Gafgyt Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (494)

Curso de tempo

Idioma

en418
ru66
it4
pl2
es2

País

us238
sc188
li14
ru10
ca8

Actores

Mirai6
Bashlite4
Nanocore RAT3
Cobalt Strike3
Gafgyt2

Actividades

Interesse

Curso de tempo

Tipo

Not Defined134
Content Management System56
Web Server30
Operating System20
Firewall Software18

Fabricante

Not Defined142
Microsoft32
Apache26
Joomla18
Cisco14

Produto

Apache HTTP Server22
Joomla CMS18
WordPress16
Microsoft Windows14
Cisco ASA8

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.18
2Zyxel ARMOR Z1/ARMOR Z2 CGI Program direitos alargados8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000530.00CVE-2021-4029
3spring-boot-actuator-logview LogViewEndpoint.view Directório Traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000490.05CVE-2023-29986
4Apache HTTP Server direitos alargados5.35.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000450.04CVE-2023-38709
5Joomla CMS com_actionslogs direitos alargados8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.016850.00CVE-2019-12765
6esoftpro Online Guestbook Pro ogp_show.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2010-4996
7Microsoft Windows Active Directory Federation Services ls direitos alargados7.97.9$25k-$100k$25k-$100kNot DefinedNot Defined0.005190.02CVE-2018-16794
8CKFinder File Name direitos alargados7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
9Joomla CMS Cache Divulgação de Informação6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.03CVE-2017-9933
10Joomla CMS CSRF Token Roteiro Cruzado de Sítios5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.005710.00CVE-2017-9934
11Jetty URI direitos alargados5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.475550.00CVE-2021-34429
12Microsoft Windows SNMP GET Remote Code Execution7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.454480.03CVE-1999-0517
13GitLab Community Edition/Enterprise Edition Password Reset direitos alargados8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.807160.04CVE-2023-7028
14Kyocera MFP Net View Divulgação de Informação6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.010110.09CVE-2022-1026
15WordPress Injecção SQL6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.04CVE-2022-21664
16SAP Knowledge Warehouse KW Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004250.03CVE-2021-42063
17portable SDK for UPnP unique_service_name Excesso de tampão10.09.5$0-$5k$0-$5kHighOfficial Fix0.974450.00CVE-2012-5958
18Dropbear SSH direitos alargados8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.029110.04CVE-2016-7406
19Joomla CMS mod_latestactions Roteiro Cruzado de Sítios5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2020-24599
20Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.09CVE-2022-27228

