Goldfin Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Oś czasu

Język

en64
fr2
ru2

Kraj

us34
ru12
se4
ir4
au2

Aktorzy

Patchwork2
Carbanak1
Silence1
Baldr1
Octopus1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined14
Content Management System6
WordPress Plugin6
Web Server4
Cloud Software4

Sprzedawca

Not Defined18
Cisco4
Microsoft4
Web4Future2
Green Packet2

Produkt

Web4Future eCommerce2
Green Packet DX-3502
D-Link DWR-932B2
WordPress2
Cisco Identity Services Engine2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.58CVE-2010-0966
2TYPO3 ImageMagick/GraphicsMagick privilege escalation7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.007750.00CVE-2019-11832
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4Amazon Echo/Echo Dot/Echo Show/Echo Spot Listening Spying weak authentication3.83.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001050.00CVE-2018-11567
5Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.015020.03CVE-2022-23277
6vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.01CVE-2016-6195
7YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
8Oracle MySQL Server InnoDB privilege escalation7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001560.02CVE-2018-3064
9Contact Form 7 Plugin privilege escalation6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.001610.05CVE-2023-6449
10Omnisend Email Marketing for WooCommerce Plugin information disclosure5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-47244
11PixelYourSite Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-2584
12TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000970.00CVE-2023-0618
13TRENDnet TEW-652BRP Web Interface ping.ccp privilege escalation8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.00CVE-2023-0640
14PHP Cookie privilege escalation5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006340.00CVE-2022-31629
151C-Bitrix Bitrix24 AD/LDAP ldap_server_edit.php information disclosure4.64.5$0-$5k$0-$5kNot DefinedNot Defined0.001040.03CVE-2022-43959
16Profile Builder Plugin wppb_front_end_password_recovery weak authentication8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.000730.00CVE-2023-2297
17WordPress Pingback privilege escalation5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
18Abraham Williams TwitterOAuth privilege escalation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000930.00CVE-2011-5243
19Hangzhou Xiongmai XMeye P2P Cloud Server weak authentication6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000800.04CVE-2018-17919
20Microsoft Exchange Server information disclosure5.85.3$5k-$25k$0-$5kUnprovenOfficial Fix0.001440.00CVE-2022-24463

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
15.8.88.64Goldfin2020-12-22verifiedWysoki
2X.XXX.XX.XXXXxxxxxx2020-12-22verifiedWysoki
3XX.XX.XX.XXxxxx.xxxxxxx.xxXxxxxxx2020-12-22verifiedWysoki
4XX.XXX.XXX.XXXXxxxxxx2020-12-22verifiedWysoki
5XXX.XX.XX.XXXxx.xxxxxxx.xxXxxxxxx2020-12-22verifiedWysoki

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
2T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
8TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveWysoki
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
11TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveWysoki
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/bitrix/admin/ldap_server_edit.phppredictiveWysoki
2File/debug/pprofpredictiveMedium
3File/redbin/rpwebutilities.exe/textpredictiveWysoki
4File/rules/REQUEST-932-APPLICATION-ATTACK-RCE.confpredictiveWysoki
5File/xxxxxxx/predictiveMedium
6Filexxx_xx.xxxpredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
8Filexxxxxxx/xxx/x_xxx.xpredictiveWysoki
9Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveWysoki
10Filexxxxxxxxxxxx.xxxpredictiveWysoki
11Filexxx/xxxxxx.xxxpredictiveWysoki
12Filexxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxx.xxxpredictiveWysoki
18Filexxxx.xxpredictiveNiski
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveNiski
21Argumentxxx_xxxx/xxx_xxxxxxxpredictiveWysoki
22ArgumentxxxpredictiveNiski
23ArgumentxxxxxxpredictiveNiski
24ArgumentxxxxxxxpredictiveNiski
25Argumentxxxx_xxpredictiveNiski
26ArgumentxxxpredictiveNiski
27Network Portxxx/xx (xxxxxx)predictiveWysoki
28Network Portxxx/xxxxpredictiveMedium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you need the next level of professionalism?

Upgrade your account now!