Guccifer 2.0 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Tidslinje

Lang

en56
fr2

Land

us8
fr4
ru4

Skådespelare

Guccifer 2.01

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined20
WordPress Plugin6
Testing Software4
Content Management System4
Operating System4

Säljare

Not Defined22
IBM12
Microsoft4
Monroe Electronics4
Linux4

Produkt

Monroe Electronics R189 One-Net EAS4
IBM Rational Quality Manager4
WordPress4
Linux Kernel4
Microsoft IIS2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1ProFTPD mod_copy File privilegier eskalering7.37.0$0-$5k$0-$5kHighOfficial Fix0.971880.19CVE-2015-3306
2LOCKON EC-CUBE kataloggenomgång5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002670.00CVE-2013-3654
3Monroe Electronics R189 One-Net EAS Default Configuration svag kryptering9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007260.02CVE-2013-0137
4Choice-wireless WIXFMR-111 ajax.cgi svag autentisering9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.005190.00CVE-2013-4731
5Monroe Electronics R189 One-Net EAS privilegier eskalering9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.005600.00CVE-2013-4732
6Monroe Electronics R189 One-Net EAS privilegier eskalering7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2013-4733
7Linux Kernel xdp_umem.c xdp_umem_reg minneskorruption6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2020-12659
8SAE FW-50 Remote Telemetry Unit kataloggenomgång7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.002350.00CVE-2020-10634
9IBM Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-6022
10IBM Rational Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-6031
11IBM Rational Quality Manager cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2016-6036
12IBM Curam Social Program Management XML External Entity7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001940.03CVE-2016-6111
13Nagios cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.02CVE-2016-6209
14Cisco 2100 Wireless LAN Controller förnekande av tjänsten7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2012-0369
15Cisco Wireless LAN Controller Software förnekande av tjänsten7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2012-0370
16Cisco Wireless LAN Controller Software privilegier eskalering9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003690.02CVE-2012-0371
17ninja-forms Plugin förfalskning på begäran över webbplatsen5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2020-12462
18jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.061240.00CVE-2020-11022
19Netgear WNR2000v5 minneskorruption6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.00CVE-2018-21181
20BigBlueButton informationsgivning6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001890.03CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
195.130.9.198Guccifer 2.023/12/2020verifiedHög
295.130.15.34Guccifer 2.023/12/2020verifiedHög
3XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedHög
4XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedHög
5XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedHög
6XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedHög
7XX.XXX.XX.XXXxxxxxxx X.x23/12/2020verifiedHög

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-119, CWE-121, CWE-125, CWE-287, CWE-352, CWE-399, CWE-400, CWE-404, CWE-610, CWE-611, CWE-787, CWE-862, CWE-863Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
5TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
9TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/Forms/predictiveLåg
2File/see_more_details.phppredictiveHög
3Fileajax.cgipredictiveMedium
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxxxxxx.xxxpredictiveMedium
6Filexx/xxxxxxx-xxxxxxx.xpredictiveHög
7Filexxx/xxx/xxx_xxxx.xpredictiveHög
8Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxxpredictiveHög
9Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxxpredictiveHög
10Filexxxxxxx-xxxxxx.xxxpredictiveHög
11Argumentxxxx/xxxxpredictiveMedium
12ArgumentxxpredictiveLåg
13ArgumentxxxpredictiveLåg
14ArgumentxxxxxxxpredictiveLåg
15Input Value::$xxxxx_xxxxxxxxxxpredictiveHög
16Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you know our Splunk app?

Download it now for free!