Gaza Cybergang Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Langue

en	36
de	10

De campagne

us	18
gb	12
de	4
ws	4
ru	2

Acteurs

Gaza Cybergang	6
RedLine Stealer	1
Locky	1
Conti	1
pupy	1

Intérêt

Taper

Not Defined	20
Content Management System	4
Spreadsheet Software	2
Firewall Software	2
Forum Software	2

Fournisseur

Not Defined	16
Microsoft	6
Huawei	4
Siemens	2
Banu	2

Produit

WordPress	4
Siemens Polarion	2
Microsoft Excel	2
Huawei ARXXXX	2
Banu Tinyproxy	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	jforum User elévation de privilèges	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.05	CVE-2019-7550
2	Samsung Gallery Lockscreen elévation de privilèges	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.00	CVE-2024-20827
3	IBM Watson CP4D Data Stores dénie de service	6.4	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00056	0.00	CVE-2023-27540
4	IBM Watson Knowledge Catalog on Cloud Pak for Data elévation de privilèges	7.4	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.00	CVE-2023-28958
5	IBM Watson Knowledge Catalog on Cloud Pak for Data Request dénie de service	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2023-28955
6	Joomla Webservice Endpoint elévation de privilèges	5.4	5.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.95214	0.07	CVE-2023-23752
7	Atlassian JIRA Server/Data Center Service Management Addon elévation de privilèges	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00283	0.00	CVE-2021-39128
8	magmi cross site request forgery	8.0	7.6	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.50353	0.02	CVE-2020-5776
9	Microsoft Exchange Server divulgation de l'information	5.4	4.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.96172	0.04	CVE-2021-41349
10	Microsoft IIS Unicode directory traversal	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.93793	0.00	CVE-2000-0884
11	Siemens Polarion Web Page Generator Reflected cross site scripting	3.5	3.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.04	CVE-2019-13934
12	Cisco Unified Communications Manager SOAP API Endpoint elévation de privilèges	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00238	0.00	CVE-2021-1362
13	Lenovo Integrated Management Module 2 Web Administration buffer overflow	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00250	0.00	CVE-2017-3774
14	vsftpd Service Port 6200 elévation de privilèges	8.5	8.4	$25k-$100k	$25k-$100k	Not Defined	Workaround	0.84215	0.05	CVE-2011-2523
15	TP-LINK TD-8840t HTTP Request tools_admin_1 cross site request forgery	4.6	4.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.04
16	Revive Adserver Flash Cross-Domain Policy crossdomain.xml elévation de privilèges	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00749	0.07	CVE-2015-7369
17	Oracle E-Business Suite iRecruitment vulnérabilité inconnue	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00168	0.00	CVE-2010-2408
18	Octopus Deploy Package elévation de privilèges	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.03	CVE-2019-19084
19	Cisco IOS XAUTH IKE Authentication authentification faible	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00517	0.00	CVE-2005-1058
20	Microsoft IIS elévation de privilèges	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Workaround	0.00000	0.00

Campagnes (1)

These are the campaigns that can be associated with the actor:

Electric Powder

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	45.63.97.44	45.63.97.44.vultr.com	Gaza Cybergang		22/12/2020	verified	Moyen
2	82.211.30.186		Gaza Cybergang	Electric Powder	23/12/2020	verified	Élevé
3	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23/12/2020	verified	Élevé
4	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23/12/2020	verified	Élevé
5	XX.XXX.X.XX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23/12/2020	verified	Élevé
6	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23/12/2020	verified	Élevé
7	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23/12/2020	verified	Élevé
8	XX.XXX.XX.XX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23/12/2020	verified	Élevé
9	XXX.XXX.XX.XXX		Xxxx Xxxxxxxxx		22/12/2020	verified	Élevé
10	XXX.XXX.X.XXX	xxxxxxxxxx.xxx	Xxxx Xxxxxxxxx		22/12/2020	verified	Élevé

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	T1059	CWE-94	Argument Injection	predictive	Élevé
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/index.php/newsletter/subscriber/new/	predictive	Élevé
2	File	api_poller.php	predictive	Élevé
3	File	crossdomain.xml	predictive	Élevé
4	File	xxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxx	predictive	Élevé
5	File	xxxxx/xxxxx_xxxxx_x	predictive	Élevé
6	File	xxxxxxx/xxxx_xxxxxxxxxx.xxx	predictive	Élevé
7	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Élevé
8	File	xxxxx.xxx	predictive	Moyen
9	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Élevé
10	Library	x:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxx	predictive	Élevé
11	Library	xxxxxx.xxx	predictive	Moyen
12	Argument	xxx	predictive	Faible
13	Argument	xxxxxxxx.xxxx	predictive	Élevé
14	Argument	xxx	predictive	Faible
15	Argument	xxxx->xxxxxxx	predictive	Élevé
16	Input Value	xx-xxxx://	predictive	Moyen
17	Network Port	xxx/xxxx	predictive	Moyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!