Gozi Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Chronologie

Langue

en108
ru10
zh4
jp4
pl2

De campagne

us56
ru34
cn10
me8
gb4

Acteurs

Gozi4
Cobalt Strike3
RedLine Stealer3
TrickBot2
FIN72

Activités

Intérêt

Chronologie

Taper

Not Defined38
Content Management System8
Router Operating System6
Mail Client Software6
Firewall Software6

Fournisseur

Not Defined46
SourceCodester6
Apache6
DrayTek4
Microsoft4

Produit

Apache HTTP Server4
Weblate4
DrayTek Vigor2
DrayTek Vigor39102
Roundcube webmail2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.25CVE-2009-4935
2Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.34
3HP Router/Switch SNMP divulgation de l'information3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002850.04CVE-2012-3268
4Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.02CVE-2009-2441
5Apache Struts ExceptionDelegator elévation de privilèges8.88.4$5k-$25k$0-$5kHighOfficial Fix0.293160.02CVE-2012-0391
6Schneider Electric Vijeo Designer directory traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.00CVE-2021-22704
7Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.66CVE-2020-15906
8MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.18CVE-2007-0354
9Hscripts PHP File Browser Script index.php directory traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2018-16549
10Microsoft IIS IP/Domain Restriction elévation de privilèges6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.46CVE-2014-4078
11Microsoft Windows Win32k Privilege Escalation8.37.7$100k et plus$0-$5kFunctionalOfficial Fix0.001480.00CVE-2021-40449
12Sphinx authentification faible7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.010380.03CVE-2019-14511
13Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
14Adtran SR400ac Ping Command elévation de privilèges8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04CVE-2023-38120
15DrayTek Vigor/Vigor3910 wlogin.cgi buffer overflow9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.03CVE-2022-32548
16DrayTek Vigor 2960 Web Management Interface mainfunction.cgi elévation de privilèges7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.08CVE-2023-1162
17SonicWALL SonicOS buffer overflow7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002170.02CVE-2023-0656
18SonicWALL Analytics On-Prem sql injection9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001420.06CVE-2022-22280
19SonicWall SMA100/SMA 200/SMA 210/SMA 400/SMA 410/SMA 500v MFA authentification faible8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2023-5970
20Draytek Vigor Router/Access Point/Myvigor chiffrement faible7.27.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.04CVE-2023-33778

