Gafgyt 分析

IOB - Indicator of Behavior (460)

时间轴

语言

en370
ru70
de6
pl4
it4

国家/地区

us228
sc162
ru16
li16
ca6

演员

活动

利益

时间轴

类型

供应商

产品

Microsoft Windows24
Joomla CMS20
WordPress16
Apache HTTP Server16
Google Chrome6

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.840.00000
2Zyxel ARMOR Z1/ARMOR Z2 CGI Program 权限升级8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00053CVE-2021-4029
3Joomla CMS com_actionslogs 权限升级8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01685CVE-2019-12765
4esoftpro Online Guestbook Pro ogp_show.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.050.00135CVE-2010-4996
5Microsoft Windows Active Directory Federation Services ls 权限升级7.97.9$25k-$100k$25k-$100kNot DefinedNot Defined0.020.00481CVE-2018-16794
6CKFinder File Name 权限升级7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00155CVE-2019-15862
7Joomla CMS Cache 信息公开6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00326CVE-2017-9933
8Joomla CMS CSRF Token 跨网站脚本5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00571CVE-2017-9934
9Jetty URI 权限升级5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.45704CVE-2021-34429
10Microsoft Windows SNMP GET Remote Code Execution7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.45448CVE-1999-0517
11GitLab Community Edition/Enterprise Edition Password Reset 权限升级8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.260.80716CVE-2023-7028
12Kyocera MFP Net View 信息公开6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01011CVE-2022-1026
13WordPress SQL注入6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00467CVE-2022-21664
14SAP Knowledge Warehouse KW 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00418CVE-2021-42063
15portable SDK for UPnP unique_service_name 内存损坏10.09.5$0-$5k$0-$5kHighOfficial Fix0.030.97445CVE-2012-5958
16Dropbear SSH 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02911CVE-2016-7406
17Joomla CMS mod_latestactions 跨网站脚本5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00103CVE-2020-24599
18Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00668CVE-2022-27228
19Communigate Pro Pronto! Mail Composer Stored 跨网站脚本5.25.2$0-$5k计算Not DefinedNot Defined0.000.00165CVE-2018-18621
20phpPgAds adclick.php 未知漏洞5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.830.00317CVE-2005-3791

