GIMF Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (238)

Sequenza temporale

Linguaggio

en182
zh42
de6
pl4
fr2

Nazione

la220
gb10
cn4
us2
vn2

Attori

Cobalt Strike11
Ave Maria9
RedLine Stealer7
AsyncRAT5
Lazarus4

Attività

Interesse

Sequenza temporale

Genere

Not Defined88
Content Management System14
Operating System12
WordPress Plugin10
Programming Language Software8

Fornitore

Not Defined102
Microsoft14
Apache8
Adobe6
Sophos4

Prodotto

Microsoft Windows10
WordPress6
Adobe ColdFusion6
Moodle6
Revive Adserver4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1TikiWiki tiki-register.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0100910.00CVE-2006-6168
2Tiki Admin Password tiki-login.php autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.14CVE-2020-15906
3Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000005.14
5LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
6WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
7ipTIME NAS-I Bulletin Manage escalazione di privilegi7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
8request-baskets API Request {name} escalazione di privilegi6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
9DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.43CVE-2010-0966
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
11nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.14CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.321820.00CVE-2021-34480
13NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.21CVE-2022-0349
14DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd escalazione di privilegi4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.00CVE-2022-41479
15Basilix Webmail login.php3 escalazione di privilegi7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
16JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.07CVE-2010-5048
17Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001690.00CVE-2023-21735
18Alt-N MDaemon Worldclient escalazione di privilegi4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
19CouchCMS mysql2i.func.php Path rivelazione di un 'informazione3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
20Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.03CVE-2021-29114

