Gootkit Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (257)

Sequenza temporale

Linguaggio

en222
de10
zh8
ru8
sv6

Nazione

us146
ru50
cn22
de8
gb8

Attori

Gootkit8
Gozi7
SharkBot7
Conti5
Cobalt Strike4

Attività

Interesse

Sequenza temporale

Genere

Not Defined76
Content Management System16
Web Server14
SCADA Software10
Connectivity Software8

Fornitore

Not Defined76
Microsoft14
Siemens10
Apache8
SonicWALL4

Prodotto

nginx8
OpenSSH8
WordPress8
Microsoft Office6
PHP6

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1SugarCRM sql injection5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002080.02CVE-2020-17373
2SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.04CVE-2023-1504
3nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.17CVE-2020-12440
4SugarCRM Emails sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2019-17319
5DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.68CVE-2010-0966
6SugarCRM Configurator escalazione di privilegi5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2019-17306
7SugarCRM Administration sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2019-17298
8jQuery Property extend Pollution cross site scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.34CVE-2019-11358
9OpenSSH scp scp.c escalazione di privilegi6.46.4$25k-$100k$25k-$100kNot DefinedUnavailable0.002890.08CVE-2020-15778
10jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.019000.03CVE-2020-11023
11Microweber controller.php rivelazione di un 'informazione6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010020.03CVE-2020-13405
12Naviwebs Navigate CMS File Upload navigate_upload.php escalazione di privilegi7.16.9$0-$5k$0-$5kHighOfficial Fix0.897490.03CVE-2018-17553
13Sunny WebBox cross site request forgery7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001500.02CVE-2019-13529
14Microsoft IIS IP/Domain Restriction escalazione di privilegi6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.47CVE-2014-4078
15AlienVault Open Source Security Information Management radar-iso27001-potential.php sql injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001270.00CVE-2013-5967
16WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
17Siemens SIMATIC Drive Controller Service Port 102 buffer overflow7.37.1$5k-$25k$5k-$25kNot DefinedWorkaround0.005260.02CVE-2020-15782
18Siemens SIMATIC S7-1200 PLC buffer overflow7.57.5$5k-$25k$0-$5kNot DefinedNot Defined0.002610.02CVE-2013-0700
19SunHater KCFinder upload.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001310.04CVE-2019-14315
20Xerox WorkCentre escalazione di privilegi7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2018-20767

