädiktiv	Low
82	Argument	xxxxxx/xxxxxxx	prädiktiv	High
83	Argument	xxxxxxxx[xxxx_xxx]	prädiktiv	High
84	Argument	xxxxxx	prädiktiv	Low
85	Argument	xxxxxx	prädiktiv	Low
86	Argument	xxxxxxx[xx_xxx_xxxx]	prädiktiv	High
87	Argument	xxxx	prädiktiv	Low
88	Argument	xxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxx	prädiktiv	High
89	Argument	xx	prädiktiv	Low
90	Argument	xxxxxxxxxxx	prädiktiv	Medium
91	Argument	xxxxxxx_xxxx	prädiktiv	Medium
92	Argument	xxxx	prädiktiv	Low
93	Argument	xxxxx	prädiktiv	Low
94	Argument	xxxxxxxx	prädiktiv	Medium
95	Argument	xxxxxxxxxx	prädiktiv	Medium
96	Argument	xxxx_xxx_xxxxxxxx_xxx	prädiktiv	High
97	Argument	xxxxxxxxxxxxxxxx	prädiktiv	High
98	Argument	xxxxxxx	prädiktiv	Low
99	Argument	xxxxxxxx	prädiktiv	Medium
100	Argument	xxxxxxxx	prädiktiv	Medium
101	Argument	xxxxxxxx	prädiktiv	Medium
102	Argument	xxxx_xx	prädiktiv	Low
103	Argument	xx	prädiktiv	Low
104	Argument	xxxxx	prädiktiv	Low
105	Argument	xxxxx/xxxxxxxx	prädiktiv	High
106	Argument	xxxxx	prädiktiv	Low
107	Argument	xxxxxx	prädiktiv	Low
108	Argument	xxxxxx_xxxxxx	prädiktiv	High
109	Argument	xxxxxx_xxxxxx	prädiktiv	High
110	Argument	xxxxx_xxxxxx_xxxxxxxx	prädiktiv	High
111	Argument	xxx	prädiktiv	Low
112	Argument	xx_xxx_xxxxx	prädiktiv	Medium
113	Argument	xxxxxxxxxxx	prädiktiv	Medium
114	Argument	xxx	prädiktiv	Low
115	Argument	xxxxxxxx/xxxx	prädiktiv	High
116	Argument	xxxxx	prädiktiv	Low
117	Input Value	../	prädiktiv	Low
118	Input Value	x!x@x#x$x%x	prädiktiv	Medium
119	Input Value	xxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=	prädiktiv	High
120	Input Value	\x	prädiktiv	Low
121	Pattern	xxxxxxx-xxxx\|xx\|	prädiktiv	High
122	Pattern	\|xx\|xx\|xx\|	prädiktiv	Medium
123	Pattern	\|xx xx xx xx\|	prädiktiv	High
124	Network Port	xxxx/xxxx	prädiktiv	Medium
125	Network Port	xxx/xx (xxxx)	prädiktiv	High
126	Network Port	xxx/xx	prädiktiv	Low
127	Network Port	xxx/xxx	prädiktiv	Low
128	Network Port	xxx/xxxx	prädiktiv	Medium
129	Network Port	xxx/xxxx	prädiktiv	Medium

Referenzen (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!