Gootkit 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (257)

タイムライン

言語

en218
ru12
de10
sv8
zh6

国・地域

us154
ru46
cn26
gb8
de6

アクター

Gootkit8
Gozi7
SharkBot7
Conti5
Cobalt Strike4

アクティビティ

関心

タイムライン

タイプ

Not Defined86
Content Management System16
Firewall Software10
Connectivity Software10
Web Server10

ベンダー

Not Defined68
Microsoft8
Joomla6
Cisco6
Oracle4

製品

OpenSSH8
Joomla CMS6
SugarCRM6
Cobham Sea Tel4
Microsoft IIS4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1SugarCRM SQLインジェクション5.85.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002080.02CVE-2020-17373
2SourceCodester Alphaware Simple E-Commerce System SQLインジェクション7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.04CVE-2023-1504
3nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.64CVE-2020-12440
4SugarCRM Emails SQLインジェクション7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2019-17319
5DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.09CVE-2010-0966
6SugarCRM Configurator 特権昇格5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2019-17306
7SugarCRM Administration SQLインジェクション7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2019-17298
8jQuery Property extend Pollution クロスサイトスクリプティング6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.25CVE-2019-11358
9OpenSSH scp scp.c 特権昇格6.46.4$25k-$100k$5k-$25kNot DefinedUnavailable0.002890.04CVE-2020-15778
10jQuery html クロスサイトスクリプティング5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.019000.03CVE-2020-11023
11Microweber controller.php 情報の漏洩6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010020.03CVE-2020-13405
12Naviwebs Navigate CMS File Upload navigate_upload.php 特権昇格7.16.9$0-$5k$0-$5kHighOfficial Fix0.897490.03CVE-2018-17553
13Sunny WebBox 未知の脆弱性7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001500.02CVE-2019-13529
14Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.34CVE-2014-4078
15AlienVault Open Source Security Information Management radar-iso27001-potential.php SQLインジェクション7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001270.00CVE-2013-5967
16WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
17Siemens SIMATIC Drive Controller Service Port 102 メモリ破損7.37.1$5k-$25k$5k-$25kNot DefinedWorkaround0.005260.02CVE-2020-15782
18Siemens SIMATIC S7-1200 PLC メモリ破損7.57.5$5k-$25k$0-$5kNot DefinedNot Defined0.002610.02CVE-2013-0700
19SunHater KCFinder upload.php クロスサイトスクリプティング5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001310.04CVE-2019-14315
20Xerox WorkCentre 特権昇格7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2018-20767

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.214.157.14dev.neto-svedberg.comGootkit2022年04月28日verified
231.214.157.162crm.tuxexpert.comGootkit2022年04月28日verified
3109.230.199.13sw1-wg.celo.netGootkit2022年04月28日verified
4XXX.XXX.XXX.XXXXxxxxxx2022年04月28日verified
5XXX.XXX.XXX.XXXXxxxxxx2022年04月28日verified
6XXX.XX.XXX.XXXxxxxxx2022年04月28日verified
7XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxx.xxxXxxxxxx2022年04月28日verified
8XXX.XXX.XXX.XXxxxxxxxx.xxxxXxxxxxx2022年04月28日verified
9XXX.XXX.XXX.XXXXxxxxxx2022年04月28日verified
10XXX.XXX.XX.XXXXxxxxxx2022年04月28日verified
11XXX.XXX.XX.XXXxxxxxx2022年04月28日verified
12XXX.XX.XXX.XXxxxx.xxxxxxxxxxx.xxxXxxxxxx2022年04月28日verified
13XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxx2022年04月28日verified
14XXX.XX.XXX.XXXxxxxxx2022年04月28日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/addnews.htmlpredictive
3File/api/runs/search/run/predictive
4File/cgi-bin/supervisor/PwdGrp.cgipredictive
5File/downloadpredictive
6File/secure/admin/ImporterFinishedPage.jspapredictive
7File/uncpath/predictive
8File/_errorpredictive
9File/_nextpredictive
10Filexxx.xpredictive
11Filexxxxx/xxxx.xxx?xxxx=xxxxxx_x&xxxx_xxxxpredictive
12Filexxxx-xxxx.xpredictive
13Filexxxx_xxx.xxxpredictive
14Filexxxxx.xxxpredictive
15Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictive
16Filexxxx/xxxxxx/xxxx/xxxx_xxxxxxxx_xxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx.xxxpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxx/xxxxx/xxxxx.xpredictive
19Filexxxxxx_xxxx.xxxpredictive
20Filexx-xxxxxxx/xxxxxxxpredictive
21Filexxxx.xxxpredictive
22Filexxx/xxxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxxxxxxx/xxxxxx-xxxx-xxxxxxxxx-xxxpredictive
25Filexxx?xxxx.xxxpredictive
26Filex_xxxxxxxx_xxxxxpredictive
27Filexxxxx/xxx_xxxxxxxxpredictive
28Filexxxxx/xxxxxxxxxpredictive
29Filexxxxxxxxxxx/xxxxx.xpredictive
30Filexxxx.xpredictive
31Filexxxx.xxxpredictive
32Filexxxxxxxxxxxx.xxxxpredictive
33Filexxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxxx.xxxpredictive
34Filexxxxxxxx_xxxxxx.xxxpredictive
35Filexxx/xxxx/xxxxxxxxx/xx_xxx_xxxx_xxxxx_xxxx.xpredictive
36Filexxx_xxxxx.xpredictive
37Filexxxxx.xxxpredictive
38Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictive
39Filexxxxxx.xpredictive
40Filexxxxxxxxxxxxx.xpredictive
41Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictive
42Filexxx_xxxxx_xxxxxxx.xpredictive
43Filexxxxxx_xxxx.xpredictive
44Filexxx.xpredictive
45Filexxxx-xxxxxx.xpredictive
46Filexxxxx-xxxx.xxxpredictive
47Filexxxxxx.xxxpredictive
48Filexxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictive
49Filexxxx.xxxpredictive
50Filexxxxxx.xxxpredictive
51Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
52Filexx-xxxxx/xxxxx.xxxpredictive
53Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
54Filexxxxxxx.xxxxpredictive
55Argument$xxxxx_xxxxxxxxxxpredictive
56Argumentxxxxxxxxpredictive
57Argumentxxxxxxxxxxpredictive
58Argumentxxxpredictive
59Argumentxxxxxxxxxxxxxxxpredictive
60Argumentxxxx_xxxxpredictive
61Argumentxxxxxxxxxxxpredictive
62Argumentxxxxx/xxxxxxxxpredictive
63Argumentxxx_xxxxx_xxxx_xxxxxxxpredictive
64Argumentxxpredictive
65Argumentx_xxxxxxxxpredictive
66Argumentxxxx_xxxxpredictive
67Argumentxxxxxxxxpredictive
68Argumentxxxxxxxpredictive
69Argumentxxxxpredictive
70Argumentxxxxx_xxxx/xxxxx_xxxxxx/xxx_xxxx/xxx_xxxxxx/xxxxxxxxpredictive
71Argumentxxxxxpredictive
72Argumentxxxx-xxxxx/xxxxxxxpredictive
73Argumentxxxx/xx/xxxxpredictive
74Argumentxxxxxpredictive
75Input Valuexxx?xxxx.xxxpredictive
76Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictive
77Network Portxxx/xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!