Curious Gorge Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

Chronologie

Langue

en74
zh56
es2
fr2

De campagne

cn102
us16
ru8
ca6
pl2

Acteurs

Curious Gorge5
Cobalt Strike2
BadBazaar2
APT411
pupy1

Activités

Intérêt

Chronologie

Taper

Not Defined48
Operating System10
Firewall Software6
File Transfer Software6
WordPress Plugin4

Fournisseur

Not Defined40
Microsoft8
Fortinet6
Apache4
VMware4

Produit

Microsoft Windows6
VMware Cloud Director4
Foxit Reader4
Cisco RV3404
Fortinet FortiOS4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Ignite Realtime Openfire Administration Console authentification faible7.87.7$0-$5k$0-$5kHighOfficial Fix0.974090.04CVE-2023-32315
2Apple Mac OS X TCP Timestamp divulgation de l'information5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.00CVE-2003-0882
3Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.04CVE-2020-11583
4OpenVPN Access Server Web Portal chiffrement faible5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.05CVE-2022-33738
5Essential Addons for Elementor Plugin elévation de privilèges8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.038930.02CVE-2023-32243
6Matomo safemode.twig Path divulgation de l'information4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-12215
7Oracle Integrated Lights Out Manager (ILOM) Web Remote Code Execution9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006920.00CVE-2015-4821
8Foxit Reader absPageSpan elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.015860.00CVE-2018-9938
9Foxit Reader addField buffer overflow7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.022380.00CVE-2018-1178
10Atlassian JIRA Server/Data Center QueryComponent!Default.jspa divulgation de l'information5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006280.08CVE-2020-14179
11Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.000430.00CVE-2023-36036
12Freemius SDK Plugin fs_request_get cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00CVE-2023-33999
13ZFile 1 elévation de privilèges7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.002830.04CVE-2022-40050
14Hytec Inter HWL-2511-SS Command Line Interface elévation de privilèges9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.001250.04CVE-2022-36554
15Cortex Alertmanager Config elévation de privilèges5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.05CVE-2022-23536
16Jitsi Meet authentification faible8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
17Fortinet FortiOS CLI Command directory traversal6.86.8$0-$5k$0-$5kHighNot Defined0.067520.00CVE-2022-41328
18Weaver E-Office File Upload utility_all.php elévation de privilèges7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.00CVE-2023-2647
19Rocket.Chat 2FA authentification faible7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000910.02CVE-2023-28316
20SourceCodester Lost and Found Information System elévation de privilèges7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.09CVE-2023-2670

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.188.108.119t200514-1.comCurious Gorge30/03/2022verifiedÉlevé
2XX.XXX.XX.XXXXxxxxxx Xxxxx30/03/2022verifiedÉlevé
3XX.XXX.XXX.XXXxxxxxx Xxxxx30/03/2022verifiedÉlevé
4XXX.XX.XXX.XXXxxxxxx Xxxxx30/03/2022verifiedÉlevé
5XXX.XXX.XX.XXXXxxxxxx Xxxxx30/03/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
14TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveÉlevé
2File/classes/Master.phppredictiveÉlevé
3File/classes/Master.php?f=delete_servicepredictiveÉlevé
4File/etc/postfix/sender_loginpredictiveÉlevé
5File/file/upload/1predictiveÉlevé
6File/filemanager/ajax_calls.phppredictiveÉlevé
7File/Items/*/RemoteImages/DownloadpredictiveÉlevé
8File/restapi/v1/certificates/FFM-SSLInspectpredictiveÉlevé
9File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveÉlevé
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveÉlevé
11File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveÉlevé
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
13Filexxxxxxx.xxxpredictiveMoyen
14Filexxxxxxxxx.xxxpredictiveÉlevé
15Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveÉlevé
16Filexxxx_xxxxx.xxxpredictiveÉlevé
17Filexxxxxxx.xxxpredictiveMoyen
18Filexxxxxxx.xxxxpredictiveMoyen
19Filexxxxxx.xxxpredictiveMoyen
20Filexxx-xxx/xxxxx_xxx_xxxpredictiveÉlevé
21Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveÉlevé
22Filexxxxxxx.xxxpredictiveMoyen
23Filexxxxxxxxx.xxx.xxxpredictiveÉlevé
24Filexx_xxx_xx.xpredictiveMoyen
25Filexxxxx.xxxpredictiveMoyen
26Filexxxxxxx.xxxpredictiveMoyen
27Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveÉlevé
28Filexxxxx.xpredictiveFaible
29Filexxxxxxxx.xxxpredictiveMoyen
30Filexxxxxx.xpredictiveMoyen
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
32Filexxxxxxxxx.xxxpredictiveÉlevé
33Filexxxxxxxx.xxxpredictiveMoyen
34Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveÉlevé
35Filexxxxxx.xxxpredictiveMoyen
36Filexxxxxxxxxxxxx.xxxxpredictiveÉlevé
37Filexxx_xxxxx.xxxpredictiveÉlevé
38Filexxxx.xxxpredictiveMoyen
39Filexxxxxx-xxxxxx.xxpredictiveÉlevé
40Filexxxxxxxx/predictiveMoyen
41Libraryxxx.xxxpredictiveFaible
42Argumentxxx_xxpredictiveFaible
43Argumentxxx_xxxxpredictiveMoyen
44ArgumentxxxxpredictiveFaible
45ArgumentxxxxxxxxpredictiveMoyen
46ArgumentxxxxxxpredictiveFaible
47ArgumentxxxxxxxxpredictiveMoyen
48ArgumentxxpredictiveFaible
49ArgumentxxxxxxxpredictiveFaible
50ArgumentxxxxxxxxpredictiveMoyen
51Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveÉlevé
52ArgumentxxxxpredictiveFaible
53ArgumentxxxxpredictiveFaible
54ArgumentxxxxxxxxpredictiveMoyen
55ArgumentxxxxxxxxxxxxxpredictiveÉlevé
56Argumentxxx xxxpredictiveFaible
57ArgumentxxpredictiveFaible
58Argumentxxxx_xxxxxpredictiveMoyen
59ArgumentxxxpredictiveFaible
60ArgumentxxxxxxxxxxxxpredictiveMoyen
61Argumentxxxxxx[]predictiveMoyen
62ArgumentxxxxpredictiveFaible
63Input Value\xxx\xxxpredictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!