IOC - Indicator of Compromise (192)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.42.199.57Gozi03/08/2022verifiedÉlevé
25.61.37.91Gozi05/01/2024verifiedÉlevé
323.227.202.6423-227-202-64.static.hvvc.usGozi07/07/2022verifiedÉlevé
431.41.44.60free.cishost.ruGozi15/12/2022verifiedÉlevé
531.41.44.63free.cishost.ruGozi15/12/2022verifiedÉlevé
631.41.44.112free.cishost.ruGozi10/01/2023verifiedÉlevé
731.41.44.124free.cishost.ruGozi10/01/2023verifiedÉlevé
831.41.44.125free.cishost.ruGozi10/01/2023verifiedÉlevé
931.41.46.120free.cishost.ruGozi15/12/2022verifiedÉlevé
1031.41.46.132free.cishost.ruGozi15/12/2022verifiedÉlevé
1131.148.99.142Gozi16/03/2021verifiedÉlevé
1231.148.99.193Gozi16/03/2021verifiedÉlevé
1331.207.46.12Gozi30/11/2022verifiedÉlevé
1431.214.157.11hardware-optimal.deGozi17/10/2023verifiedÉlevé
1531.214.157.31vm12150.ruGozi27/09/2023verifiedÉlevé
1631.214.157.160elijah-nascent.specbowel.netGozi27/09/2023verifiedÉlevé
1731.214.157.235kuhit.rdfew.comGozi07/06/2022verifiedÉlevé
1835.205.61.6767.61.205.35.bc.googleusercontent.comGozi27/12/2023verifiedMoyen
1937.10.71.114Gozi27/09/2023verifiedÉlevé
2037.10.71.221smtp1.cloudmailsys.comGozi07/06/2022verifiedÉlevé
2137.120.206.71Gozi03/08/2022verifiedÉlevé
2237.120.206.84Gozi03/08/2022verifiedÉlevé
2337.120.206.91Gozi03/08/2022verifiedÉlevé
2437.120.206.95Gozi03/08/2022verifiedÉlevé
2537.120.222.23Gozi15/12/2022verifiedÉlevé
2637.120.222.161vlan119.as13.fra4.de.m247.comGozi22/06/2021verifiedÉlevé
2737.120.222.163Gozi22/06/2021verifiedÉlevé
2837.120.222.189Gozi22/06/2021verifiedÉlevé
2945.11.180.110Gozi27/09/2023verifiedÉlevé
3045.11.180.140boab-exchange.stuffbent.netGozi27/09/2023verifiedÉlevé
3145.11.180.178pleased-process.eitherbar.comGozi27/09/2023verifiedÉlevé
3245.11.181.28sourengine.comGozi27/09/2023verifiedÉlevé
3345.11.181.117Gozi27/09/2023verifiedÉlevé
3445.11.181.122Gozi27/09/2023verifiedÉlevé
3545.11.182.38Gozi18/07/2023verifiedÉlevé
3645.11.182.97Gozi15/12/2022verifiedÉlevé
3745.11.183.24Gozi27/09/2023verifiedÉlevé
3845.15.157.23902.aeza.networkGozi09/06/2023verifiedÉlevé
3945.90.58.179ipsec-an-pro-ch-20210909.comGozi06/07/2021verifiedÉlevé
40XX.XX.XXX.XXXxxx17/10/2023verifiedÉlevé
41XX.XXX.XXX.XXXxxx27/12/2023verifiedÉlevé
42XX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
43XX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
44XX.XXX.XXX.XXXxxx18/07/2023verifiedÉlevé
45XX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
46XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
47XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
48XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
49XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
50XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
51XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
52XX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
53XX.XXX.XXX.XXXxxx18/07/2023verifiedÉlevé
54XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
55XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
56XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
57XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
58XX.X.XXX.XXxxxxxx.xxxxxxxxx.xxXxxx10/01/2023verifiedÉlevé
59XX.XX.XX.XXXXxxx05/01/2024verifiedÉlevé
60XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxx.xxxxxxxx.xxxXxxx29/06/2022verifiedÉlevé
61XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxx.xxxxxxxx.xxxXxxx29/06/2022verifiedÉlevé
62XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxx.xxxxxxxx.xxxXxxx14/07/2022verifiedÉlevé
