GIMF Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (242)

Временная шкала

Язык

en182
zh50
ru6
de2
fr2

Страна

la224
gb8
cn6
us4

Акторы

Cobalt Strike11
Ave Maria8
AsyncRAT6
RedLine Stealer6
Lazarus4

Деятельность

Интерес

Временная шкала

Тип

Not Defined88
Content Management System24
WordPress Plugin14
Operating System8
Programming Language Software8

Поставщик

Not Defined106
Microsoft16
Cisco6
Revive6
Adobe4

Продукт

WordPress10
Microsoft Windows8
Moodle6
Revive Adserver6
Microsoft Exchange Server4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1TikiWiki tiki-register.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010092.55CVE-2006-6168
2Tiki Admin Password tiki-login.php слабая аутентификация8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.96CVE-2020-15906
3Drupal Sanitization API межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
4LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.41
5LiteSpeed Cache Plugin Shortcode межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
6WebTitan Appliance Extensions Persistent межсайтовый скриптинг3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
7ipTIME NAS-I Bulletin Manage эскалация привилегий7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.03CVE-2020-7847
8request-baskets API Request {name} эскалация привилегий6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.00CVE-2023-27163
9DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
10PHP phpinfo межсайтовый скриптинг4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
11nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.48CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.371130.00CVE-2021-34480
13NotificationX Plugin SQL Statement sql-инъекция5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
14DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd эскалация привилегий4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001830.04CVE-2022-41479
15Basilix Webmail login.php3 эскалация привилегий7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
16JoomlaTune Com Jcomments admin.jcomments.php межсайтовый скриптинг4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
17Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001690.00CVE-2023-21735
18Alt-N MDaemon Worldclient эскалация привилегий4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
19CouchCMS mysql2i.func.php Path раскрытие информации3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
20Esri ArcGIS Server sql-инъекция8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-29114

Кампании (1)

These are the campaigns that can be associated with the actor:

  • Cyber Jihad

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1111.90.148.5server1.kamon.laGIMFCyber Jihad16.06.2021verifiedВысокий
2XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxXxxxx Xxxxx16.06.2021verifiedВысокий
3XXX.XXX.XXX.XXXXxxxXxxxx Xxxxx16.06.2021verifiedВысокий
4XXX.XXX.XXX.XXxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx16.06.2021verifiedВысокий
5XXX.XXX.XXX.XXXxxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx16.06.2021verifiedВысокий

