Gafgyt Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (481)

Oś czasu

Język

en414
ru56
es4
pl2
de2

Kraj

us250
sc168
ru16
li14
ca6

Aktorzy

Mirai6
Bashlite4
Nanocore RAT3
Cobalt Strike3
Gafgyt2

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined120
Content Management System52
Web Server26
Operating System26
Firewall Software20

Sprzedawca

Not Defined116
Microsoft46
Apache24
Joomla22
Cisco14

Produkt

Microsoft Windows26
Joomla CMS22
Apache HTTP Server18
WordPress12
Apple iCloud10

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.100.00000
2Zyxel ARMOR Z1/ARMOR Z2 CGI Program privilege escalation8.88.8$5k-$25k$0-$5kNot DefinedNot Defined0.000.00053CVE-2021-4029
3Joomla CMS com_actionslogs privilege escalation8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01685CVE-2019-12765
4esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.040.00135CVE-2010-4996
5Microsoft Windows Active Directory Federation Services ls privilege escalation7.97.9$25k-$100k$25k-$100kNot DefinedNot Defined0.020.00481CVE-2018-16794
6CKFinder File Name privilege escalation7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.070.00155CVE-2019-15862
7Joomla CMS Cache information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00326CVE-2017-9933
8Joomla CMS CSRF Token cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00571CVE-2017-9934
9Jetty URI privilege escalation5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.47555CVE-2021-34429
10Microsoft Windows SNMP GET Remote Code Execution7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.45448CVE-1999-0517
11GitLab Community Edition/Enterprise Edition Password Reset privilege escalation8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.80716CVE-2023-7028
12Kyocera MFP Net View information disclosure6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01011CVE-2022-1026
13WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00467CVE-2022-21664
14SAP Knowledge Warehouse KW cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00418CVE-2021-42063
15portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.030.97445CVE-2012-5958
16Dropbear SSH privilege escalation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02911CVE-2016-7406
17Joomla CMS mod_latestactions cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00103CVE-2020-24599
18Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00668CVE-2022-27228
19Communigate Pro Pronto! Mail Composer Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00165CVE-2018-18621
20phpPgAds adclick.php nieznana luka5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.830.00317CVE-2005-3791

Kampanie (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
146.249.32.109reverse.hostingbb.comGafgytDDoS Ukraine2022-02-25verifiedWysoki
2172.245.6.134172-245-6-134-host.colocrossing.comGafgyt2022-02-25verifiedWysoki
3XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxx2021-08-29verifiedWysoki
4XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxx2021-08-29verifiedWysoki
5XXX.XXX.XXX.XXXXxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2021-08-30verifiedWysoki
6XXX.XXX.XXX.Xxxxxxxxxxxxxxxx.xxxxXxxxxx2022-02-25verifiedWysoki
7XXX.XXX.XX.XXXxxxxxXxxx Xxxxxxx2022-02-25verifiedWysoki
8XXX.XXX.XXX.XXXxxxxxXxxx Xxxxxxx2022-02-25verifiedWysoki

