Gootkit Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (254)

Sprache

en	210
sv	14
de	14
ru	6
fr	4

Land

us	144
ru	38
cn	36
gb	10
de	6

Akteure

Gootkit	8
Gozi	7
SharkBot	7
Conti	5
Cobalt Strike	4

Interesse

Typ

Not Defined	72
Content Management System	18
Web Server	16
Application Server Software	8
Connectivity Software	8

Hersteller

Not Defined	72
Microsoft	18
Apache	8
Atlassian	4
Siemens	4

Produkt

Microsoft IIS	6
Apache Tomcat	6
WordPress	6
nginx	6
OpenSSH	6

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	SugarCRM SQL Injection	5.8	5.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00208	CVE-2020-17373
2	SourceCodester Alphaware Simple E-Commerce System SQL Injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00152	CVE-2023-1504
3	nginx erweiterte Rechte	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.09	0.00241	CVE-2020-12440
4	SugarCRM Emails SQL Injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00087	CVE-2019-17319
5	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.57	0.00943	CVE-2010-0966
6	SugarCRM Configurator erweiterte Rechte	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00090	CVE-2019-17306
7	SugarCRM Administration SQL Injection	7.5	7.4	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.07	0.00087	CVE-2019-17298
8	jQuery Property extend Pollution Cross Site Scripting	6.6	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.03625	CVE-2019-11358
9	OpenSSH scp scp.c erweiterte Rechte	6.4	6.4	$25k-$100k	$25k-$100k	Not Defined	Unavailable	0.03	0.00289	CVE-2020-15778
10	jQuery html Cross Site Scripting	5.8	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01900	CVE-2020-11023
11	Microweber controller.php Information Disclosure	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.01002	CVE-2020-13405
12	Naviwebs Navigate CMS File Upload navigate_upload.php erweiterte Rechte	7.1	6.9	$0-$5k	$0-$5k	High	Official Fix	0.03	0.89749	CVE-2018-17553
13	Sunny WebBox Cross Site Request Forgery	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.00150	CVE-2019-13529
14	Microsoft IIS IP/Domain Restriction erweiterte Rechte	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.09	0.00817	CVE-2014-4078
15	AlienVault Open Source Security Information Management radar-iso27001-potential.php SQL Injection	7.3	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00127	CVE-2013-5967
16	WordPress WP_Query class-wp-query.php SQL Injection	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00318	CVE-2017-5611
17	Siemens SIMATIC Drive Controller Service Port 102 Pufferüberlauf	7.3	7.1	$5k-$25k	$5k-$25k	Not Defined	Workaround	0.02	0.00526	CVE-2020-15782
18	Siemens SIMATIC S7-1200 PLC Pufferüberlauf	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02	0.00261	CVE-2013-0700
19	SunHater KCFinder upload.php Cross Site Scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00131	CVE-2019-14315
20	Xerox WorkCentre erweiterte Rechte	7.5	7.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00117	CVE-2018-20767