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
131.214.157.14dev.neto-svedberg.comGootkit28/04/2022verifiedAlto
231.214.157.162crm.tuxexpert.comGootkit28/04/2022verifiedAlto
3109.230.199.13sw1-wg.celo.netGootkit28/04/2022verifiedAlto
4XXX.XXX.XXX.XXXXxxxxxx28/04/2022verifiedAlto
5XXX.XXX.XXX.XXXXxxxxxx28/04/2022verifiedAlto
6XXX.XX.XXX.XXXxxxxxx28/04/2022verifiedAlto
7XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxx.xxxXxxxxxx28/04/2022verifiedAlto
8XXX.XXX.XXX.XXxxxxxxxx.xxxxXxxxxxx28/04/2022verifiedAlto
9XXX.XXX.XXX.XXXXxxxxxx28/04/2022verifiedAlto
10XXX.XXX.XX.XXXXxxxxxx28/04/2022verifiedAlto
11XXX.XXX.XX.XXXxxxxxx28/04/2022verifiedAlto
12XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxx28/04/2022verifiedAlto
13XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxx28/04/2022verifiedAlto
14XXX.XX.XXX.XXXxxxxxx28/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File.htaccesspredictiveMedia
2File/addnews.htmlpredictiveAlto
3File/api/runs/search/run/predictiveAlto
4File/cgi-bin/supervisor/PwdGrp.cgipredictiveAlto
5File/downloadpredictiveMedia
6File/secure/admin/ImporterFinishedPage.jspapredictiveAlto
7File/uncpath/predictiveMedia
8File/_errorpredictiveBasso
9File/_nextpredictiveBasso
10Filexxx.xpredictiveBasso
11Filexxxxx/xxxx.xxx?xxxx=xxxxxx_x&xxxx_xxxxpredictiveAlto
12Filexxxx-xxxx.xpredictiveMedia
13Filexxxx_xxx.xxxpredictiveMedia
14Filexxxxx.xxxpredictiveMedia
15Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
16Filexxxx/xxxxxx/xxxx/xxxx_xxxxxxxx_xxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx.xxxpredictiveAlto
17Filexxxxxxxx.xxxpredictiveMedia
18Filexxx/xxxxx/xxxxx.xpredictiveAlto
19Filexxxxxx_xxxx.xxxpredictiveAlto
20Filexx-xxxxxxx/xxxxxxxpredictiveAlto
21Filexxxx.xxxpredictiveMedia
22Filexxx/xxxxxx.xxxpredictiveAlto
23Filexxxxx.xxxpredictiveMedia
24Filexxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxxpredictiveAlto
25Filexxx?xxxx.xxxpredictiveMedia
26Filex_xxxxxxxx_xxxxxpredictiveAlto
27Filexxxxx/xxx_xxxxxxxxpredictiveAlto
28Filexxxxx/xxxxxxxxxpredictiveAlto
29Filexxxxxxxxxxx/xxxxx.xpredictiveAlto
30Filexxxx.xpredictiveBasso
31Filexxxx.xxxpredictiveMedia
32Filexxxxxxxxxxxx.xxxxpredictiveAlto
33Filexxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxxpredictiveAlto
34Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
35Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xpredictiveAlto
36Filexxx_xxxxx.xpredictiveMedia
37Filexxxxx.xxxpredictiveMedia
38Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveAlto
39Filexxxxxx.xpredictiveMedia
40Filexxxxxxxxxxxxx.xpredictiveAlto
41Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
42Filexxx_xxxxx_xxxxxxx.xpredictiveAlto
43Filexxxxxx_xxxx.xpredictiveAlto
44Filexxx.xpredictiveBasso
45Filexxxx-xxxxxx.xpredictiveAlto
46Filexxxxx-xxxx.xxxpredictiveAlto
47Filexxxxxx.xxxpredictiveMedia
48Filexxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
49Filexxxx.xxxpredictiveMedia
50Filexxxxxx.xxxpredictiveMedia
51Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
52Filexx-xxxxx/xxxxx.xxxpredictiveAlto
53Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
54Filexxxxxxx.xxxxpredictiveMedia
55Argument$xxxxx_xxxxxxxxxxpredictiveAlto
56ArgumentxxxxxxxxpredictiveMedia
57ArgumentxxxxxxxxxxpredictiveMedia
58ArgumentxxxpredictiveBasso
59ArgumentxxxxxxxxxxxxxxxpredictiveAlto
60Argumentxxxx_xxxxpredictiveMedia
61ArgumentxxxxxxxxxxxpredictiveMedia
62Argumentxxxxx/xxxxxxxxpredictiveAlto
63Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveAlto
64ArgumentxxpredictiveBasso
65Argumentx_xxxxxxxxpredictiveMedia
66Argumentxxxx_xxxxpredictiveMedia
67ArgumentxxxxxxxxpredictiveMedia
68ArgumentxxxxxxxpredictiveBasso
69ArgumentxxxxpredictiveBasso
70Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictiveAlto
71ArgumentxxxxxpredictiveBasso
72Argumentxxxx-xxxxx/xxxxxxxpredictiveAlto
73Argumentxxxx/xx/xxxxpredictiveMedia
74ArgumentxxxxxpredictiveBasso
75Input Valuexxx?xxxx.xxxpredictiveMedia
76Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveAlto
77Network Portxxx/xxpredictiveBasso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!