Gaza Cybergang 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

时间轴

语言

en34
de12

国家/地区

us18
gb12
de6
ws6
ru2

演员

Gaza Cybergang6
RedLine Stealer1
Locky1
Conti1
pupy1

活动

利益

时间轴

类型

Not Defined10
Content Management System6
Firewall Software4
Operating System4
Web Browser2

供应商

Not Defined16
Microsoft8
Cisco4
Atlassian2
Revive2

产品

WordPress4
Microsoft Windows4
Microsoft Internet Explorer2
Atlassian JIRA Server2
Atlassian Data Center2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1jforum User 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
2Samsung Gallery Lockscreen 权限升级3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.00CVE-2024-20827
3IBM Watson CP4D Data Stores 拒绝服务6.46.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2023-27540
4IBM Watson Knowledge Catalog on Cloud Pak for Data 权限升级7.47.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2023-28958
5IBM Watson Knowledge Catalog on Cloud Pak for Data Request 拒绝服务5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2023-28955
6Joomla Webservice Endpoint 权限升级5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.952140.06CVE-2023-23752
7Atlassian JIRA Server/Data Center Service Management Addon 权限升级4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002830.00CVE-2021-39128
8magmi 跨网站请求伪造8.07.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.503530.02CVE-2020-5776
9Microsoft Exchange Server 信息公开5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.961720.04CVE-2021-41349
10Microsoft IIS Unicode 目录遍历7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.937930.04CVE-2000-0884
11Siemens Polarion Web Page Generator Reflected 跨网站脚本3.53.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2019-13934
12Cisco Unified Communications Manager SOAP API Endpoint 权限升级8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002380.00CVE-2021-1362
13Lenovo Integrated Management Module 2 Web Administration 内存损坏8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002500.00CVE-2017-3774
14vsftpd Service Port 6200 权限升级8.58.4$25k-$100k$25k-$100kNot DefinedWorkaround0.842150.24CVE-2011-2523
15TP-LINK TD-8840t HTTP Request tools_admin_1 跨网站请求伪造4.64.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.04
16Revive Adserver Flash Cross-Domain Policy crossdomain.xml 权限升级7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007490.07CVE-2015-7369
17Oracle E-Business Suite iRecruitment 未知漏洞5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001680.00CVE-2010-2408
18Octopus Deploy Package 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2019-19084
19Cisco IOS XAUTH IKE Authentication 弱身份验证6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005170.00CVE-2005-1058
20Microsoft IIS 权限升级9.89.6$25k-$100k$5k-$25kNot DefinedWorkaround0.000000.00

活动 (1)

These are the campaigns that can be associated with the actor:

  • Electric Powder

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
145.63.97.4445.63.97.44.vultr.comGaza Cybergang2020-12-22verified
282.211.30.186Gaza CybergangElectric Powder2020-12-23verified
3XX.XXX.XX.XXXXxxx XxxxxxxxxXxxxxxxx Xxxxxx2020-12-23verified
4XX.XXX.XX.XXXXxxx XxxxxxxxxXxxxxxxx Xxxxxx2020-12-23verified
5XX.XXX.X.XXXxxx XxxxxxxxxXxxxxxxx Xxxxxx2020-12-23verified
6XX.XXX.XX.XXXXxxx XxxxxxxxxXxxxxxxx Xxxxxx2020-12-23verified
7XX.XXX.XX.XXXXxxx XxxxxxxxxXxxxxxxx Xxxxxx2020-12-23verified
8XX.XXX.XX.XXXxxx XxxxxxxxxXxxxxxxx Xxxxxx2020-12-23verified
9XXX.XXX.XX.XXXXxxx Xxxxxxxxx2020-12-22verified
10XXX.XXX.X.XXXxxxxxxxxxx.xxxXxxx Xxxxxxxxx2020-12-22verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/index.php/newsletter/subscriber/new/predictive
2Fileapi_poller.phppredictive
3Filecrossdomain.xmlpredictive
4Filexxx/xxxxxx/xxxxxx/xxxxxxxxxxx/xxx.xxxpredictive
5Filexxxxx/xxxxx_xxxxx_xpredictive
6Filexxxxxxx/xxxx_xxxxxxxxxx.xxxpredictive
7Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
8Filexxxxx.xxxpredictive
9Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
10Libraryx:\xxxxxxx\xxxxxxxx\xxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxxx.xxx_xxxxx_xxxxxxxxxxxxxxxx\xxxxx\xxxxxxxxxxx.xxxpredictive
11Libraryxxxxxx.xxxpredictive
12Argumentxxxpredictive
13Argumentxxxxxxxx.xxxxpredictive
14Argumentxxxpredictive
15Argumentxxxx->xxxxxxxpredictive
16Input Valuexx-xxxx://predictive
17Network Portxxx/xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!