63XX.XX.XX.XXxx-xx-xx-xx.xxxxxxxxx.xxx.xxxxxXxxx28/04/2022verifiedÉlevé
64XX.XXX.XXX.XXxxx.xxxxxxx.xxxXxxx27/12/2023verifiedÉlevé
65XX.XXX.XXX.XXXxxxxx.xxxx.xxxxxxx.xxxXxxx10/01/2023verifiedÉlevé
66XX.XXX.XXX.Xxxxxxxxxx.xxxXxxx10/01/2023verifiedÉlevé
67XX.XXX.XXX.XXXxxxxxxxxx.xxxxx.xxxxxxx.xxxXxxx10/01/2023verifiedÉlevé
68XX.XXX.XXX.XXXxxx27/12/2023verifiedÉlevé
69XX.XXX.XXX.XXXXxxx15/12/2022verifiedÉlevé
70XX.XX.XX.XXXXxxx27/09/2023verifiedÉlevé
71XX.XX.XX.XXXXxxx27/09/2023verifiedÉlevé
72XX.XXX.X.XXXXxxx27/09/2023verifiedÉlevé
73XX.XXX.XXX.Xxx.xxxx.xxxxxxxXxxx09/06/2023verifiedÉlevé
74XX.XXX.XX.XXXxxx07/07/2022verifiedÉlevé
75XX.XXX.XX.XXXXxxx07/07/2022verifiedÉlevé
76XX.XXX.XX.XXXXxxx14/07/2022verifiedÉlevé
77XX.XXX.XX.XXXXxxx07/07/2022verifiedÉlevé
78XX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
79XX.XXX.XXX.XXXXxxx15/12/2022verifiedÉlevé
80XX.XXX.XXX.XXXXxxx15/12/2022verifiedÉlevé
81XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
82XX.XXX.XXX.XXXXxxx15/12/2022verifiedÉlevé
83XX.XXX.XXX.XXXXxxx15/12/2022verifiedÉlevé
84XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
85XX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
86XX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
87XX.XXX.XXX.XXXXxxx18/07/2023verifiedÉlevé
88XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
89XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
90XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
91XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
92XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
93XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
94XX.XX.XX.XXXXxxx27/09/2023verifiedÉlevé
95XX.XXX.X.XXxxxx_xxx.xx-xxx.xxxxXxxx17/10/2023verifiedÉlevé
96XX.XXX.XX.XXXXxxx27/12/2023verifiedÉlevé
97XX.XX.XX.XXXxxx20/09/2022verifiedÉlevé
98XX.XX.XXX.Xxxxxxxxxxxx.xxxxxxx.xxxXxxx27/09/2023verifiedÉlevé
99XX.XX.X.XXXXxxx20/09/2022verifiedÉlevé
100XX.XXX.XX.XXxx-xxx-xx-xx.xxxxxxxx.xxxxxxxxxxxx.xxXxxx27/12/2023verifiedÉlevé
101XX.XXX.XXX.XXXXxxx10/01/2023verifiedÉlevé
102XX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxx.xxxXxxx10/01/2023verifiedÉlevé
103XX.XXX.XXX.XXXxxx17/10/2023verifiedÉlevé
104XX.XXX.XXX.XXxxxx.xxxx-xxxxxxxx-xxxxxxx.xxxXxxx17/10/2023verifiedÉlevé
105XX.XXX.XX.XXXxxx15/12/2022verifiedÉlevé
106XX.XXX.XX.XXXXxxx27/09/2023verifiedÉlevé
107XX.XXX.XX.XXXXxxx15/12/2022verifiedÉlevé
108XX.XXX.XX.XXXXxxx05/01/2024verifiedÉlevé
109XX.XXX.XXX.XXXxxx15/12/2022verifiedÉlevé
110XX.XXX.XXX.XXXXxxx27/10/2023verifiedÉlevé
111XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
112XX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
113XX.XX.XXX.XXXxxxxxxxxxxxx.xxXxxx27/09/2023verifiedÉlevé
114XX.XXX.XX.XXXxxxx.xxXxxx02/04/2021verifiedÉlevé
115XX.XXX.XXX.XXXxxx28/04/2022verifiedÉlevé
116XX.XXX.XXX.XXXxxx28/04/2022verifiedÉlevé
117XX.XXX.XXX.XXxxx28/04/2022verifiedÉlevé
118XX.XXX.XX.XXXxxx20/07/2022verifiedÉlevé
119XX.XXX.XX.XXXxxx20/07/2022verifiedÉlevé
120XX.XXX.XX.XXXxxx20/07/2022verifiedÉlevé
121XX.XXX.XX.XXXxxx27/12/2023verifiedÉlevé
122XX.XXX.XX.XXXxxx27/09/2023verifiedÉlevé
123XX.XXX.XX.XXXxxx27/09/2023verifiedÉlevé
124XX.XXX.XX.XXXXxxx27/10/2023verifiedÉlevé
125XX.XXX.XX.XXXXxxx27/09/2023verifiedÉlevé
126XX.XXX.XX.XXXXxxx27/09/2023verifiedÉlevé
127XX.XXX.XX.XXXXxxx27/10/2023verifiedÉlevé
128XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxx17/10/2023verifiedÉlevé
129XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxx16/03/2021verifiedÉlevé
130XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxx15/12/2022verifiedÉlevé