Campanhas (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
146.249.32.109reverse.hostingbb.comGafgytDDoS Ukraine25/02/2022verifiedAlto
2172.245.6.134172-245-6-134-host.colocrossing.comGafgyt25/02/2022verifiedAlto
3XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxx29/08/2021verifiedAlto
4XXX.XX.XX.XXXxxx.xx.xx.xxx.xx.xxx.xxXxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxx29/08/2021verifiedAlto
5XXX.XXX.XXX.XXXXxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxxx / Xxx-xxxx-xxxxx30/08/2021verifiedAlto
6XXX.XXX.XXX.Xxxxxxxxxxxxxxxx.xxxxXxxxxx25/02/2022verifiedAlto
7XXX.XXX.XX.XXXxxxxxXxxx Xxxxxxx25/02/2022verifiedAlto
8XXX.XXX.XXX.XXXxxxxxXxxx Xxxxxxx25/02/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5T1068CAPEC-122CWE-264, CWE-266, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-0CWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveAlto
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-55CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
17TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
19TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
20TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (129)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/adfs/lspredictiveMédio
2File/admin/sysmon.phppredictiveAlto
3File/api/content/posts/commentspredictiveAlto
4File/cimompredictiveBaixo
5File/debug/pprofpredictiveMédio
6File/forum/away.phppredictiveAlto
7File/Home/GetAttachmentpredictiveAlto
8File/LogoStore/search.phppredictiveAlto
9File/MIME/INBOX-MM-1/predictiveAlto
10File/modules/projects/vw_files.phppredictiveAlto
11File/sm/api/v1/firewall/zone/servicespredictiveAlto
12File/usr/bin/pkexecpredictiveAlto
13File/var/run/zabbixpredictiveAlto
14Fileadclick.phppredictiveMédio
15Filexxxxx/xxxxxx.xxxpredictiveAlto
16Filexxxxxxx.xxxpredictiveMédio
17Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
18Filexxxx-xxxx.xpredictiveMédio
19Filexxxxxx.xxxpredictiveMédio
20Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictiveAlto
21Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
22Filexxx-xxx/xxxxxxx.xxpredictiveAlto
23Filexxx-xxx/xxxx_xxx.xxxpredictiveAlto
24Filexxxxxx.xpredictiveMédio
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
26Filexxxx/xxxxpredictiveMédio
27Filexxxxxx.xxxpredictiveMédio
28Filexxxxxx_xxx.xpredictiveMédio
29Filexxxxxxxxxxxxxx.xxpredictiveAlto
30Filexxxxxxxx.xxxxpredictiveAlto
31Filexxxxxxxxxx.xxxxpredictiveAlto
32Filexx/xxxxxxx/xxx.xpredictiveAlto
33Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictiveAlto
34Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveAlto
35Filexxxxx.xxxpredictiveMédio
36Filexxxxxxx.xxxpredictiveMédio
37Filexxxx_xxxxxxx.xxxxpredictiveAlto
38Filexxxxxx.xpredictiveMédio
39Filexxxxxxxx.xxxpredictiveMédio
40Filexxxxxx_x.xx.xpredictiveAlto
41Filexxxxxx.xxpredictiveMédio
42Filexxxxxxxxxxxx/xxx.xpredictiveAlto
43Filexxx_xxxxxxxxx.xpredictiveAlto
44Filexxxxxxx.xxxpredictiveMédio
45Filexxx_xxxx.xxxpredictiveMédio
46Filexxx_xxxxx_xxxx.xpredictiveAlto
47Filexxxxxxxxxxxxxx.xxxxxpredictiveAlto
48Filexxx_xxxx.xxxpredictiveMédio
49Filexxxxxxx.xxxpredictiveMédio
50Filexxxxxxx/xxxxpredictiveMédio
51Filexxx/xxxxx.xxxxpredictiveAlto
52Filexxxxxxx.xxxpredictiveMédio
53Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
54Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveAlto
55Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
56Filexxxxxxxx.xxxpredictiveMédio
57Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictiveAlto
58Filexxx_xxxxx_xxxxxxxxx.xpredictiveAlto
59Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveAlto
60Filexxxxx.xxxpredictiveMédio
61Filexxx/xxxx.xxpredictiveMédio
62Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
63Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictiveAlto
64Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictiveAlto
65Filexxxx.xxxpredictiveMédio
66Filexxxxx.xxxpredictiveMédio
67Filexxx.xxxpredictiveBaixo
68Filexxx xxxx xxxxxxxpredictiveAlto
69Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
71Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
72Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveAlto
73Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictiveAlto
74Libraryxxxx.xxxpredictiveMédio
75Argument-xpredictiveBaixo
76ArgumentxxxxxxpredictiveBaixo
77ArgumentxxxxxxxxxxxxxxpredictiveAlto
78ArgumentxxxxxxxpredictiveBaixo
79ArgumentxxxxxxpredictiveBaixo
80Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictiveAlto
81ArgumentxxxxxxxpredictiveBaixo
82Argumentxxxxxx/xxxxxxxpredictiveAlto
83Argumentxxxxxxxx[xxxx_xxx]predictiveAlto
84ArgumentxxxxxxpredictiveBaixo
85ArgumentxxxxxxpredictiveBaixo
86Argumentxxxxxxx[xx_xxx_xxxx]predictiveAlto
87ArgumentxxxxpredictiveBaixo
88Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictiveAlto
89ArgumentxxpredictiveBaixo
90ArgumentxxxxxxxxxxxpredictiveMédio
91Argumentxxxxxxx_xxxxpredictiveMédio
92ArgumentxxxxpredictiveBaixo
93ArgumentxxxxxpredictiveBaixo
94ArgumentxxxxxxxxpredictiveMédio
95ArgumentxxxxxxxxxxpredictiveMédio
96Argumentxxxx_xxx_xxxxxxxx_xxxpredictiveAlto
97ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
98ArgumentxxxxxxxpredictiveBaixo
99ArgumentxxxxxxxxpredictiveMédio
100ArgumentxxxxxxxxpredictiveMédio
101ArgumentxxxxxxxxpredictiveMédio
102Argumentxxxx_xxpredictiveBaixo
103ArgumentxxpredictiveBaixo
104ArgumentxxxxxpredictiveBaixo
105Argumentxxxxx/xxxxxxxxpredictiveAlto
106ArgumentxxxxxpredictiveBaixo
107ArgumentxxxxxxpredictiveBaixo
108Argumentxxxxxx_xxxxxxpredictiveAlto
109Argumentxxxxxx_xxxxxxpredictiveAlto
110Argumentxxxxx_xxxxxx_xxxxxxxxpredictiveAlto
111ArgumentxxxpredictiveBaixo
112Argumentxx_xxx_xxxxxpredictiveMédio
113ArgumentxxxxxxxxxxxpredictiveMédio
114ArgumentxxxpredictiveBaixo
115Argumentxxxxxxxx/xxxxpredictiveAlto
116ArgumentxxxxxpredictiveBaixo
117Input Value../predictiveBaixo
118Input Valuex!x@x#x$x%xpredictiveMédio
119Input Valuexxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=predictiveAlto
120Input Value\xpredictiveBaixo
121Patternxxxxxxx-xxxx|xx|predictiveAlto
122Pattern|xx|xx|xx|predictiveMédio
123Pattern|xx xx xx xx|predictiveAlto
124Network Portxxxx/xxxxpredictiveMédio
125Network Portxxx/xx (xxxx)predictiveAlto
126Network Portxxx/xxpredictiveBaixo
127Network Portxxx/xxxpredictiveBaixo
128Network Portxxx/xxxxpredictiveMédio
129Network Portxxx/xxxxpredictiveMédio

Referências (5)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!