Gootloader Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (138)

Lang

en	132
it	2
pl	2
fr	2

Land

us	26
ru	6
de	6
bg	4
gb	2

Skådespelare

Gootloader	5
Cobalt Strike	4
RecordBreaker	3
Raccoon	3
RedLine Stealer	2

Intressera

Typ

Not Defined	74
Operating System	14
WordPress Plugin	8
Document Reader Software	4
Smartphone Operating System	4

Säljare

Not Defined	44
Microsoft	14
Apple	10
Adobe	6
Hitachi	4

Produkt

Microsoft Windows	8
Apple iOS	4
Apple iPadOS	4
Microsoft Office	4
Adobe After Effects	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	AXIS 2110 Network Camera getparam.cgi förnekande av tjänsten	9.8	9.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03461	0.00	CVE-2004-2427
2	onnx ONNX_ASSERTM informationsgivning	4.9	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.00	CVE-2024-27319
3	Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV minneskorruption	5.3	5.1	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00043	0.02	CVE-2024-0023
4	7-card Fakabao alipay_notify.php sql injektion	5.5	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00064	0.10	CVE-2023-7183
5	Scott Paterson Easy PayPal Shopping Cart Plugin cross site scripting	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2023-47239
6	AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin förfalskning på begäran över webbplatsen	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2023-47757
7	Guillemant David WP Full Auto Tags Manager Plugin förfalskning på begäran över webbplatsen	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2023-34024
8	WPML Multilingual CMS Premium Plugin förfalskning på begäran över webbplatsen	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.04	CVE-2022-45071
9	Os Commerce cross site scripting	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2023-43718
10	Dolibarr cross site scripting	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.04	CVE-2023-5323
11	WordPress Password Reset wp-login.php mail privilegier eskalering	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02827	0.09	CVE-2017-8295
12	NextGen GalleryView Plugin cross site scripting	5.6	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-35098
13	HPE iLO 5 Local Privilege Escalation	7.3	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.05	CVE-2022-28634
14	HPE iLO 5 Remote Code Execution	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00058	0.06	CVE-2022-28633
15	BTCPay Server POS Add Products cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2021-29250
16	Stripe API v1 Access Restriction tokens svag autentisering	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00260	0.02	CVE-2018-19249
17	ffjpeg JPEG Image jfif.c jfif_decode minneskorruption	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.00	CVE-2020-23852
18	ffjpeg jfif.c förnekande av tjänsten	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00072	0.00	CVE-2022-35433
19	Cisco Catalyst 2960-L/Catalyst CDB-8P 802.1x privilegier eskalering	5.9	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00058	0.02	CVE-2020-3231
20	pfSense pkg.php echo Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00093	0.02	CVE-2022-23993

