Gallmaker Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (251)

Chronologie

Langue

en196
zh44
ru6
pl4
de2

De campagne

la212
us14
cn2

Acteurs

Cobalt Strike11
Ave Maria8
AsyncRAT5
RedLine Stealer4
Remcos4

Activités

Intérêt

Chronologie

Taper

Not Defined106
Content Management System16
Groupware Software10
Programming Language Software8
Operating System8

Fournisseur

Not Defined112
Microsoft14
Apache8
Revive6
Cisco4

Produit

Revive Adserver6
Microsoft Exchange Server6
Moodle6
Apache Airflow4
Adobe ColdFusion4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1TikiWiki tiki-register.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010092.39CVE-2006-6168
2Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.98CVE-2020-15906
3Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.05
5LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
6WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
7ipTIME NAS-I Bulletin Manage elévation de privilèges7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
8request-baskets API Request {name} elévation de privilèges6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
9DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.17CVE-2010-0966
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.05CVE-2007-1287
11nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002415.53CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd elévation de privilèges4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.09CVE-2022-41479
14Basilix Webmail login.php3 elévation de privilèges7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
15JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001690.00CVE-2023-21735
17Alt-N MDaemon Worldclient elévation de privilèges4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
18CouchCMS mysql2i.func.php Path divulgation de l'information3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-29114
20Shenzhen Yunni Technology iLnkP2P UID Generator Random chiffrement faible7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.001760.03CVE-2019-11219

