Gootloader Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (138)

Язык

en	136
pl	2

Страна

us	22
ru	6
es	4
bg	4
gb	2

Акторы

Gootloader	5
Cobalt Strike	4
RecordBreaker	3
Raccoon	3
RedLine Stealer	2

Интерес

Тип

Not Defined	64
Operating System	12
WordPress Plugin	8
SCADA Software	4
Content Management System	4

Поставщик

Not Defined	48
Microsoft	10
Apple	10
Adobe	6
Google	6

Продукт

Apple macOS	6
Adobe After Effects	4
Google Android	4
Microsoft Windows	4
cPanel	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	AXIS 2110 Network Camera getparam.cgi отказ в обслуживании	9.8	9.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.03461	CVE-2004-2427
2	onnx ONNX_ASSERTM раскрытие информации	4.9	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2024-27319
3	Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV повреждение памяти	5.3	5.1	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.02	0.00043	CVE-2024-0023
4	7-card Fakabao alipay_notify.php sql-инъекция	5.5	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00064	CVE-2023-7183
5	Scott Paterson Easy PayPal Shopping Cart Plugin межсайтовый скриптинг	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00045	CVE-2023-47239
6	AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin неизвестная уязвимость	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00058	CVE-2023-47757
7	Guillemant David WP Full Auto Tags Manager Plugin неизвестная уязвимость	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00058	CVE-2023-34024
8	WPML Multilingual CMS Premium Plugin неизвестная уязвимость	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.00063	CVE-2022-45071
9	Os Commerce межсайтовый скриптинг	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2023-43718
10	Dolibarr межсайтовый скриптинг	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00046	CVE-2023-5323
11	WordPress Password Reset wp-login.php mail эскалация привилегий	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.30	0.02827	CVE-2017-8295
12	NextGen GalleryView Plugin межсайтовый скриптинг	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00046	CVE-2023-35098
13	HPE iLO 5 Local Privilege Escalation	7.3	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01	0.00042	CVE-2022-28634
14	HPE iLO 5 Remote Code Execution	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.08	0.00058	CVE-2022-28633
15	BTCPay Server POS Add Products межсайтовый скриптинг	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00054	CVE-2021-29250
16	Stripe API v1 Access Restriction tokens слабая аутентификация	7.4	7.4	$0-$5k	Расчет	Not Defined	Not Defined	0.04	0.00260	CVE-2018-19249
17	ffjpeg JPEG Image jfif.c jfif_decode повреждение памяти	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00073	CVE-2020-23852
18	ffjpeg jfif.c отказ в обслуживании	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00072	CVE-2022-35433
19	Cisco Catalyst 2960-L/Catalyst CDB-8P 802.1x эскалация привилегий	5.9	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00058	CVE-2020-3231
20	pfSense pkg.php echo Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00093	CVE-2022-23993

Кампании (1)

These are the campaigns that can be associated with the actor:

Cobalt Strike

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	5.8.18.7		Gootloader		14.09.2023	verified	Высокий
2	35.206.117.64	64.117.206.35.bc.googleusercontent.com	Gootloader		09.05.2022	verified	Средний
3	XX.XXX.XXX.XXX	xxxx.x-xxxxxxxx.xx	Xxxxxxxxxx	Xxxxxx Xxxxxx	09.11.2023	verified	Высокий
4	XX.XXX.XXX.XX		Xxxxxxxxxx	Xxxxxx Xxxxxx	09.11.2023	verified	Высокий
5	XX.XXX.XXX.XXX		Xxxxxxxxxx	Xxxxxx Xxxxxx	09.11.2023	verified	Высокий
6	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	Xxxxxx Xxxxxx	09.11.2023	verified	Высокий
7	XXX.XXX.XXX.XX		Xxxxxxxxxx		04.01.2022	verified	Высокий
8	XXX.XX.XX.XX		Xxxxxxxxxx	Xxxxxx Xxxxxx	09.11.2023	verified	Высокий