活动 (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (129)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/adfs/lspredictive
2File/admin/sysmon.phppredictive
3File/api/content/posts/commentspredictive
4File/cimompredictive
5File/debug/pprofpredictive
6File/forum/away.phppredictive
7File/Home/GetAttachmentpredictive
8File/LogoStore/search.phppredictive
9File/MIME/INBOX-MM-1/predictive
10File/modules/projects/vw_files.phppredictive
11File/sm/api/v1/firewall/zone/servicespredictive
12File/usr/bin/pkexecpredictive
13File/var/run/zabbixpredictive
14Fileadclick.phppredictive
15Filexxxxx/xxxxxx.xxxpredictive
16Filexxxxxxx.xxxpredictive
17Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictive
18Filexxxx-xxxx.xpredictive
19Filexxxxxx.xxxpredictive
20Filexxxxxx/xxxxxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxx/xxxx/xxxx_xxxxxxxx/xxxxxx.xxpredictive
21Filexxxxxxxxxxxxxxx.xxxpredictive
22Filexxx-xxx/xxxxxxx.xxpredictive
23Filexxx-xxx/xxxx_xxx.xxxpredictive
24Filexxxxxx.xpredictive
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
26Filexxxx/xxxxpredictive
27Filexxxxxx.xxxpredictive
28Filexxxxxx_xxx.xpredictive
29Filexxxxxxxxxxxxxx.xxpredictive
30Filexxxxxxxx.xxxxpredictive
31Filexxxxxxxxxx.xxxxpredictive
32Filexx/xxxxxxx/xxx.xpredictive
33Filexxx/xx/xxxx/xxxx.xxxxx.xxxpredictive
34Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxxxx.xxxpredictive
37Filexxxx_xxxxxxx.xxxxpredictive
38Filexxxxxx.xpredictive
39Filexxxxxxxx.xxxpredictive
40Filexxxxxx_x.xx.xpredictive
41Filexxxxxx.xxpredictive
42Filexxxxxxxxxxxx/xxx.xpredictive
43Filexxx_xxxxxxxxx.xpredictive
44Filexxxxxxx.xxxpredictive
45Filexxx_xxxx.xxxpredictive
46Filexxx_xxxxx_xxxx.xpredictive
47Filexxxxxxxxxxxxxx.xxxxxpredictive
48Filexxx_xxxx.xxxpredictive
49Filexxxxxxx.xxxpredictive
50Filexxxxxxx/xxxxpredictive
51Filexxx/xxxxx.xxxxpredictive
52Filexxxxxxx.xxxpredictive
53Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
54Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictive
55Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
56Filexxxxxxxx.xxxpredictive
57Filexxxxxxxx_xxxxxxxxxxxx_xxxxxx.xxpredictive
58Filexxx_xxxxx_xxxxxxxxx.xpredictive
59Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictive
60Filexxxxx.xxxpredictive
61Filexxx/xxxx.xxpredictive
62Filexxxxxxxxxxxxxxx.xxxpredictive
63Filexxxxxxxx/xxxxxxxxxxxx-xxxxxxxxxxpredictive
64Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictive
65Filexxxx.xxxpredictive
66Filexxxxx.xxxpredictive
67Filexxx.xxxpredictive
68Filexxx xxxx xxxxxxxpredictive
69Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
70Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
71Filexx-xxxxxxxx/xxxx.xxxpredictive
72Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictive
73Libraryxxx-xx-xxx-xxxx-xxxx-xx-x-x.xxxpredictive
74Libraryxxxx.xxxpredictive
75Argument-xpredictive
76Argumentxxxxxxpredictive
77Argumentxxxxxxxxxxxxxxpredictive
78Argumentxxxxxxxpredictive
79Argumentxxxxxxpredictive
80Argumentxxxxx$xxxxxxxxxxxxxx$xxxxxxxxxxxpredictive
81Argumentxxxxxxxpredictive
82Argumentxxxxxx/xxxxxxxpredictive
83Argumentxxxxxxxx[xxxx_xxx]predictive
84Argumentxxxxxxpredictive
85Argumentxxxxxxpredictive
86Argumentxxxxxxx[xx_xxx_xxxx]predictive
87Argumentxxxxpredictive
88Argumentxxxxxxxx xxxx/xxxxxxxx xxxxxxxx/xxxxxxxx xxxxxxx xx/xxxxxxx/xxxxpredictive
89Argumentxxpredictive
90Argumentxxxxxxxxxxxpredictive
91Argumentxxxxxxx_xxxxpredictive
92Argumentxxxxpredictive
93Argumentxxxxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxxxxxxxxxxpredictive
96Argumentxxxx_xxx_xxxxxxxx_xxxpredictive
97Argumentxxxxxxxxxxxxxxxxpredictive
98Argumentxxxxxxxpredictive
99Argumentxxxxxxxxpredictive
100Argumentxxxxxxxxpredictive
101Argumentxxxxxxxxpredictive
102Argumentxxxx_xxpredictive
103Argumentxxpredictive
104Argumentxxxxxpredictive
105Argumentxxxxx/xxxxxxxxpredictive
106Argumentxxxxxpredictive
107Argumentxxxxxxpredictive
108Argumentxxxxxx_xxxxxxpredictive
109Argumentxxxxxx_xxxxxxpredictive
110Argumentxxxxx_xxxxxx_xxxxxxxxpredictive
111Argumentxxxpredictive
112Argumentxx_xxx_xxxxxpredictive
113Argumentxxxxxxxxxxxpredictive
114Argumentxxxpredictive
115Argumentxxxxxxxx/xxxxpredictive
116Argumentxxxxxpredictive
117Input Value../predictive
118Input Valuex!x@x#x$x%xpredictive
119Input Valuexxxx' xxxxx xxx xxxxxx xxxxxx(xxxxxx('xxxxx','xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'),'xxxxx'),xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx,xxxx-- xxxx&xxxxxx=predictive
120Input Value\xpredictive
121Patternxxxxxxx-xxxx|xx|predictive
122Pattern|xx|xx|xx|predictive
123Pattern|xx xx xx xx|predictive
124Network Portxxxx/xxxxpredictive
125Network Portxxx/xx (xxxx)predictive
126Network Portxxx/xxpredictive
127Network Portxxx/xxxpredictive
128Network Portxxx/xxxxpredictive
129Network Portxxx/xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!