SparklingGoblin Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Langue

en	12
es	4
pl	2
zh	2
de	2

De campagne

ru	12
us	8
nl	2
cn	2

Acteurs

RedLine Stealer	1
Raccoon	1
RecordBreaker	1
Vidar	1
Cobalt Strike	1

Intérêt

Taper

Not Defined	12
Bug Tracking Software	2
SSH Server Software	2
Blog Software	2
Mail Client Software	2

Fournisseur

Not Defined	8
GitLab	2
Discuz	2
Geeklog	2
Wired Community Software	2

Produit

EmpireCMS	2
Laravel	2
GitLab Community Edition	2
GitLab Enterprise Edition	2
SSH	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	SSH SSH-1 Protocol chiffrement faible	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00258	CVE-2001-1473
2	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01	0.11112	CVE-2023-32031
3	IBM WebSphere Application Server Sequence elévation de privilèges	9.2	9.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.06	0.00399	CVE-2023-23477
4	EmpireCMS AdClass.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00172	CVE-2022-28585
5	Veritas NetBackup dénie de service	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00081	CVE-2022-36984
6	Geeklog Media Gallery ftpmedia.php elévation de privilèges	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.13104	CVE-2007-2706
7	Qt-cute QuickTalk guestbook qtg_msg_view.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00	0.00269	CVE-2007-3538
8	GitLab Community Edition/Enterprise Edition ipynb File cross site scripting	6.1	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00089	CVE-2021-39906
9	Microsoft Power BI Report Server Privilege Escalation	7.0	6.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.03	0.01237	CVE-2021-31984
10	Laravel Image Upload ValidatesAttributes.php elévation de privilèges	5.5	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.01231	CVE-2021-43617
11	Apache HTTP Server mod_rewrite Redirect	6.7	6.7	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00	0.00258	CVE-2020-1927
12	Request Tracker File Upload cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00107	CVE-2016-6127
13	RoundCube Webmail Password Plugin elévation de privilèges	7.5	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00338	CVE-2017-8114
14	Gallarific PHP Photo Gallery script gallery.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00112	CVE-2011-0519
15	SoftEther VPN Server See.sys Kernel elévation de privilèges	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00044	CVE-2019-11868
16	Typecho write-post.php cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00057	CVE-2017-16230
17	D-Link DNS-345 Cookie authentification faible	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00561	CVE-2014-7857
18	Zoho ManageEngine ServiceDesk Plus FileDownload.jsp directory traversal	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00556	CVE-2011-2757
19	Wired Community Software WWWThreads register.php sql injection	6.5	6.2	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.02	0.00471	CVE-2006-1958
20	Russcom Network Loginphp register.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.04	0.00677	CVE-2006-2160

Campagnes (1)

These are the campaigns that can be associated with the actor:

SideWalk

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	66.42.103.222	66.42.103.222.vultrusercontent.com	SparklingGoblin		05/10/2022	verified	Élevé
2	XX.XX.XXX.XX	xxxx.xxxxxx.xx.x.xxxxx.xxx	Xxxxxxxxxxxxxxx	Xxxxxxxx	05/03/2022	verified	Élevé
3	XXX.XX.XX.XXX		Xxxxxxxxxxxxxxx	Xxxxxxxx	05/03/2022	verified	Élevé
4	XXX.XX.X.XX		Xxxxxxxxxxxxxxx		05/10/2022	verified	Élevé
5	XXX.XX.XX.XXX	xxxx-xxxxxxxxxx.xxxxxxx.xx	Xxxxxxxxxxxxxxx	Xxxxxxxx	05/03/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059	CWE-94	Argument Injection	predictive	Élevé
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
9	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	AdClass.php	predictive	Moyen
2	File	admin/write-post.php	predictive	Élevé
3	File	FileDownload.jsp	predictive	Élevé
4	File	xxxxxxx.xxx	predictive	Moyen
5	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx	predictive	Élevé
6	File	xxxxx/xxxxxxxx.xxx	predictive	Élevé
7	File	xxx_xxx_xxxx.xxx	predictive	Élevé
8	File	xxxxxxxx.xxx	predictive	Moyen
9	File	xxxx.xxx	predictive	Moyen
10	File	xxxx-xxxxxxxx.xxx	predictive	Élevé
11	Library	xxx.xxx	predictive	Faible
12	Argument	xxx	predictive	Faible
13	Argument	xxxxxxxx	predictive	Moyen
14	Argument	xx	predictive	Faible
15	Argument	xxxxxxxx	predictive	Moyen
16	Argument	xxxxxx	predictive	Faible
17	Argument	xxxxx	predictive	Faible
18	Argument	_xx_xxxx[xxxx_xxxx]	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Interested in the pricing of exploits?

See the underground prices here!