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
194.140.116.124Gallmaker17/12/2020verifiedÉlevé
2XX.XXX.XXX.XXXXxxxxxxxx17/12/2020verifiedÉlevé
3XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxxx17/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22, CWE-24Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (140)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/dl_sendmail.phppredictiveÉlevé
2File/adminPage/conf/reloadpredictiveÉlevé
3File/api/baskets/{name}predictiveÉlevé
4File/api/v2/cli/commandspredictiveÉlevé
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveÉlevé
6File/DXR.axdpredictiveMoyen
7File/forum/away.phppredictiveÉlevé
8File/mfsNotice/pagepredictiveÉlevé
9File/novel/bookSetting/listpredictiveÉlevé
10File/novel/userFeedback/listpredictiveÉlevé
11File/owa/auth/logon.aspxpredictiveÉlevé
12File/spip.phppredictiveMoyen
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveÉlevé
14File/zm/index.phppredictiveÉlevé
15Fileadclick.phppredictiveMoyen
16Fileadmin.cropcanvas.phppredictiveÉlevé
17Filexxxxx.xxxxxxxxx.xxxpredictiveÉlevé
18Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
19Filexxxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
20Filexxxx.xxxpredictiveMoyen
21Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveÉlevé
22Filexxxxxxx.xpredictiveMoyen
23Filexxxx_xxxxxxx.xxxpredictiveÉlevé
24Filexxx-xxx/xxxxxpredictiveÉlevé
25Filexxxxx.xxxpredictiveMoyen
26Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveÉlevé
27Filexxxxx-xxxxxxx.xxxpredictiveÉlevé
28Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
29Filexxxxxxxxxx\xxxx.xxxpredictiveÉlevé
30Filexxxxxxxxxxx.xxxpredictiveÉlevé
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
32Filexx.xxxpredictiveFaible
33Filexxxxxxx/xxx/xxxxxxxx/xxxxxx/xxxxxxx.xpredictiveÉlevé
34Filexxxx-xxxxxx.xxxpredictiveÉlevé
35Filexxxxxxxxxxx.xxxxx.xxxpredictiveÉlevé
36Filexxxx.xxxpredictiveMoyen
37Filexxxxx_xxxx.xxxpredictiveÉlevé
38Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveÉlevé
39Filexxx/xxxxxx.xxxpredictiveÉlevé
40Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveÉlevé
41Filexxxxx.xxxxpredictiveMoyen
42Filexxxxx.xxxpredictiveMoyen
43Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveÉlevé
44Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveÉlevé
45Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveÉlevé
46Filexxxx_xxxxxxx.xxxpredictiveÉlevé
47Filexxxxx.xxxxpredictiveMoyen
48Filexxxxx.xxxpredictiveMoyen
49Filexxxx.xxxxpredictiveMoyen
50Filexxxxxxxxx.xpredictiveMoyen
51Filexx_xxxx.xpredictiveMoyen
52Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveÉlevé
53Filexxxxxxx_xxxx.xxxpredictiveÉlevé
54Filexxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
55Filexxxxxxx.xxxpredictiveMoyen
56Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
57Filexxxxxxxxxx_xxxxxxxxx.xxxpredictiveÉlevé
58Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveÉlevé
59Filexxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx_xxxx.xxpredictiveÉlevé
60Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictiveÉlevé
61Filexxxx_xxxx_xxxxxx.xxxpredictiveÉlevé
62Filexxxxxxx_xxxxxx.xxxpredictiveÉlevé
63Filexxxx_xxxxx.xxxxpredictiveÉlevé
64Filexxxxxxxxxx_xxxx.xxxpredictiveÉlevé
65Filexxx/xxxx/xxxxpredictiveÉlevé
66Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveÉlevé
67Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveÉlevé
68Filexxxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
69Filexxxx_xxxxxx.xxpredictiveÉlevé
70Filexxxx-xxxxx.xxxpredictiveÉlevé
71Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
72Filexxxxxxxxx.xxxpredictiveÉlevé
73Filexxxxxx_xxxxx.xxxpredictiveÉlevé
74Filexxxxxx.xxxpredictiveMoyen
75Filexxxxxxx-xxxxx.xxxpredictiveÉlevé
76Filexxxx_xxxxx.xxxpredictiveÉlevé
77Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveÉlevé
78Filexxxx.xxxpredictiveMoyen
79Filexx-xxxxx-xxxxxx.xxxpredictiveÉlevé
80Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
81Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
82Filexxxx.xxxpredictiveMoyen
83File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveÉlevé
84File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveÉlevé
85Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveÉlevé
86Argumentxxx_xxxpredictiveFaible
87ArgumentxxxxpredictiveFaible
88ArgumentxxxxxxxxxpredictiveMoyen
89ArgumentxxxxxxxxpredictiveMoyen
90Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveÉlevé
91Argumentxxxxx_xxxxpredictiveMoyen
92Argumentxxxx_xxx_xxxxpredictiveÉlevé
93ArgumentxxxxxxxxxxpredictiveMoyen
94ArgumentxxxpredictiveFaible
95ArgumentxxxxxxxxxxxxxxxpredictiveÉlevé
96ArgumentxxxxxxxxxxxxpredictiveMoyen
97ArgumentxxxxpredictiveFaible
98Argumentxxxxxxxxx_xxxxxxpredictiveÉlevé
99ArgumentxxxxxxxxxpredictiveMoyen
100Argumentxx_xxxxxxxpredictiveMoyen
101ArgumentxxxxpredictiveFaible
102ArgumentxxxxxxxxpredictiveMoyen
103ArgumentxxxxxpredictiveFaible
104Argumentxxxxxx_xxxxxpredictiveMoyen
105Argumentxx_xxpredictiveFaible
106Argumentxxxxxxx[xxxxxxx]predictiveÉlevé
107ArgumentxxxxxxxpredictiveFaible
108ArgumentxxxxxxpredictiveFaible
109ArgumentxxxxxpredictiveFaible
110ArgumentxxpredictiveFaible
111ArgumentxxxpredictiveFaible
112ArgumentxxxxpredictiveFaible
113ArgumentxxxxpredictiveFaible
114Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveÉlevé
115ArgumentxxxxxxxxpredictiveMoyen
116Argumentxxxxxx/xxxxx/xxxxpredictiveÉlevé
117ArgumentxxxxxxxpredictiveFaible
118ArgumentxxxxpredictiveFaible
119Argumentxxxxxx_xxxxxxpredictiveÉlevé
120ArgumentxxxpredictiveFaible
121Argumentxxxxxxxx_xxpredictiveMoyen
122Argumentxxxxxx_xxxxxpredictiveMoyen
123ArgumentxxxxxxpredictiveFaible
124Argumentxxxx_xxxxpredictiveMoyen
125ArgumentxxxxpredictiveFaible
126ArgumentxxxxxxpredictiveFaible
127ArgumentxxxxxxxpredictiveFaible
128ArgumentxxxpredictiveFaible
129ArgumentxxxxxpredictiveFaible
130Argumentxxxxx/xxxpredictiveMoyen
131Argumentxxxx_xxpredictiveFaible
132ArgumentxxxpredictiveFaible
133ArgumentxxxxxxxxpredictiveMoyen
134Argumentxxx:xxxxpredictiveMoyen
135Argument_xxx_xxxxxxxxxxx_predictiveÉlevé
136Input Valuexxxxxxxxx' xxx 'x'='xpredictiveÉlevé
137Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
138Pattern|xx xx xx xx|predictiveÉlevé
139Network PortxxxxxpredictiveFaible
140Network Portxxx/xxxxpredictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!