Gootloader Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (138)

Cronología

Idioma

en130
es2
fr2
pl2
it2

País

us26
ru6
de2
fr2
au2

Actores

Gootloader5
Cobalt Strike4
RecordBreaker3
Raccoon3
RedLine Stealer2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined60
Operating System14
Smartphone Operating System8
WordPress Plugin8
Document Reader Software4

Proveedor

Not Defined40
Apple8
Microsoft8
IBM8
Google6

Producto

Microsoft Windows6
Apple iOS4
Apple iPadOS4
Google Android4
HPE iLO 54

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1AXIS 2110 Network Camera getparam.cgi denegación de servicio9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.034610.03CVE-2004-2427
2onnx ONNX_ASSERTM divulgación de información4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-27319
3Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV desbordamiento de búfer5.35.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000430.02CVE-2024-0023
47-card Fakabao alipay_notify.php sql injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.03CVE-2023-7183
5Scott Paterson Easy PayPal Shopping Cart Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-47239
6AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin cross site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-47757
7Guillemant David WP Full Auto Tags Manager Plugin cross site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-34024
8WPML Multilingual CMS Premium Plugin cross site request forgery6.26.1$0-$5k$0-$5kNot DefinedNot Defined0.000630.04CVE-2022-45071
9Os Commerce cross site scripting6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2023-43718
10Dolibarr cross site scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-5323
11WordPress Password Reset wp-login.php mail escalada de privilegios6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.09CVE-2017-8295
12NextGen GalleryView Plugin cross site scripting5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-35098
13HPE iLO 5 Local Privilege Escalation7.37.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.01CVE-2022-28634
14HPE iLO 5 Remote Code Execution8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.06CVE-2022-28633
15BTCPay Server POS Add Products cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2021-29250
16Stripe API v1 Access Restriction tokens autenticación débil7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.002600.02CVE-2018-19249
17ffjpeg JPEG Image jfif.c jfif_decode desbordamiento de búfer4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.00CVE-2020-23852
18ffjpeg jfif.c denegación de servicio5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-35433
19Cisco Catalyst 2960-L/Catalyst CDB-8P 802.1x escalada de privilegios5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.02CVE-2020-3231
20pfSense pkg.php echo Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.02CVE-2022-23993

Campañas (1)

These are the campaigns that can be associated with the actor:

  • Cobalt Strike

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.8.18.7Gootloader2023-09-14verifiedAlto
235.206.117.6464.117.206.35.bc.googleusercontent.comGootloader2022-05-09verifiedMedio
3XX.XXX.XXX.XXXxxxx.x-xxxxxxxx.xxXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verifiedAlto
4XX.XXX.XXX.XXXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verifiedAlto
5XX.XXX.XXX.XXXXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verifiedAlto
6XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verifiedAlto
7XXX.XXX.XXX.XXXxxxxxxxxx2022-01-04verifiedAlto
8XXX.XX.XX.XXXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22Path TraversalpredictiveAlto
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/etc/postfix/sender_loginpredictiveAlto
2File/forms/web_importTFTPpredictiveAlto
3File/goform/openSchedWifipredictiveAlto
4File/src/jfif.cpredictiveMedio
5File/usr/local/www/pkg.phppredictiveAlto
6File/v1/tokenspredictiveMedio
7Fileadmin.phppredictiveMedio
8Filexxxxx/xxxxxxxx.xxxpredictiveAlto
9Filexxxxx/xxxxx.xxxpredictiveAlto
10FilexxxxpredictiveBajo
11Filexxx/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
12Filexxxx/xxxxxx.xpredictiveAlto
13Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
14Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
15Filexxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveAlto
17Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictiveAlto
18Filexxxxxxx.xxxpredictiveMedio
19Filexxxxxx/xxx/xxxx.xpredictiveAlto
20Filexxx/xxxx_xxxx.xpredictiveAlto
21Filexxx/xxxxxxxxxx.xpredictiveAlto
22Filexxxx/xxxxxx.xpredictiveAlto
23Filexxxxx.xxxpredictiveMedio
24FilexxxxxxxpredictiveBajo
25Filexxxxxxxx.xxxpredictiveMedio
26Filexxxxxxxxxxxx.xxxpredictiveAlto
27Filexxxxx/xxxxxxxx.xxx.xxxpredictiveAlto
28Filexxxxxxxxxx.xpredictiveMedio
29Filexxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
30Filexxxxxxx.xxxxpredictiveMedio
31Filexxxxxxx.xxpredictiveMedio
32Filexxxx/xxxxxx_xxxxxx.xxxpredictiveAlto
33Filexxxxxxxxxxxx.xxxpredictiveAlto
34Filexxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxxpredictiveAlto
35Filexx-xxxxx.xxxpredictiveMedio
36Library/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.xpredictiveAlto
37Argument$_xxxxxxx['xxx_xxxxxx']predictiveAlto
38ArgumentxxxxxxpredictiveBajo
39ArgumentxxxpredictiveBajo
40ArgumentxxxxxxxxxxpredictiveMedio
41ArgumentxxxxxxxxpredictiveMedio
42ArgumentxxxxxxxxpredictiveMedio
43ArgumentxxxxpredictiveBajo
44ArgumentxxpredictiveBajo
45Argumentxxx[xxxx_xx]predictiveMedio
46ArgumentxxxxxxpredictiveBajo
47Argumentxxxxxxx_xxxxxx_xxxxx[x]predictiveAlto
48ArgumentxxxxxxpredictiveBajo
49Argumentxxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]predictiveAlto
50Argumentxxx_xxxxx_xxpredictiveMedio
51ArgumentxxxxxxpredictiveBajo
52Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveAlto
53ArgumentxxxxxxxxpredictiveMedio
54ArgumentxxxxxxxpredictiveBajo
55ArgumentxxxxxpredictiveBajo
56Input Value/../predictiveBajo
57Input ValuexxxxxxxxxxpredictiveMedio
58Input Valuex+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)predictiveAlto
59Input Value\xxx../../../../xxx/xxxxxxpredictiveAlto
60Input Value\xxx\xxxpredictiveMedio
61Network Portxxx/xxxxpredictiveMedio

Referencias (5)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!