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Cyber Jihad

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1111.90.148.5server1.kamon.laGIMFCyber Jihad16/06/2021verifiedAlto
2XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxXxxxx Xxxxx16/06/2021verifiedAlto
3XXX.XXX.XXX.XXXXxxxXxxxx Xxxxx16/06/2021verifiedAlto
4XXX.XXX.XXX.XXxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx16/06/2021verifiedAlto
5XXX.XXX.XXX.XXXxxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx16/06/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-21, CWE-22, CWE-24Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/dl_sendmail.phppredictiveAlto
2File/adminPage/conf/reloadpredictiveAlto
3File/api/baskets/{name}predictiveAlto
4File/api/v2/cli/commandspredictiveAlto
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveAlto
6File/DXR.axdpredictiveMedia
7File/forum/away.phppredictiveAlto
8File/mfsNotice/pagepredictiveAlto
9File/novel/bookSetting/listpredictiveAlto
10File/novel/userFeedback/listpredictiveAlto
11File/owa/auth/logon.aspxpredictiveAlto
12File/spip.phppredictiveMedia
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveAlto
14File/zm/index.phppredictiveAlto
15Fileadclick.phppredictiveMedia
16Filexxxxx.xxxxxxxxx.xxxpredictiveAlto
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
18Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
19Filexxxx.xxxpredictiveMedia
20Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveAlto
21Filexxxx_xxxxxxx.xxxpredictiveAlto
22Filexxx-xxx/xxxxxx.xxxpredictiveAlto
23Filexxxxx.xxxpredictiveMedia
24Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveAlto
25Filexxxxx-xxxxxxx.xxxpredictiveAlto
26Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
27Filexxxxxxxxxx\xxxx.xxxpredictiveAlto
28Filexxxxxxxxxxx.xxxpredictiveAlto
29Filexxxx-xxxxxx.xxxpredictiveAlto
30Filexxxxxxxxxxx.xxxxx.xxxpredictiveAlto
31Filexxxx.xxxpredictiveMedia
32Filexxxxx_xxxx.xxxpredictiveAlto
33Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
34Filexxx/xxxxxx.xxxpredictiveAlto
35Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveAlto
36Filexxxxx.xxxxpredictiveMedia
37Filexxxxx.xxxpredictiveMedia
38Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveAlto
39Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveAlto
40Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveAlto
41Filexxxx_xxxxxxx.xxxpredictiveAlto
42Filexxxxx.xxxxpredictiveMedia
43Filexxxxx.xxxpredictiveMedia
44Filexxxx.xxxxpredictiveMedia
45Filexx_xxxx.xpredictiveMedia
46Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveAlto
47Filexxxxxxx_xxxx.xxxpredictiveAlto
48Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
49Filexxxxxxx.xxxpredictiveMedia
50Filexxxxxxxxxxxxx.xxxpredictiveAlto
51Filexxxxxxxxxxxx.xxxpredictiveAlto
52Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveAlto
53Filexxxx_xxxx_xxxxxx.xxxpredictiveAlto
54Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
55Filexxxx_xxxxx.xxxxpredictiveAlto
56Filexxxxxxxxxx_xxxx.xxxpredictiveAlto
57Filexxx/xxxx/xxxxpredictiveAlto
58Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveAlto
59Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
60Filexxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
61Filexxxx_xxxxxx.xxpredictiveAlto
62Filexxxx-xxxxx.xxxpredictiveAlto
63Filexxxx-xxxxxxxx.xxxpredictiveAlto
64Filexxxxxx_xxxxx.xxxpredictiveAlto
65Filexxxxxx.xxxpredictiveMedia
66Filexxxxxxx-xxxxx.xxxpredictiveAlto
67Filexxxx_xxxxx.xxxpredictiveAlto
68Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
69Filexxxx.xxxpredictiveMedia
70Filexx-xxxxx-xxxxxx.xxxpredictiveAlto
71Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
72Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
73Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
74Filexxxx.xxxpredictiveMedia
75File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveAlto
76File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
77Libraryxxxxxx.xxxpredictiveMedia
78Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveAlto
79Argumentxxx_xxxpredictiveBasso
80ArgumentxxxxpredictiveBasso
81ArgumentxxxxxxxxxpredictiveMedia
82ArgumentxxxxxxxxpredictiveMedia
83Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveAlto
84Argumentxxxxx_xxxxpredictiveMedia
85Argumentxxxx_xxx_xxxxpredictiveAlto
86ArgumentxxxxxxxxxxpredictiveMedia
87Argumentxxx_xxpredictiveBasso
88ArgumentxxxpredictiveBasso
89ArgumentxxxxxxxxxxxxxxxpredictiveAlto
90ArgumentxxxxpredictiveBasso
91Argumentxxxxxxxxx_xxxxxxpredictiveAlto
92ArgumentxxxxxxxxxpredictiveMedia
93Argumentxx_xxxxxxxpredictiveMedia
94ArgumentxxxxpredictiveBasso
95ArgumentxxxxxxxxpredictiveMedia
96ArgumentxxxxxpredictiveBasso
97Argumentxxxxxx_xxxxxpredictiveMedia
98Argumentxx_xxpredictiveBasso
99Argumentxxxxxxx[xxxxxxx]predictiveAlto
100ArgumentxxxxxxxpredictiveBasso
101ArgumentxxxxxxpredictiveBasso
102ArgumentxxxxxpredictiveBasso
103ArgumentxxpredictiveBasso
104ArgumentxxxpredictiveBasso
105ArgumentxxxxpredictiveBasso
106ArgumentxxxxpredictiveBasso
107Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveAlto
108ArgumentxxxxxxxxpredictiveMedia
109Argumentxx_xxpredictiveBasso
110Argumentxxxxxx/xxxxx/xxxxpredictiveAlto
111ArgumentxxxxxxxpredictiveBasso
112ArgumentxxxxpredictiveBasso
113Argumentxxxxxx_xxxxxxpredictiveAlto
114Argumentxxxxxxxx_xxpredictiveMedia
115Argumentxxxxxx_xxxxxpredictiveMedia
116Argumentxxxx_xxxxpredictiveMedia
117ArgumentxxxxpredictiveBasso
118ArgumentxxxxxxpredictiveBasso
119ArgumentxxxxxxxpredictiveBasso
120ArgumentxxxpredictiveBasso
121ArgumentxxxxxpredictiveBasso
122ArgumentxxxpredictiveBasso
123ArgumentxxxxxxxxpredictiveMedia
124Argument_xxx_xxxxxxxxxxx_predictiveAlto
125Input Valuexxxxxxxxx' xxx 'x'='xpredictiveAlto
126Pattern|xx xx xx xx|predictiveAlto
127Network Portxxx/xxxxxpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!