Guccifer 2.0 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Langue

en	56
fr	2

De campagne

us	12
ru	2

Acteurs

Guccifer 2.0	1

Intérêt

Taper

Not Defined	22
Wireless LAN Software	10
Operating System	6
WordPress Plugin	4
Web Server	4

Fournisseur

Not Defined	14
Microsoft	8
IBM	6
Cisco	6
Monroe Electronics	6

Produit

Monroe Electronics R189 One-Net EAS	6
Cisco Wireless LAN Controller Software	4
Microsoft Windows	4
WordPress	4
Netgear R7800	4

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	ProFTPD mod_copy File elévation de privilèges	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00	0.97188	CVE-2015-3306
2	LOCKON EC-CUBE directory traversal	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00267	CVE-2013-3654
3	Monroe Electronics R189 One-Net EAS Default Configuration chiffrement faible	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00726	CVE-2013-0137
4	Choice-wireless WIXFMR-111 ajax.cgi authentification faible	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00519	CVE-2013-4731
5	Monroe Electronics R189 One-Net EAS elévation de privilèges	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00560	CVE-2013-4732
6	Monroe Electronics R189 One-Net EAS elévation de privilèges	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00306	CVE-2013-4733
7	Linux Kernel xdp_umem.c xdp_umem_reg buffer overflow	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00072	CVE-2020-12659
8	SAE FW-50 Remote Telemetry Unit directory traversal	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00235	CVE-2020-10634
9	IBM Quality Manager Web UI cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2016-6022
10	IBM Rational Quality Manager Web UI cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2016-6031
11	IBM Rational Quality Manager cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00049	CVE-2016-6036
12	IBM Curam Social Program Management XML External Entity	7.8	7.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.00194	CVE-2016-6111
13	Nagios cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00081	CVE-2016-6209
14	Cisco 2100 Wireless LAN Controller dénie de service	7.5	7.2	$5k-$25k	Calculateur	Not Defined	Official Fix	0.02	0.00181	CVE-2012-0369
15	Cisco Wireless LAN Controller Software dénie de service	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00181	CVE-2012-0370
16	Cisco Wireless LAN Controller Software elévation de privilèges	9.8	9.4	$25k-$100k	Calculateur	Not Defined	Official Fix	0.02	0.00369	CVE-2012-0371
17	ninja-forms Plugin cross site request forgery	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00053	CVE-2020-12462
18	jQuery html cross site scripting	5.8	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.06124	CVE-2020-11022
19	Netgear WNR2000v5 buffer overflow	6.1	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00096	CVE-2018-21181
20	BigBlueButton divulgation de l'information	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00189	CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Acteur	Identified	Taper	Confiance
1	95.130.9.198	Guccifer 2.0	23/12/2020	verified	Élevé
2	95.130.15.34	Guccifer 2.0	23/12/2020	verified	Élevé
3	XX.XXX.XX.XX	Xxxxxxxx X.x	23/12/2020	verified	Élevé
4	XX.XXX.XX.XX	Xxxxxxxx X.x	23/12/2020	verified	Élevé
5	XX.XXX.XX.XX	Xxxxxxxx X.x	23/12/2020	verified	Élevé
6	XX.XXX.XX.XX	Xxxxxxxx X.x	23/12/2020	verified	Élevé
7	XX.XXX.XX.XX	Xxxxxxxx X.x	23/12/2020	verified	Élevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/Forms/	predictive	Faible
2	File	/see_more_details.php	predictive	Élevé
3	File	ajax.cgi	predictive	Moyen
4	File	xxxxxxxx.xxx	predictive	Moyen
5	File	xxxxxxxx.xxx	predictive	Moyen
6	File	xx/xxxxxxx-xxxxxxx.x	predictive	Élevé
7	File	xxx/xxx/xxx_xxxx.x	predictive	Élevé
8	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxx	predictive	Élevé
9	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxx	predictive	Élevé
10	File	xxxxxxx-xxxxxx.xxx	predictive	Élevé
11	Argument	xxxx/xxxx	predictive	Moyen
12	Argument	xx	predictive	Faible
13	Argument	xxx	predictive	Faible
14	Argument	xxxxxxx	predictive	Faible
15	Input Value	::$xxxxx_xxxxxxxxxx	predictive	Élevé
16	Network Port	xxx xxxxxx xxxx	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!