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveВысокий
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveВысокий
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveВысокий
9TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveВысокий
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
17TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveВысокий
18TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
19TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveВысокий
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (129)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/dl_sendmail.phppredictiveВысокий
2File/adminPage/conf/reloadpredictiveВысокий
3File/api/baskets/{name}predictiveВысокий
4File/api/v2/cli/commandspredictiveВысокий
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveВысокий
6File/DXR.axdpredictiveСредний
7File/forum/away.phppredictiveВысокий
8File/mfsNotice/pagepredictiveВысокий
9File/novel/bookSetting/listpredictiveВысокий
10File/novel/userFeedback/listpredictiveВысокий
11File/owa/auth/logon.aspxpredictiveВысокий
12File/spip.phppredictiveСредний
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveВысокий
14File/zm/index.phppredictiveВысокий
15Fileadclick.phppredictiveСредний
16Filexxxxx.xxxxxxxxx.xxxpredictiveВысокий
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
18Filexxxx/xxxxxxxxxxxx.xxxpredictiveВысокий
19Filexxxx.xxxpredictiveСредний
20Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveВысокий
21Filexxxx_xxxxxxx.xxxpredictiveВысокий
22Filexxx-xxx/xxxxxx.xxxpredictiveВысокий
23Filexxxxx.xxxpredictiveСредний
24Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveВысокий
25Filexxxxx-xxxxxxx.xxxpredictiveВысокий
26Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveВысокий
27Filexxxxxxxxxx\xxxx.xxxpredictiveВысокий
28Filexxxxxxxxxxx.xxxpredictiveВысокий
29Filexxxx-xxxxxx.xxxpredictiveВысокий
30Filexxxxxxxxxxx.xxxxx.xxxpredictiveВысокий
31Filexxxx.xxxpredictiveСредний
32Filexxxxx_xxxx.xxxpredictiveВысокий
33Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveВысокий
34Filexxx/xxxxxx.xxxpredictiveВысокий
35Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveВысокий
36Filexxxxx.xxxxpredictiveСредний
37Filexxxxx.xxxpredictiveСредний
38Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveВысокий
39Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveВысокий
40Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveВысокий
41Filexxxx_xxxxxxx.xxxpredictiveВысокий
42Filexxxxx.xxxxpredictiveСредний
43Filexxxxx.xxxpredictiveСредний
44Filexxxx.xxxxpredictiveСредний
45Filexx_xxxx.xpredictiveСредний
46Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveВысокий
47Filexxxxxxx_xxxx.xxxpredictiveВысокий
48Filexxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
49Filexxxxxxx.xxxpredictiveСредний
50Filexxxxxxxxxxxxx.xxxpredictiveВысокий
51Filexxxxxxxxxxxx.xxxpredictiveВысокий
52Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveВысокий
53Filexxxx_xxxx_xxxxxx.xxxpredictiveВысокий
54Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveВысокий
55Filexxxx_xxxxx.xxxxpredictiveВысокий
56Filexxxxxxxxxx_xxxx.xxxpredictiveВысокий
57Filexxx/xxxx/xxxxpredictiveВысокий
58Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveВысокий
59Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveВысокий
60Filexxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
61Filexxxx_xxxxxx.xxpredictiveВысокий
62Filexxxx-xxxxx.xxxpredictiveВысокий
63Filexxxx-xxxxxxxx.xxxpredictiveВысокий
64Filexxxxxx_xxxxx.xxxpredictiveВысокий
65Filexxxxxx.xxxpredictiveСредний
66Filexxxxxxx-xxxxx.xxxpredictiveВысокий
67Filexxxx_xxxxx.xxxpredictiveВысокий
68Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveВысокий
69Filexxxx.xxxpredictiveСредний
70Filexx-xxxxx-xxxxxx.xxxpredictiveВысокий
71Filexx-xxxxxxxx/xxxx.xxxpredictiveВысокий
72Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveВысокий
73Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
74Filexxxx.xxxpredictiveСредний
75File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveВысокий
76File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveВысокий
77Libraryxxxxxx.xxxpredictiveСредний
78Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveВысокий
79Argumentxxx_xxxpredictiveНизкий
80ArgumentxxxxpredictiveНизкий
81ArgumentxxxxxxxxxpredictiveСредний
82ArgumentxxxxxxxxpredictiveСредний
83Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveВысокий
84Argumentxxxxx_xxxxpredictiveСредний
85Argumentxxxx_xxx_xxxxpredictiveВысокий
86ArgumentxxxxxxxxxxpredictiveСредний
87Argumentxxx_xxpredictiveНизкий
88ArgumentxxxpredictiveНизкий
89ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
90ArgumentxxxxpredictiveНизкий
91Argumentxxxxxxxxx_xxxxxxpredictiveВысокий
92ArgumentxxxxxxxxxpredictiveСредний
93Argumentxx_xxxxxxxpredictiveСредний
94ArgumentxxxxpredictiveНизкий
95ArgumentxxxxxxxxpredictiveСредний
96ArgumentxxxxxpredictiveНизкий
97Argumentxxxxxx_xxxxxpredictiveСредний
98Argumentxx_xxpredictiveНизкий
99Argumentxxxxxxx[xxxxxxx]predictiveВысокий
100ArgumentxxxxxxxpredictiveНизкий
101ArgumentxxxxxxpredictiveНизкий
102ArgumentxxxxxpredictiveНизкий
103ArgumentxxpredictiveНизкий
104ArgumentxxxpredictiveНизкий
105ArgumentxxxxpredictiveНизкий
106ArgumentxxxxpredictiveНизкий
107Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveВысокий
108ArgumentxxxxxxxxpredictiveСредний
109Argumentxx_xxpredictiveНизкий
110Argumentxxxxxx/xxxxx/xxxxpredictiveВысокий
111ArgumentxxxxxxxpredictiveНизкий
112ArgumentxxxxpredictiveНизкий
113Argumentxxxxxx_xxxxxxpredictiveВысокий
114Argumentxxxxxxxx_xxpredictiveСредний
115Argumentxxxxxx_xxxxxpredictiveСредний
116Argumentxxxx_xxxxpredictiveСредний
117ArgumentxxxxpredictiveНизкий
118ArgumentxxxxxxpredictiveНизкий
119ArgumentxxxxxxxpredictiveНизкий
120ArgumentxxxpredictiveНизкий
121ArgumentxxxxxpredictiveНизкий
122ArgumentxxxpredictiveНизкий
123ArgumentxxxxxxxxpredictiveСредний
124Argument_xxx_xxxxxxxxxxx_predictiveВысокий
125Input Valuexxxxxxxxx' xxx 'x'='xpredictiveВысокий
126Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveВысокий
127Pattern|xx xx xx xx|predictiveВысокий
128Network PortxxxxxpredictiveНизкий
129Network Portxxx/xxxxxpredictiveСредний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!