Curious Gorge Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (133)

Tidslinje

Lang

en78
zh54
fr2

Land

cn100
us24
ru4
ca4
pl2

Skådespelare

Curious Gorge5
Cobalt Strike2
BadBazaar2
pupy1
Sliver1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined40
Operating System12
Firewall Software8
Content Management System8
Cloud Software4

Säljare

Not Defined36
Microsoft10
SourceCodester6
Fortinet4
Apache4

Produkt

Microsoft Windows8
PHPMailer4
Apache Tomcat4
Cisco RV3404
SourceCodester Lost and Found Information System2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Ignite Realtime Openfire Administration Console svag autentisering7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.973670.00CVE-2023-32315
2Apple Mac OS X TCP Timestamp informationsgivning5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.00CVE-2003-0882
3Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2020-11583
4OpenVPN Access Server Web Portal svag kryptering5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.04CVE-2022-33738
5Essential Addons for Elementor Plugin privilegier eskalering8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.038930.02CVE-2023-32243
6Matomo safemode.twig Path informationsgivning4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2019-12215
7Foxit Reader absPageSpan privilegier eskalering7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.013610.00CVE-2018-9938
8Foxit Reader addField minneskorruption7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.022380.00CVE-2018-1178
9Atlassian JIRA Server/Data Center QueryComponent!Default.jspa informationsgivning5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006280.05CVE-2020-14179
10Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.000430.04CVE-2023-36036
11Freemius SDK Plugin fs_request_get cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00CVE-2023-33999
12ZFile 1 privilegier eskalering7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.002830.04CVE-2022-40050
13Hytec Inter HWL-2511-SS Command Line Interface privilegier eskalering9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.001260.04CVE-2022-36554
14Cortex Alertmanager Config privilegier eskalering5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.03CVE-2022-23536
15Jitsi Meet svag autentisering8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
16Fortinet FortiOS CLI Command kataloggenomgång6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.067520.00CVE-2022-41328
17Weaver E-Office File Upload utility_all.php privilegier eskalering7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.07CVE-2023-2647
18Rocket.Chat 2FA svag autentisering7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000910.02CVE-2023-28316
19SourceCodester Lost and Found Information System privilegier eskalering7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.05CVE-2023-2670
20SourceCodester Online Computer and Laptop Store Master.php sql injektion7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2661

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
15.188.108.119t200514-1.comCurious Gorge30/03/2022verifiedHög
2XX.XXX.XX.XXXXxxxxxx Xxxxx30/03/2022verifiedHög
3XX.XXX.XXX.XXXxxxxxx Xxxxx30/03/2022verifiedHög
4XXX.XX.XXX.XXXxxxxxx Xxxxx30/03/2022verifiedHög
5XXX.XXX.XX.XXXXxxxxxx Xxxxx30/03/2022verifiedHög

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-59, CWE-73, CWE-119, CWE-121, CWE-189, CWE-190, CWE-287, CWE-345, CWE-362, CWE-367, CWE-384, CWE-399, CWE-400, CWE-404, CWE-415, CWE-416, CWE-476, CWE-704, CWE-918Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHög
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveHög
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
12TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
15TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
16TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHög
2File/classes/Master.phppredictiveHög
3File/classes/Master.php?f=delete_servicepredictiveHög
4File/etc/postfix/sender_loginpredictiveHög
5File/file/upload/1predictiveHög
6File/filemanager/ajax_calls.phppredictiveHög
7File/Items/*/RemoteImages/DownloadpredictiveHög
8File/restapi/v1/certificates/FFM-SSLInspectpredictiveHög
9File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHög
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHög
11File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHög
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHög
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHög
15Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHög
16Filexxxx_xxxxx.xxxpredictiveHög
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxx-xxx/xxxxx_xxx_xxxpredictiveHög
21Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHög
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxx.xxxpredictiveHög
24Filexx_xxx_xx.xpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHög
28Filexxxxx.xpredictiveLåg
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHög
32Filexxxxxxxxx.xxxpredictiveHög
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHög
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxxxxxxxxx.xxxxpredictiveHög
37Filexxx_xxxxx.xxxpredictiveHög
38Filexxxx.xxxpredictiveMedium
39Filexxxxxx-xxxxxx.xxpredictiveHög
40Filexxxxxxxx/predictiveMedium
41Libraryxxx.xxxpredictiveLåg
42Argumentxxx_xxpredictiveLåg
43Argumentxxx_xxxxpredictiveMedium
44ArgumentxxxxpredictiveLåg
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxxxxxpredictiveLåg
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxpredictiveLåg
49ArgumentxxxxxxxpredictiveLåg
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHög
52ArgumentxxxxpredictiveLåg
53ArgumentxxxxpredictiveLåg
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxxxxxxpredictiveHög
56Argumentxxx xxxpredictiveLåg
57ArgumentxxpredictiveLåg
58Argumentxxxx_xxxxxpredictiveMedium
59ArgumentxxxpredictiveLåg
60ArgumentxxxxxxxxxxxxpredictiveMedium
61Argumentxxxxxx[]predictiveMedium
62ArgumentxxxxpredictiveLåg
63Input Value\xxx\xxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you know our Splunk app?

Download it now for free!