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Высокий
2	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	Высокий
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
4	T1059	CWE-94	Argument Injection	predictive	Высокий
5	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
12	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Высокий
14	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
15	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Высокий
16	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
17	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
18	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/etc/postfix/sender_login	predictive	Высокий
2	File	/forms/web_importTFTP	predictive	Высокий
3	File	/goform/openSchedWifi	predictive	Высокий
4	File	/src/jfif.c	predictive	Средний
5	File	/usr/local/www/pkg.php	predictive	Высокий
6	File	/v1/tokens	predictive	Средний
7	File	admin.php	predictive	Средний
8	File	xxxxx/xxxxxxxx.xxx	predictive	Высокий
9	File	xxxxx/xxxxx.xxx	predictive	Высокий
10	File	xxxx	predictive	Низкий
11	File	xxx/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
12	File	xxxx/xxxxxx.x	predictive	Высокий
13	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
14	File	xxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
15	File	xxxxxxxxx.xxx	predictive	Высокий
16	File	xxxxxxx/xxx/xxxxxxxxxx/xxxxx.x	predictive	Высокий
17	File	xxxxxxx/xxx/xxxx/xxxxxx.x	predictive	Высокий
18	File	xxxxxxx.xxx	predictive	Средний
19	File	xxxxxx/xxx/xxxx.x	predictive	Высокий
20	File	xxx/xxxx_xxxx.x	predictive	Высокий
21	File	xxx/xxxxxxxxxx.x	predictive	Высокий
22	File	xxxx/xxxxxx.x	predictive	Высокий
23	File	xxxxx.xxx	predictive	Средний
24	File	xxxxxxx	predictive	Низкий
25	File	xxxxxxxx.xxx	predictive	Средний
26	File	xxxxxxxxxxxx.xxx	predictive	Высокий
27	File	xxxxx/xxxxxxxx.xxx.xxx	predictive	Высокий
28	File	xxxxxxxxxx.x	predictive	Средний
29	File	xxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxx	predictive	Высокий
30	File	xxxxxxx.xxxx	predictive	Средний
31	File	xxxxxxx.xx	predictive	Средний
32	File	xxxx/xxxxxx_xxxxxx.xxx	predictive	Высокий
33	File	xxxxxxxxxxxx.xxx	predictive	Высокий
34	File	xxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxx	predictive	Высокий
35	File	xx-xxxxx.xxx	predictive	Средний
36	Library	/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.x	predictive	Высокий
37	Argument	$_xxxxxxx['xxx_xxxxxx']	predictive	Высокий
38	Argument	xxxxxx	predictive	Низкий
39	Argument	xxx	predictive	Низкий
40	Argument	xxxxxxxxxx	predictive	Средний
41	Argument	xxxxxxxx	predictive	Средний
42	Argument	xxxxxxxx	predictive	Средний
43	Argument	xxxx	predictive	Низкий
44	Argument	xx	predictive	Низкий
45	Argument	xxx[xxxx_xx]	predictive	Средний
46	Argument	xxxxxx	predictive	Низкий
47	Argument	xxxxxxx_xxxxxx_xxxxx[x]	predictive	Высокий
48	Argument	xxxxxx	predictive	Низкий
49	Argument	xxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]	predictive	Высокий
50	Argument	xxx_xxxxx_xx	predictive	Средний
51	Argument	xxxxxx	predictive	Низкий
52	Argument	xxxxxxxxxxxxxx/xxxxxxxxxxxx	predictive	Высокий
53	Argument	xxxxxxxx	predictive	Средний
54	Argument	xxxxxxx	predictive	Низкий
55	Argument	xxxxx	predictive	Низкий
56	Input Value	/../	predictive	Низкий
57	Input Value	xxxxxxxxxx	predictive	Средний
58	Input Value	x+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)	predictive	Высокий
59	Input Value	\xxx../../../../xxx/xxxxxx	predictive	Высокий
60	Input Value	\xxx\xxx	predictive	Средний
61	Network Port	xxx/xxxx	predictive	Средний

Ссылки (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you need the next level of professionalism?

Upgrade your account now!