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	31.214.157.14	dev.neto-svedberg.com	Gootkit	28.04.2022	verifiziert	High
2	31.214.157.162	crm.tuxexpert.com	Gootkit	28.04.2022	verifiziert	High
3	109.230.199.13	sw1-wg.celo.net	Gootkit	28.04.2022	verifiziert	High
4	XXX.XXX.XXX.XXX		Xxxxxxx	28.04.2022	verifiziert	High
5	XXX.XXX.XXX.XXX		Xxxxxxx	28.04.2022	verifiziert	High
6	XXX.XX.XXX.XX		Xxxxxxx	28.04.2022	verifiziert	High
7	XXX.XXX.XXX.XXX	xxxxxxxxxxxxx.xxxxxxxx.xxx	Xxxxxxx	28.04.2022	verifiziert	High
8	XXX.XXX.XXX.XX	xxxxxxxx.xxxx	Xxxxxxx	28.04.2022	verifiziert	High
9	XXX.XXX.XXX.XXX		Xxxxxxx	28.04.2022	verifiziert	High
10	XXX.XXX.XX.XXX		Xxxxxxx	28.04.2022	verifiziert	High
11	XXX.XXX.XX.XX		Xxxxxxx	28.04.2022	verifiziert	High
12	XXX.XX.XXX.XX	xxxx.xxxxxxxxxxx.xxx	Xxxxxxx	28.04.2022	verifiziert	High
13	XXX.XX.XXX.XXX	xxxxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxx	28.04.2022	verifiziert	High
14	XXX.XX.XXX.XX		Xxxxxxx	28.04.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	prädiktiv	High
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
4	T1059	CWE-94	Argument Injection	prädiktiv	High
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
12	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
13	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
15	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
16	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	prädiktiv	High
17	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
18	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	.htaccess	prädiktiv	Medium
2	File	/addnews.html	prädiktiv	High
3	File	/cgi-bin/supervisor/PwdGrp.cgi	prädiktiv	High
4	File	/download	prädiktiv	Medium
5	File	/secure/admin/ImporterFinishedPage.jspa	prädiktiv	High
6	File	/uncpath/	prädiktiv	Medium
7	File	/_error	prädiktiv	Low
8	File	/_next	prädiktiv	Low
9	File	acl.c	prädiktiv	Low
10	File	xxxxx/xxxx.xxx?xxxx=xxxxxx_x&xxxx_xxxx	prädiktiv	High
11	File	xxxx-xxxx.x	prädiktiv	Medium
12	File	xxxx_xxx.xxx	prädiktiv	Medium
13	File	xxxxx.xxx	prädiktiv	Medium
14	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxx	prädiktiv	High
15	File	xxxx/xxxxxx/xxxx/xxxx_xxxxxxxx_xxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx.xxx	prädiktiv	High
16	File	xxxxxxxx.xxx	prädiktiv	Medium
17	File	xxx/xxxxx/xxxxx.x	prädiktiv	High
18	File	xxxxxx_xxxx.xxx	prädiktiv	High
19	File	xx-xxxxxxx/xxxxxxx	prädiktiv	High
20	File	xxxx.xxx	prädiktiv	Medium
21	File	xxx/xxxxxx.xxx	prädiktiv	High
22	File	xxxxx.xxx	prädiktiv	Medium
23	File	xxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxx	prädiktiv	High
24	File	xxx?xxxx.xxx	prädiktiv	Medium
25	File	x_xxxxxxxx_xxxxx	prädiktiv	High
26	File	xxxxx/xxx_xxxxxxxx	prädiktiv	High
27	File	xxxxx/xxxxxxxxx	prädiktiv	High
28	File	xxxxxxxxxxx/xxxxx.x	prädiktiv	High
29	File	xxxx.x	prädiktiv	Low
30	File	xxxx.xxx	prädiktiv	Medium
31	File	xxxxxxxxxxxx.xxxx	prädiktiv	High
32	File	xxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxx	prädiktiv	High
33	File	xxxxxxxx_xxxxxx.xxx	prädiktiv	High
34	File	xxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.x	prädiktiv	High
35	File	xxx_xxxxx.x	prädiktiv	Medium
36	File	xxxxx.xxx	prädiktiv	Medium
37	File	xxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxx	prädiktiv	High
38	File	xxxxxx.x	prädiktiv	Medium
39	File	xxxxxxxxxxxxx.x	prädiktiv	High
40	File	xxxxx-xxxxxxxx-xxxxxxxxx.xxx	prädiktiv	High
41	File	xxx_xxxxx_xxxxxxx.x	prädiktiv	High
42	File	xxxxxx_xxxx.x	prädiktiv	High
43	File	xxx.x	prädiktiv	Low
44	File	xxxx-xxxxxx.x	prädiktiv	High
45	File	xxxxx-xxxx.xxx	prädiktiv	High
46	File	xxxxxx.xxx	prädiktiv	Medium
47	File	xxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxx	prädiktiv	High
48	File	xxxx.xxx	prädiktiv	Medium
49	File	xxxxxx.xxx	prädiktiv	Medium
50	File	xx-xxxxx/xxxxx-xxxxxx.xxx	prädiktiv	High
51	File	xx-xxxxx/xxxxx.xxx	prädiktiv	High
52	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	prädiktiv	High
53	File	xxxxxxx.xxxx	prädiktiv	Medium
54	Argument	$xxxxx_xxxxxxxxxx	prädiktiv	High
55	Argument	xxxxxxxx	prädiktiv	Medium
56	Argument	xxxxxxxxxx	prädiktiv	Medium
57	Argument	xxx	prädiktiv	Low
58	Argument	xxxxxxxxxxxxxxx	prädiktiv	High
59	Argument	xxxx_xxxx	prädiktiv	Medium
60	Argument	xxxxxxxxxxx	prädiktiv	Medium
61	Argument	xxxxx/xxxxxxxx	prädiktiv	High
62	Argument	xxx_xxxxx_xxxx_xxxxxxx	prädiktiv	High
63	Argument	xx	prädiktiv	Low
64	Argument	x_xxxxxxxx	prädiktiv	Medium
65	Argument	xxxx_xxxx	prädiktiv	Medium
66	Argument	xxxxxxxx	prädiktiv	Medium
67	Argument	xxxxxxx	prädiktiv	Low
68	Argument	xxxx	prädiktiv	Low
69	Argument	xxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxx	prädiktiv	High
70	Argument	xxxxx	prädiktiv	Low
71	Argument	xxxx-xxxxx/xxxxxxx	prädiktiv	High
72	Argument	xxxx/xx/xxxx	prädiktiv	Medium
73	Argument	xxxxx	prädiktiv	Low
74	Input Value	xxx?xxxx.xxx	prädiktiv	Medium
75	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	prädiktiv	High
76	Network Port	xxx/xx	prädiktiv	Low

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!