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CWE-94Argument InjectionpredictiveWysoki
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
5T1068CWE-264, CWE-266, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveWysoki
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
8TXXXXCWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveWysoki
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
10TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveWysoki
11TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveWysoki
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
15TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveWysoki
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveWysoki
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
20TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (129)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/adfs/lspredictiveMedium
2File/admin/sysmon.phppredictiveWysoki
3File/api/content/posts/commentspredictiveWysoki
4File/cimompredictiveNiski
5File/debug/pprofpredictiveMedium
6File/forum/away.phppredictiveWysoki
7File/Home/GetAttachmentpredictiveWysoki
8File/LogoStore/search.phppredictiveWysoki
9File/MIME/INBOX-MM-1/predictiveWysoki
10File/modules/projects/vw_files.phppredictiveWysoki
11File/sm/api/v1/firewall/zone/servicespredictiveWysoki
12File/usr/bin/pkexecpredictiveWysoki
13File/var/run/zabbixpredictiveWysoki
14Fileadclick.phppredictiveMedium
15Filexxxxx/xxxxxx.xxxpredictiveWysoki
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveWysoki
18Filexxxx-xxxx.xpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictiveWysoki
21Filexxxxxxxxxxxxxxx.xxxpredictiveWysoki
22Filexxx-xxx/xxxxxxx.xxpredictiveWysoki
23Filexxx-xxx/xxxx_xxx.xxxpredictiveWysoki
24Filexxxxxx.xpredictiveMedium
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
26Filexxxx/xxxxpredictiveMedium
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx_xxx.xpredictiveMedium
29Filexxxxxxxxxxxxxx.xxpredictiveWysoki
30Filexxxxxxxx.xxxxpredictiveWysoki
31Filexxxxxxxxxx.xxxxpredictiveWysoki
32Filexx/xxxxxxx/xxx.xpredictiveWysoki
33Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveWysoki
34Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveWysoki
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxx_xxxxxxx.xxxxpredictiveWysoki
38Filexxxxxx.xpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxx_x.xx.xpredictiveWysoki
41Filexxxxxx.xxpredictiveMedium
42Filexxxxxxxxxxxx/xxx.xpredictiveWysoki
43Filexxx_xxxxxxxxx.xpredictiveWysoki
44Filexxxxxxx.xxxpredictiveMedium
45Filexxx_xxxx.xxxpredictiveMedium
46Filexxx_xxxxx_xxxx.xpredictiveWysoki
47Filexxxxxxxxxxxxxx.xxxxxpredictiveWysoki
48Filexxx_xxxx.xxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxx/xxxxpredictiveMedium
51Filexxx/xxxxx.xxxxpredictiveWysoki
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
54Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveWysoki
55Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveWysoki
58Filexxx_xxxxx_xxxxxxxxx.xpredictiveWysoki
59Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveWysoki
60Filexxxxx.xxxpredictiveMedium
61Filexxx/xxxx.xxpredictiveMedium
62Filexxxxxxxxxxxxxxx.xxxpredictiveWysoki
63Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveWysoki
64Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveWysoki
65Filexxxx.xxxpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxx.xxxpredictiveNiski
68Filexxx xxxx xxxxxxxpredictiveWysoki
69Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveWysoki
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveWysoki
71Filexx-xxxxxxxx/xxxx.xxxpredictiveWysoki
72Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveWysoki
73Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveWysoki
74Libraryxxxx.xxxpredictiveMedium
75Argument-xpredictiveNiski
76ArgumentxxxxxxpredictiveNiski
77ArgumentxxxxxxxxxxxxxxpredictiveWysoki
78ArgumentxxxxxxxpredictiveNiski
79ArgumentxxxxxxpredictiveNiski
80Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveWysoki
81ArgumentxxxxxxxpredictiveNiski
82Argumentxxxxxx/xxxxxxxpredictiveWysoki
83Argumentxxxxxxxx[xxxx_xxx]predictiveWysoki
84ArgumentxxxxxxpredictiveNiski
85ArgumentxxxxxxpredictiveNiski
86Argumentxxxxxxx[xx_xxx_xxxx]predictiveWysoki
87ArgumentxxxxpredictiveNiski
88Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveWysoki
89ArgumentxxpredictiveNiski
90ArgumentxxxxxxxxxxxpredictiveMedium
91Argumentxxxxxxx_xxxxpredictiveMedium
92ArgumentxxxxpredictiveNiski
93ArgumentxxxxxpredictiveNiski
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxxxxxxxpredictiveMedium
96Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveWysoki
97ArgumentxxxxxxxxxxxxxxxxpredictiveWysoki
98ArgumentxxxxxxxpredictiveNiski
99ArgumentxxxxxxxxpredictiveMedium
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102Argumentxxxx_xxpredictiveNiski
103ArgumentxxpredictiveNiski
104ArgumentxxxxxpredictiveNiski
105Argumentxxxxx/xxxxxxxxpredictiveWysoki
106ArgumentxxxxxpredictiveNiski
107ArgumentxxxxxxpredictiveNiski
108Argumentxxxxxx_xxxxxxpredictiveWysoki
109Argumentxxxxxx_xxxxxxpredictiveWysoki
110Argumentxxxxx_xxxxxx_xxxxxxxxpredictiveWysoki
111ArgumentxxxpredictiveNiski
112Argumentxx_xxx_xxxxxpredictiveMedium
113ArgumentxxxxxxxxxxxpredictiveMedium
114ArgumentxxxpredictiveNiski
115Argumentxxxxxxxx/xxxxpredictiveWysoki
116ArgumentxxxxxpredictiveNiski
117Input Value../predictiveNiski
118Input Valuex!x@x#x$x%xpredictiveMedium
119Input Valuexxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=predictiveWysoki
120Input Value\xpredictiveNiski
121Patternxxxxxxx-xxxx|xx|predictiveWysoki
122Pattern|xx|xx|xx|predictiveMedium
123Pattern|xx xx xx xx|predictiveWysoki
124Network Portxxxx/xxxxpredictiveMedium
125Network Portxxx/xx (xxxx)predictiveWysoki
126Network Portxxx/xxpredictiveNiski
127Network Portxxx/xxxpredictiveNiski
128Network Portxxx/xxxxpredictiveMedium
129Network Portxxx/xxxxpredictiveMedium

Referencje (5)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Might our Artificial Intelligence support you?

Check our Alexa App!