Guccifer 2.0 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Zeitverlauf

Sprache

en54
fr4

Land

us8
ru4
fr2

Akteure

Guccifer 2.01

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined30
WordPress Plugin8
E-Commerce Management Software4
Operating System4
Wireless LAN Software2

Hersteller

Not Defined26
Monroe Electronics6
IBM4
Linux4
Western2

Produkt

Monroe Electronics R189 One-Net EAS6
Linux Kernel4
BigBlueButton2
Western Bridge Cobub Razor2
facebook-for-woocommerce Plugin2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1ProFTPD mod_copy File erweiterte Rechte7.37.0$0-$5k$0-$5kHighOfficial Fix0.050.97188CVE-2015-3306
2LOCKON EC-CUBE Directory Traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00267CVE-2013-3654
3Monroe Electronics R189 One-Net EAS Default Configuration schwache Verschlüsselung9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00726CVE-2013-0137
4Choice-wireless WIXFMR-111 ajax.cgi schwache Authentisierung9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00519CVE-2013-4731
5Monroe Electronics R189 One-Net EAS erweiterte Rechte9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00560CVE-2013-4732
6Monroe Electronics R189 One-Net EAS erweiterte Rechte7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00306CVE-2013-4733
7Linux Kernel xdp_umem.c xdp_umem_reg Pufferüberlauf6.56.3$5k-$25kWird berechnetNot DefinedOfficial Fix0.000.00072CVE-2020-12659
8SAE FW-50 Remote Telemetry Unit Directory Traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00235CVE-2020-10634
9IBM Quality Manager Web UI Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2016-6022
10IBM Rational Quality Manager Web UI Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2016-6031
11IBM Rational Quality Manager Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00049CVE-2016-6036
12IBM Curam Social Program Management XML External Entity7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00194CVE-2016-6111
13Nagios Cross Site Scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00081CVE-2016-6209
14Cisco 2100 Wireless LAN Controller Denial of Service7.57.2$5k-$25kWird berechnetNot DefinedOfficial Fix0.020.00181CVE-2012-0369
15Cisco Wireless LAN Controller Software Denial of Service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00181CVE-2012-0370
16Cisco Wireless LAN Controller Software erweiterte Rechte9.89.4$25k-$100kWird berechnetNot DefinedOfficial Fix0.020.00369CVE-2012-0371
17ninja-forms Plugin Cross Site Request Forgery5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2020-12462
18jQuery html Cross Site Scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.06124CVE-2020-11022
19Netgear WNR2000v5 Pufferüberlauf6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00096CVE-2018-21181
20BigBlueButton Information Disclosure6.46.1$0-$5kWird berechnetNot DefinedOfficial Fix0.000.00189CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
195.130.9.198Guccifer 2.023.12.2020verifiziertHigh
295.130.15.34Guccifer 2.023.12.2020verifiziertHigh
3XX.XXX.XX.XXXxxxxxxx X.x23.12.2020verifiziertHigh
4XX.XXX.XX.XXXxxxxxxx X.x23.12.2020verifiziertHigh
5XX.XXX.XX.XXXxxxxxxx X.x23.12.2020verifiziertHigh
6XX.XXX.XX.XXXxxxxxxx X.x23.12.2020verifiziertHigh
7XX.XXX.XX.XXXxxxxxxx X.x23.12.2020verifiziertHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
3TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/Forms/prädiktivLow
2File/see_more_details.phpprädiktivHigh
3Fileajax.cgiprädiktivMedium
4Filexxxxxxxx.xxxprädiktivMedium
5Filexxxxxxxx.xxxprädiktivMedium
6Filexx/xxxxxxx-xxxxxxx.xprädiktivHigh
7Filexxx/xxx/xxx_xxxx.xprädiktivHigh
8Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxxprädiktivHigh
9Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxxprädiktivHigh
10Filexxxxxxx-xxxxxx.xxxprädiktivHigh
11Argumentxxxx/xxxxprädiktivMedium
12ArgumentxxprädiktivLow
13ArgumentxxxprädiktivLow
14ArgumentxxxxxxxprädiktivLow
15Input Value::$xxxxx_xxxxxxxxxxprädiktivHigh
16Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!