Gaza Cybergang Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Язык

en	40
de	6

Страна

us	24
gb	10
ws	8
nl	2
de	2

Акторы

Gaza Cybergang	5
RedLine Stealer	1
Locky	1
Conti	1
pupy	1

Интерес

Тип

Not Defined	14
Operating System	6
Content Management System	4
Firewall Software	2
File Transfer Software	2

Поставщик

Not Defined	10
Microsoft	10
Cisco	6
IBM	2
Lenovo	2

Продукт

Microsoft Windows	6
Cisco ASA	2
vsftpd	2
Cisco Unified Communications Manager	2
Cisco Unified Communications Manager Session Manag ...	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	jforum User эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.05	CVE-2019-7550
2	Samsung Gallery Lockscreen эскалация привилегий	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.00	CVE-2024-20827
3	IBM Watson CP4D Data Stores отказ в обслуживании	6.4	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00056	0.00	CVE-2023-27540
4	IBM Watson Knowledge Catalog on Cloud Pak for Data эскалация привилегий	7.4	7.3	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00045	0.00	CVE-2023-28958
5	IBM Watson Knowledge Catalog on Cloud Pak for Data Request отказ в обслуживании	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2023-28955
6	Joomla Webservice Endpoint эскалация привилегий	5.4	5.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.95214	0.06	CVE-2023-23752
7	Atlassian JIRA Server/Data Center Service Management Addon эскалация привилегий	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00283	0.00	CVE-2021-39128
8	magmi неизвестная уязвимость	8.0	7.6	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.50353	0.02	CVE-2020-5776
9	Microsoft Exchange Server раскрытие информации	5.4	4.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.96172	0.04	CVE-2021-41349
10	Microsoft IIS Unicode обход каталога	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.93793	0.00	CVE-2000-0884
11	Siemens Polarion Web Page Generator Reflected межсайтовый скриптинг	3.5	3.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.04	CVE-2019-13934
12	Cisco Unified Communications Manager SOAP API Endpoint эскалация привилегий	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00238	0.00	CVE-2021-1362
13	Lenovo Integrated Management Module 2 Web Administration повреждение памяти	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00250	0.00	CVE-2017-3774
14	vsftpd Service Port 6200 эскалация привилегий	8.5	8.4	$25k-$100k	$25k-$100k	Not Defined	Workaround	0.84215	0.07	CVE-2011-2523
15	TP-LINK TD-8840t HTTP Request tools_admin_1 неизвестная уязвимость	4.6	4.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.04
16	Revive Adserver Flash Cross-Domain Policy crossdomain.xml эскалация привилегий	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00749	0.05	CVE-2015-7369
17	Oracle E-Business Suite iRecruitment неизвестная уязвимость	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00168	0.00	CVE-2010-2408
18	Octopus Deploy Package эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.03	CVE-2019-19084
19	Cisco IOS XAUTH IKE Authentication слабая аутентификация	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00517	0.00	CVE-2005-1058
20	Microsoft IIS эскалация привилегий	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Workaround	0.00000	0.00

Кампании (1)

These are the campaigns that can be associated with the actor:

Electric Powder

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	45.63.97.44	45.63.97.44.vultr.com	Gaza Cybergang		22.12.2020	verified	Средний
2	82.211.30.186		Gaza Cybergang	Electric Powder	23.12.2020	verified	Высокий
3	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23.12.2020	verified	Высокий
4	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23.12.2020	verified	Высокий
5	XX.XXX.X.XX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23.12.2020	verified	Высокий
6	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23.12.2020	verified	Высокий
7	XX.XXX.XX.XXX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23.12.2020	verified	Высокий
8	XX.XXX.XX.XX		Xxxx Xxxxxxxxx	Xxxxxxxx Xxxxxx	23.12.2020	verified	Высокий
9	XXX.XXX.XX.XXX		Xxxx Xxxxxxxxx		22.12.2020	verified	Высокий
10	XXX.XXX.X.XXX	xxxxxxxxxx.xxx	Xxxx Xxxxxxxxx		22.12.2020	verified	Высокий

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Высокий
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Высокий
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Высокий
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
10	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/index.php/newsletter/subscriber/new/	predictive	Высокий
2	File	api_poller.php	predictive	Высокий
3	File	crossdomain.xml	predictive	Высокий
4	File	xxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxx	predictive	Высокий
5	File	xxxxx/xxxxx_xxxxx_x	predictive	Высокий
6	File	xxxxxxx/xxxx_xxxxxxxxxx.xxx	predictive	Высокий
7	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Высокий
8	File	xxxxx.xxx	predictive	Средний
9	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Высокий
10	Library	x:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxx	predictive	Высокий
11	Library	xxxxxx.xxx	predictive	Средний
12	Argument	xxx	predictive	Низкий
13	Argument	xxxxxxxx.xxxx	predictive	Высокий
14	Argument	xxx	predictive	Низкий
15	Argument	xxxx->xxxxxxx	predictive	Высокий
16	Input Value	xx-xxxx://	predictive	Средний
17	Network Port	xxx/xxxx	predictive	Средний

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!