Gustuff Analyse

IOB - Indicator of Behavior (69)

Chronologie

Langue

en70

De campagne

de70

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

PHP4
MK-AUTH4
IBM Lotus Domino4
Zoho ManageEngine Desktop Central2
Phusion Passenger2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1MK-AUTH auth elévation de privilèges9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00289CVE-2020-14072
2Yii ActiveRecord.php findByCondition sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00119CVE-2018-7269
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
4SolarWinds Dameware Mini Remote Client Agent SmartCard Authentication DWRCS.exe elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.010.01347CVE-2019-3980
5JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.020.81623CVE-2018-17254
6IBM Lotus Domino domcfg.nsf divulgation de l'information5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.030.00000
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
8DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.490.00943CVE-2010-0966
9Cisco ASA Authentication elévation de privilèges6.46.3$5k-$25k$0-$5kHighOfficial Fix0.050.97429CVE-2018-0296
10Apple watchOS WebKit elévation de privilèges4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00089CVE-2023-38572
11Phpletter Ajax File/Image Manager elévation de privilèges7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.96910CVE-2011-4825
12Microsoft Azure Stack Edge elévation de privilèges10.08.7$100k et plus$25k-$100kUnprovenOfficial Fix0.040.00188CVE-2022-37968
13Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.070.00258CVE-2020-1927
14MK-AUTH Web Login executar_login.php authentification faible8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00341CVE-2020-14070
15PHP enchant.c enchant_broker_request_dict buffer overflow7.36.4$5k-$25k$0-$5kUnprovenOfficial Fix0.000.18929CVE-2014-9705
16OpenSSL Certificate Chain Verification authentification faible6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00260CVE-2021-3450
17IBM Aspera Connect DLL elévation de privilèges7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00299CVE-2020-4545
18GetSimple CMS XML External Entity5.34.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00814CVE-2014-8790
19Microsoft ASP.NET Core Kestrel Web Application elévation de privilèges8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.02783CVE-2018-0787
20PHP EXIF exif_process_IFD_in_TIFF buffer overflow9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02863CVE-2019-9641

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/authpredictiveFaible
2File/uncpath/predictiveMoyen
3Fileadmin/executar_login.phppredictiveÉlevé
4Filexxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
5Filexxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveÉlevé
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
7Filexxxxxx.xxxpredictiveMoyen
8Filexxxxx.xxxpredictiveMoyen
9Filexxxxxxx.xpredictiveMoyen
10Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveÉlevé
11Filexxx/xxxxxx.xxxpredictiveÉlevé
12Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveÉlevé
13Filexxxxxxxxxxxxxxx.xxxpredictiveÉlevé
14Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
15Filexxxxxx.xxxpredictiveMoyen
16Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
17Argument-xpredictiveFaible
18ArgumentxxxxxxxxpredictiveMoyen
19ArgumentxxxxpredictiveFaible
20ArgumentxxxxxxpredictiveFaible
21Argumentxxxxxxxx_xxxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!