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Cobalt Strike

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	5.8.18.7		Gootloader		14/09/2023	verified	Hög
2	35.206.117.64	64.117.206.35.bc.googleusercontent.com	Gootloader		09/05/2022	verified	Medium
3	XX.XXX.XXX.XXX	xxxx.x-xxxxxxxx.xx	Xxxxxxxxxx	Xxxxxx Xxxxxx	09/11/2023	verified	Hög
4	XX.XXX.XXX.XX		Xxxxxxxxxx	Xxxxxx Xxxxxx	09/11/2023	verified	Hög
5	XX.XXX.XXX.XXX		Xxxxxxxxxx	Xxxxxx Xxxxxx	09/11/2023	verified	Hög
6	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	Xxxxxx Xxxxxx	09/11/2023	verified	Hög
7	XXX.XXX.XXX.XX		Xxxxxxxxxx		04/01/2022	verified	Hög
8	XXX.XX.XX.XX		Xxxxxxxxxx	Xxxxxx Xxxxxx	09/11/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-122, CWE-125, CWE-189, CWE-190, CWE-266, CWE-275, CWE-285, CWE-287, CWE-345, CWE-346, CWE-352, CWE-399, CWE-400, CWE-401, CWE-404, CWE-416, CWE-476, CWE-665, CWE-704, CWE-707, CWE-732, CWE-787, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Hög
3	T1040	CAPEC-114	CWE-287, CWE-294	Authentication Bypass by Capture-replay	predictive	Hög
4	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
5	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-127	CWE-XXX, CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Hög
9	TXXXX.XXX	CAPEC-191	CWE-XXX, CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-1	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
13	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
14	TXXXX.XXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Hög
15	TXXXX	CAPEC-102	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
16	TXXXX	CAPEC-38	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Hög
17	TXXXX.XXX	CAPEC-114	CWE-XXX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
18	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
19	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/etc/postfix/sender_login	predictive	Hög
2	File	/forms/web_importTFTP	predictive	Hög
3	File	/goform/openSchedWifi	predictive	Hög
4	File	/src/jfif.c	predictive	Medium
5	File	/usr/local/www/pkg.php	predictive	Hög
6	File	/v1/tokens	predictive	Medium
7	File	admin.php	predictive	Medium
8	File	xxxxx/xxxxxxxx.xxx	predictive	Hög
9	File	xxxxx/xxxxx.xxx	predictive	Hög
10	File	xxxx	predictive	Låg
11	File	xxx/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
12	File	xxxx/xxxxxx.x	predictive	Hög
13	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Hög
14	File	xxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Hög
15	File	xxxxxxxxx.xxx	predictive	Hög
16	File	xxxxxxx/xxx/xxxxxxxxxx/xxxxx.x	predictive	Hög
17	File	xxxxxxx/xxx/xxxx/xxxxxx.x	predictive	Hög
18	File	xxxxxxx.xxx	predictive	Medium
19	File	xxxxxx/xxx/xxxx.x	predictive	Hög
20	File	xxx/xxxx_xxxx.x	predictive	Hög
21	File	xxx/xxxxxxxxxx.x	predictive	Hög
22	File	xxxx/xxxxxx.x	predictive	Hög
23	File	xxxxx.xxx	predictive	Medium
24	File	xxxxxxx	predictive	Låg
25	File	xxxxxxxx.xxx	predictive	Medium
26	File	xxxxxxxxxxxx.xxx	predictive	Hög
27	File	xxxxx/xxxxxxxx.xxx.xxx	predictive	Hög
28	File	xxxxxxxxxx.x	predictive	Medium
29	File	xxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxx	predictive	Hög
30	File	xxxxxxx.xxxx	predictive	Medium
31	File	xxxxxxx.xx	predictive	Medium
32	File	xxxx/xxxxxx_xxxxxx.xxx	predictive	Hög
33	File	xxxxxxxxxxxx.xxx	predictive	Hög
34	File	xxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxx	predictive	Hög
35	File	xx-xxxxx.xxx	predictive	Medium
36	Library	/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.x	predictive	Hög
37	Argument	$_xxxxxxx['xxx_xxxxxx']	predictive	Hög
38	Argument	xxxxxx	predictive	Låg
39	Argument	xxx	predictive	Låg
40	Argument	xxxxxxxxxx	predictive	Medium
41	Argument	xxxxxxxx	predictive	Medium
42	Argument	xxxxxxxx	predictive	Medium
43	Argument	xxxx	predictive	Låg
44	Argument	xx	predictive	Låg
45	Argument	xxx[xxxx_xx]	predictive	Medium
46	Argument	xxxxxx	predictive	Låg
47	Argument	xxxxxxx_xxxxxx_xxxxx[x]	predictive	Hög
48	Argument	xxxxxx	predictive	Låg
49	Argument	xxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]	predictive	Hög
50	Argument	xxx_xxxxx_xx	predictive	Medium
51	Argument	xxxxxx	predictive	Låg
52	Argument	xxxxxxxxxxxxxx/xxxxxxxxxxxx	predictive	Hög
53	Argument	xxxxxxxx	predictive	Medium
54	Argument	xxxxxxx	predictive	Låg
55	Argument	xxxxx	predictive	Låg
56	Input Value	/../	predictive	Låg
57	Input Value	xxxxxxxxxx	predictive	Medium
58	Input Value	x+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)	predictive	Hög
59	Input Value	\xxx../../../../xxx/xxxxxx	predictive	Hög
60	Input Value	\xxx\xxx	predictive	Medium
61	Network Port	xxx/xxxx	predictive	Medium

Referenser (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!