131XXX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
132XXX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
133XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxxx27/12/2023verifiedÉlevé
134XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxx05/01/2024verifiedÉlevé
135XXX.XX.XXX.XXXXxxx27/12/2023verifiedÉlevé
136XXX.XX.XX.XXXxxx17/10/2023verifiedÉlevé
137XXX.XXX.XX.XXXxxx27/10/2023verifiedÉlevé
138XXX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
139XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxx28/04/2022verifiedÉlevé
140XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx15/12/2022verifiedÉlevé
141XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx15/12/2022verifiedÉlevé
142XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx27/09/2023verifiedÉlevé
143XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx17/10/2023verifiedÉlevé
144XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxx05/01/2024verifiedÉlevé
145XXX.XX.XXX.XXXxxx.xxxxxxxxxxxxx.xxxxxXxxx27/09/2023verifiedÉlevé
146XXX.XX.XXX.XXxxxx-xxxxxxx.xxxxxxxxx.xxxXxxx25/05/2022verifiedÉlevé
147XXX.XX.XXX.XXxxxxx-xxxx.xxxxxxxxxx.xxxXxxx25/05/2022verifiedÉlevé
148XXX.XX.XXX.XXXXxxx27/09/2023verifiedÉlevé
149XXX.XX.XXX.XXXXxxx27/09/2023verifiedÉlevé
150XXX.XX.XXX.XXXXxxx15/12/2022verifiedÉlevé
151XXX.XX.XXX.XXXxxx27/09/2023verifiedÉlevé
152XXX.XX.XX.Xxxxxx.xxxxXxxx09/02/2024verifiedÉlevé
153XXX.XXX.XX.XXXXxxx07/06/2022verifiedÉlevé
154XXX.XX.XX.XXxxxx.xxXxxx17/10/2023verifiedÉlevé
155XXX.XX.XX.XXxxxxxxxxx.xxXxxx27/09/2023verifiedÉlevé
156XXX.XX.XXX.XXXXxxx15/12/2022verifiedÉlevé
157XXX.XX.XXX.XXXXxxx15/12/2022verifiedÉlevé
158XXX.XX.XXX.XXxxx15/12/2022verifiedÉlevé
159XXX.XX.XXX.XXXxxx27/09/2023verifiedÉlevé
160XXX.XXX.XXX.XXXxxx.xxxxxxxxxxxxx.xxxxxxxxxXxxx27/09/2023verifiedÉlevé
161XXX.XXX.XXX.XXXxxxxxxxxxxxx.xxXxxx27/09/2023verifiedÉlevé
162XXX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
163XXX.XXX.XXX.XXXxxx27/09/2023verifiedÉlevé
164XXX.XXX.XXX.XXXxxx17/05/2022verifiedÉlevé
165XXX.XXX.XXX.XXXxxx17/05/2022verifiedÉlevé
166XXX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
167XXX.XXX.XX.XXxxxx.xxxxxxxxxxxx.xxxxXxxx27/09/2023verifiedÉlevé
168XXX.XXX.XX.XXxxxxx.xxxxxxxxxxxxx.xxxXxxx27/09/2023verifiedÉlevé
169XXX.XXX.XX.XXXxxx27/09/2023verifiedÉlevé
170XXX.XXX.XXX.XXXXxxx27/09/2023verifiedÉlevé
171XXX.XXX.XXX.XXXxxxxxxx-xxxxxx.xx-xxx.xxxxXxxx17/10/2023verifiedÉlevé
172XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxxxxxx.xxxXxxx28/04/2022verifiedÉlevé
173XXX.XX.XX.XXXXxxx20/07/2022verifiedÉlevé
174XXX.XXX.XXX.XXXXxxx26/08/2022verifiedÉlevé
175XXX.XXX.XX.XXXxxx28/04/2022verifiedÉlevé
176XXX.XXX.XXX.XXXxxx17/10/2023verifiedÉlevé
177XXX.XXX.XXX.XXXxxx17/10/2023verifiedÉlevé
178XXX.XXX.XX.XXXxxx10/01/2023verifiedÉlevé
179XXX.XX.XXX.XXXXxxx18/12/2022verifiedÉlevé
180XXX.XX.XXX.XXxxxx.xxxxxxxxxxxxxxxxx.xxxXxxx29/06/2022verifiedÉlevé
181XXX.XX.XXX.XXXXxxx15/12/2022verifiedÉlevé
182XXX.XX.XXX.XXXxxx27/09/2023verifiedÉlevé
183XXX.XX.XXX.XXXxxx27/09/2023verifiedÉlevé
184XXX.XX.XXX.XXXXxxx27/09/2023verifiedÉlevé
185XXX.XX.XXX.XXXXxxx29/06/2022verifiedÉlevé
186XXX.XX.XXX.XXXxxxxxxx.xxxXxxx29/06/2022verifiedÉlevé
187XXX.XX.XXX.XXXXxxx27/09/2023verifiedÉlevé
188XXX.XX.XX.XXXXxxx10/01/2023verifiedÉlevé
189XXX.XX.XX.XXXXxxx12/10/2023verifiedÉlevé
190XXX.XX.XXX.XXxxxxx-x.xxxxxxxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxx06/07/2021verifiedÉlevé
191XXX.XX.XXX.XXxxxxxxxxxxx.xxxxxx.xxxXxxx06/07/2021verifiedÉlevé
192XXX.XX.XX.XXXXxxx17/10/2023verifiedÉlevé

