Guccifer 2.0 Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Sequenza temporale

Linguaggio

en58

Nazione

us4
ru2
fr2

Attori

Guccifer 2.01

Attività

Interesse

Sequenza temporale

Genere

Not Defined24
Wireless LAN Software6
Operating System6
Testing Software4
Virtualization Software2

Fornitore

Not Defined16
IBM10
Monroe Electronics6
Cisco4
Linux4

Prodotto

Monroe Electronics R189 One-Net EAS6
Linux Kernel4
IBM Rational Quality Manager4
SAP Landscape Management2
QEMU2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1ProFTPD mod_copy File escalazione di privilegi7.37.0$0-$5k$0-$5kHighOfficial Fix0.970910.21CVE-2015-3306
2LOCKON EC-CUBE directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002800.00CVE-2013-3654
3Monroe Electronics R189 One-Net EAS Default Configuration crittografia debole9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007260.02CVE-2013-0137
4Choice-wireless WIXFMR-111 ajax.cgi autenticazione debole9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.008270.00CVE-2013-4731
5Monroe Electronics R189 One-Net EAS escalazione di privilegi9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.005880.00CVE-2013-4732
6Monroe Electronics R189 One-Net EAS escalazione di privilegi7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003210.00CVE-2013-4733
7Linux Kernel xdp_umem.c xdp_umem_reg buffer overflow6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2020-12659
8SAE FW-50 Remote Telemetry Unit directory traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.002350.00CVE-2020-10634
9IBM Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-6022
10IBM Rational Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-6031
11IBM Rational Quality Manager cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2016-6036
12IBM Curam Social Program Management XML External Entity7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001940.03CVE-2016-6111
13Nagios cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.02CVE-2016-6209
14Cisco 2100 Wireless LAN Controller denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2012-0369
15Cisco Wireless LAN Controller Software denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2012-0370
16Cisco Wireless LAN Controller Software escalazione di privilegi9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003690.02CVE-2012-0371
17ninja-forms Plugin cross site request forgery5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2020-12462
18jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.061240.00CVE-2020-11022
19Netgear WNR2000v5 buffer overflow6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.00CVE-2018-21181
20BigBlueButton rivelazione di un 'informazione6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001890.03CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
195.130.9.198Guccifer 2.023/12/2020verifiedAlto
295.130.15.34Guccifer 2.023/12/2020verifiedAlto
3XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedAlto
4XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedAlto
5XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedAlto
6XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedAlto
7XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/Forms/predictiveBasso
2File/see_more_details.phppredictiveAlto
3Fileajax.cgipredictiveMedia
4Filexxxxxxxx.xxxpredictiveMedia
5Filexxxxxxxx.xxxpredictiveMedia
6Filexx/xxxxxxx-xxxxxxx.xpredictiveAlto
7Filexxx/xxx/xxx_xxxx.xpredictiveAlto
8Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxxpredictiveAlto
9Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxxpredictiveAlto
10Filexxxxxxx-xxxxxx.xxxpredictiveAlto
11Argumentxxxx/xxxxpredictiveMedia
12ArgumentxxpredictiveBasso
13ArgumentxxxpredictiveBasso
14ArgumentxxxxxxxpredictiveBasso
15Input Value::$xxxxx_xxxxxxxxxxpredictiveAlto
16Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!