Gootloader Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (138)

Sequenza temporale

Linguaggio

en136
fr2

Nazione

us26
ru8
es2
de2
vn2

Attori

Gootloader5
Cobalt Strike4
RecordBreaker3
Raccoon3
RedLine Stealer2

Attività

Interesse

Sequenza temporale

Genere

Not Defined72
Operating System14
WordPress Plugin10
Document Reader Software6
Hospitality Software4

Fornitore

Not Defined40
Apple10
Microsoft10
Adobe6
Linux4

Prodotto

Apple macOS4
Linux Kernel4
Foo Labs Xpdf4
Adobe After Effects4
Microsoft Office4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1AXIS 2110 Network Camera getparam.cgi denial of service9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.034610.03CVE-2004-2427
2onnx ONNX_ASSERTM rivelazione di un 'informazione4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-27319
3Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV buffer overflow5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-0023
47-card Fakabao alipay_notify.php sql injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-7183
5Scott Paterson Easy PayPal Shopping Cart Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-47239
6AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin cross site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-47757
7Guillemant David WP Full Auto Tags Manager Plugin cross site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-34024
8WPML Multilingual CMS Premium Plugin cross site request forgery6.26.1$0-$5k$0-$5kNot DefinedNot Defined0.000630.04CVE-2022-45071
9Os Commerce cross site scripting6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2023-43718
10Dolibarr cross site scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.04CVE-2023-5323
11WordPress Password Reset wp-login.php mail escalazione di privilegi6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.028270.02CVE-2017-8295
12NextGen GalleryView Plugin cross site scripting5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-35098
13HPE iLO 5 Local Privilege Escalation7.37.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.01CVE-2022-28634
14HPE iLO 5 Remote Code Execution8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.06CVE-2022-28633
15BTCPay Server POS Add Products cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2021-29250
16Stripe API v1 Access Restriction tokens autenticazione debole7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.002600.02CVE-2018-19249
17ffjpeg JPEG Image jfif.c jfif_decode buffer overflow4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.00CVE-2020-23852
18ffjpeg jfif.c denial of service5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-35433
19Cisco Catalyst 2960-L/Catalyst CDB-8P 802.1x escalazione di privilegi5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.02CVE-2020-3231
20pfSense pkg.php echo Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.02CVE-2022-23993

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Cobalt Strike

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.8.18.7Gootloader14/09/2023verifiedAlto
235.206.117.6464.117.206.35.bc.googleusercontent.comGootloader09/05/2022verifiedMedia
3XX.XXX.XXX.XXXxxxx.x-xxxxxxxx.xxXxxxxxxxxxXxxxxx Xxxxxx09/11/2023verifiedAlto
4XX.XXX.XXX.XXXxxxxxxxxxXxxxxx Xxxxxx09/11/2023verifiedAlto
5XX.XXX.XXX.XXXXxxxxxxxxxXxxxxx Xxxxxx09/11/2023verifiedAlto
6XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxXxxxxx Xxxxxx09/11/2023verifiedAlto
7XXX.XXX.XXX.XXXxxxxxxxxx04/01/2022verifiedAlto
8XXX.XX.XX.XXXxxxxxxxxxXxxxxx Xxxxxx09/11/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-21, CWE-22Path TraversalpredictiveAlto
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/etc/postfix/sender_loginpredictiveAlto
2File/forms/web_importTFTPpredictiveAlto
3File/goform/openSchedWifipredictiveAlto
4File/src/jfif.cpredictiveMedia
5File/usr/local/www/pkg.phppredictiveAlto
6File/v1/tokenspredictiveMedia
7Fileadmin.phppredictiveMedia
8Filexxxxx/xxxxxxxx.xxxpredictiveAlto
9Filexxxxx/xxxxx.xxxpredictiveAlto
10FilexxxxpredictiveBasso
11Filexxx/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
12Filexxxx/xxxxxx.xpredictiveAlto
13Filexxxxxxxxxxxxxxxxx.xxxpredictiveAlto
14Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
15Filexxxxxxxxx.xxxpredictiveAlto
16Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveAlto
17Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictiveAlto
18Filexxxxxxx.xxxpredictiveMedia
19Filexxxxxx/xxx/xxxx.xpredictiveAlto
20Filexxx/xxxx_xxxx.xpredictiveAlto
21Filexxx/xxxxxxxxxx.xpredictiveAlto
22Filexxxx/xxxxxx.xpredictiveAlto
23Filexxxxx.xxxpredictiveMedia
24FilexxxxxxxpredictiveBasso
25Filexxxxxxxx.xxxpredictiveMedia
26Filexxxxxxxxxxxx.xxxpredictiveAlto
27Filexxxxx/xxxxxxxx.xxx.xxxpredictiveAlto
28Filexxxxxxxxxx.xpredictiveMedia
29Filexxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
30Filexxxxxxx.xxxxpredictiveMedia
31Filexxxxxxx.xxpredictiveMedia
32Filexxxx/xxxxxx_xxxxxx.xxxpredictiveAlto
33Filexxxxxxxxxxxx.xxxpredictiveAlto
34Filexxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxxpredictiveAlto
35Filexx-xxxxx.xxxpredictiveMedia
36Library/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.xpredictiveAlto
37Argument$_xxxxxxx['xxx_xxxxxx']predictiveAlto
38ArgumentxxxxxxpredictiveBasso
39ArgumentxxxpredictiveBasso
40ArgumentxxxxxxxxxxpredictiveMedia
41ArgumentxxxxxxxxpredictiveMedia
42ArgumentxxxxxxxxpredictiveMedia
43ArgumentxxxxpredictiveBasso
44ArgumentxxpredictiveBasso
45Argumentxxx[xxxx_xx]predictiveMedia
46ArgumentxxxxxxpredictiveBasso
47Argumentxxxxxxx_xxxxxx_xxxxx[x]predictiveAlto
48ArgumentxxxxxxpredictiveBasso
49Argumentxxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]predictiveAlto
50Argumentxxx_xxxxx_xxpredictiveMedia
51ArgumentxxxxxxpredictiveBasso
52Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveAlto
53ArgumentxxxxxxxxpredictiveMedia
54ArgumentxxxxxxxpredictiveBasso
55ArgumentxxxxxpredictiveBasso
56Input Value/../predictiveBasso
57Input ValuexxxxxxxxxxpredictiveMedia
58Input Valuex+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)predictiveAlto
59Input Value\xxx../../../../xxx/xxxxxxpredictiveAlto
60Input Value\xxx\xxxpredictiveMedia
61Network Portxxx/xxxxpredictiveMedia

Referenze (5)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!