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94, CWE-1321Argument InjectionpredictiveÉlevé
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/cgi-bin/wlogin.cgipredictiveÉlevé
2File/index.phppredictiveMoyen
3File/members/view_member.phppredictiveÉlevé
4File/mhds/clinic/view_details.phppredictiveÉlevé
5File/owa/auth/logon.aspxpredictiveÉlevé
6File/rest/api/latest/projectvalidate/keypredictiveÉlevé
7File/SSOPOST/metaAlias/%realm%/idpv2predictiveÉlevé
8File/uncpath/predictiveMoyen
9Filexxxxxxx.xxxpredictiveMoyen
10Filexxxxx.xxxxxxxxx.xxxpredictiveÉlevé
11Filexxx/xxx.xxxpredictiveMoyen
12Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveÉlevé
13Filexxxxx.xxxxpredictiveMoyen
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
15Filexxxxx.xxxpredictiveMoyen
16Filexxx/xxxx/xxxx.xpredictiveÉlevé
17Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
18Filexxxxx.xxxxpredictiveMoyen
19Filexxx/xxxxxx.xxxpredictiveÉlevé
20Filexxxxx.xxxpredictiveMoyen
21Filexxxxxxxx/xx/xxxx.xxpredictiveÉlevé
22Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveÉlevé
23Filexxxxxxxxxxxx.xxxpredictiveÉlevé
24Filexxx/xxxxxpredictiveMoyen
25Filexxx_xxxx.xxxpredictiveMoyen
26Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveÉlevé
27Filexxxx.xxxpredictiveMoyen
28Filexxxxxxxxxx.xxxpredictiveÉlevé
29Filexxxx-xxxxx.xxxpredictiveÉlevé
30Filexxx.xpredictiveFaible
31Library/_xxx_xxx/xxxxx.xxxpredictiveÉlevé
32Libraryxxx/xxxxxx.xpredictiveMoyen
33Argumentxx/xxpredictiveFaible
34ArgumentxxxxxxxxpredictiveMoyen
35ArgumentxxxxxxxxxpredictiveMoyen
36ArgumentxxxxxxxxxxxxxxxxpredictiveÉlevé
37ArgumentxxxxpredictiveFaible
38ArgumentxxxxxxxpredictiveFaible
39ArgumentxxxxxpredictiveFaible
40ArgumentxxxxpredictiveFaible
41Argumentxx_xxpredictiveFaible
42ArgumentxxxxpredictiveFaible
43ArgumentxxpredictiveFaible
44ArgumentxxxxpredictiveFaible
45ArgumentxxxpredictiveFaible
46ArgumentxxxxpredictiveFaible
47ArgumentxxxxxxxpredictiveFaible
48ArgumentxxxxxxxxpredictiveMoyen
49ArgumentxxxxpredictiveFaible
50ArgumentxxxxxxxpredictiveFaible
51ArgumentxxxxxxpredictiveFaible
52ArgumentxxxxxxxxxxxpredictiveMoyen
53Argumentxxxxxx/xxxxxx_xxxxxxpredictiveÉlevé
54ArgumentxxxpredictiveFaible
55ArgumentxxxpredictiveFaible
56ArgumentxxxpredictiveFaible
57ArgumentxxxxxxxxpredictiveMoyen
58ArgumentxxxxxpredictiveFaible
59Argumentx-xxxxxxxxx-xxxxxxpredictiveÉlevé
60Argument_xxxxxxxpredictiveMoyen
61Input Value../predictiveFaible
62Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveÉlevé
63Network Portxxx/xxx (xxxx)predictiveÉlevé

Références (18)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!