Gustuff Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Idioma

en	70

País

de	68
me	2

Actores

Gustuff	4
Cobalt Strike	2
Stealc	1

Interesse

Tipo

Not Defined	18
Application Server Software	6
Operating System	4
Programming Language Software	4
Groupware Software	4

Fabricante

Not Defined	14
Microsoft	8
Oracle	6
IBM	6
Apache	4

Produto

Microsoft Windows	4
PHP	4
IBM Lotus Domino	4
Phusion Passenger	2
Dropbear SSH	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	MK-AUTH auth direitos alargados	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.00	CVE-2020-14072
2	Yii ActiveRecord.php findByCondition Injecção SQL	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00119	0.03	CVE-2018-7269
3	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.16	CVE-2017-0055
4	SolarWinds Dameware Mini Remote Client Agent SmartCard Authentication DWRCS.exe direitos alargados	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01347	0.07	CVE-2019-3980
5	JCK Editor links.php Injecção SQL	8.5	8.3	$0-$5k	$0-$5k	High	Not Defined	0.81623	0.03	CVE-2018-17254
6	IBM Lotus Domino domcfg.nsf Divulgação de Informação	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
7	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
8	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.91	CVE-2010-0966
9	Cisco ASA Authentication direitos alargados	6.4	6.3	$5k-$25k	$0-$5k	High	Official Fix	0.97408	0.03	CVE-2018-0296
10	Apple watchOS WebKit direitos alargados	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.00	CVE-2023-38572
11	Phpletter Ajax File/Image Manager direitos alargados	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.96904	0.02	CVE-2011-4825
12	Microsoft Azure Stack Edge direitos alargados	10.0	8.7	$100k e mais	$25k-$100k	Unproven	Official Fix	0.00188	0.04	CVE-2022-37968
13	Apache HTTP Server mod_rewrite Redirect	6.7	6.7	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00258	0.00	CVE-2020-1927
14	MK-AUTH Web Login executar_login.php Fraca autenticação	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00341	0.00	CVE-2020-14070
15	PHP enchant.c enchant_broker_request_dict Excesso de tampão	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.18929	0.00	CVE-2014-9705
16	OpenSSL Certificate Chain Verification Fraca autenticação	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00260	0.03	CVE-2021-3450
17	IBM Aspera Connect DLL direitos alargados	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00299	0.00	CVE-2020-4545
18	GetSimple CMS XML External Entity	5.3	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00575	0.04	CVE-2014-8790
19	Microsoft ASP.NET Core Kestrel Web Application direitos alargados	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02783	0.04	CVE-2018-0787
20	PHP EXIF exif_process_IFD_in_TIFF Excesso de tampão	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02863	0.04	CVE-2019-9641

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	78.46.201.36	static.36.201.46.78.clients.your-server.de	Gustuff	29/03/2022	verified	Alto
2	88.99.170.43	static.43.170.99.88.clients.your-server.de	Gustuff	29/03/2022	verified	Alto
3	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	29/03/2022	verified	Alto
4	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	29/03/2022	verified	Alto
5	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	29/03/2022	verified	Alto
6	XX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxx	29/03/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/auth	predictive	Baixo
2	File	/uncpath/	predictive	Médio
3	File	admin/executar_login.php	predictive	Alto
4	File	xxxxxxx/xxxxxxxxxx.xxx	predictive	Alto
5	File	xxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxxxx.xxx	predictive	Médio
8	File	xxxxx.xxx	predictive	Médio
9	File	xxxxxxx.x	predictive	Médio
10	File	xxxxxxxxx/xx/xxxxxxxxxxxx.xxx	predictive	Alto
11	File	xxx/xxxxxx.xxx	predictive	Alto
12	File	xxxxxxxxx/xxxxxxx/xxxxx.xxx	predictive	Alto
13	File	xxxxxxxxxxxxxxx.xxx	predictive	Alto
14	File	xxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxx	predictive	Alto
15	File	xxxxxx.xxx	predictive	Médio
16	Library	xxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxx	predictive	Alto
17	Argument	-x	predictive	Baixo
18	Argument	xxxxxxxx	predictive	Médio
19	Argument	xxxx	predictive	Baixo
20	Argument	xxxxxx	predictive	Baixo
21	Argument	xxxxxxxx_xxxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!