Gustuff Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Cronología

Idioma

en68
pl2

País

de68
me2

Actores

Gustuff4
Cobalt Strike2
Stealc1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined20
Operating System6
Application Server Software6
Forum Software4
Cloud Software4

Proveedor

Not Defined18
Microsoft8
Apache4
SAP4
IBM4

Producto

Microsoft Windows6
Apache HTTP Server2
SolarWinds Dameware Mini Remote Client Agent2
Oracle GlassFish Server2
Simple Machines Forum2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1MK-AUTH auth escalada de privilegios9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002890.00CVE-2020-14072
2Yii ActiveRecord.php findByCondition sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001190.04CVE-2018-7269
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
4SolarWinds Dameware Mini Remote Client Agent SmartCard Authentication DWRCS.exe escalada de privilegios8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013470.07CVE-2019-3980
5JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.816230.03CVE-2018-17254
6IBM Lotus Domino domcfg.nsf divulgación de información5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000000.02
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
8DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.97CVE-2010-0966
9Cisco ASA Authentication escalada de privilegios6.46.3$5k-$25k$0-$5kHighOfficial Fix0.974080.03CVE-2018-0296
10Apple watchOS WebKit escalada de privilegios4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2023-38572
11Phpletter Ajax File/Image Manager escalada de privilegios7.37.0$0-$5k$0-$5kHighOfficial Fix0.969040.02CVE-2011-4825
12Microsoft Azure Stack Edge escalada de privilegios10.08.7$100k y más$25k-$100kUnprovenOfficial Fix0.001880.00CVE-2022-37968
13Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.09CVE-2020-1927
14MK-AUTH Web Login executar_login.php autenticación débil8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003410.00CVE-2020-14070
15PHP enchant.c enchant_broker_request_dict desbordamiento de búfer7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.189290.00CVE-2014-9705
16OpenSSL Certificate Chain Verification autenticación débil6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002600.03CVE-2021-3450
17IBM Aspera Connect DLL escalada de privilegios7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.002990.00CVE-2020-4545
18GetSimple CMS XML External Entity5.34.9$0-$5k$0-$5kNot DefinedNot Defined0.005750.04CVE-2014-8790
19Microsoft ASP.NET Core Kestrel Web Application escalada de privilegios8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.027830.07CVE-2018-0787
20PHP EXIF exif_process_IFD_in_TIFF desbordamiento de búfer9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.028630.04CVE-2019-9641

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
178.46.201.36static.36.201.46.78.clients.your-server.deGustuff2022-03-29verifiedAlto
288.99.170.43static.43.170.99.88.clients.your-server.deGustuff2022-03-29verifiedAlto
3XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx2022-03-29verifiedAlto
4XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx2022-03-29verifiedAlto
5XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx2022-03-29verifiedAlto
6XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx2022-03-29verifiedAlto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/authpredictiveBajo
2File/uncpath/predictiveMedio
3Fileadmin/executar_login.phppredictiveAlto
4Filexxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
5Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveAlto
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxxx.xxxpredictiveMedio
8Filexxxxx.xxxpredictiveMedio
9Filexxxxxxx.xpredictiveMedio
10Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveAlto
11Filexxx/xxxxxx.xxxpredictiveAlto
12Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
13Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
14Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
15Filexxxxxx.xxxpredictiveMedio
16Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveAlto
17Argument-xpredictiveBajo
18ArgumentxxxxxxxxpredictiveMedio
19ArgumentxxxxpredictiveBajo
20ArgumentxxxxxxpredictiveBajo
21Argumentxxxxxxxx_xxxxxpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!