Gootloader 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (138)

时间轴

语言

en132
fr2
pl2
it2

国家/地区

us22
ru6
au4
de4
bg4

演员

Gootloader5
Cobalt Strike4
RecordBreaker3
Raccoon3
RedLine Stealer2

活动

利益

时间轴

类型

Not Defined62
Operating System20
Smartphone Operating System6
WordPress Plugin6
Automation Software4

供应商

Not Defined46
Apple10
Microsoft10
Google8
HPE4

产品

Apple macOS6
Microsoft Windows6
Google Android4
Google Chrome4
Linux Kernel4

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1AXIS 2110 Network Camera getparam.cgi 拒绝服务9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.03461CVE-2004-2427
2onnx ONNX_ASSERTM 信息公开4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00045CVE-2024-27319
3Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV 内存损坏5.35.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.020.00043CVE-2024-0023
47-card Fakabao alipay_notify.php SQL注入5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00064CVE-2023-7183
5Scott Paterson Easy PayPal Shopping Cart Plugin 跨网站脚本5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00045CVE-2023-47239
6AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin 跨网站请求伪造5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00058CVE-2023-47757
7Guillemant David WP Full Auto Tags Manager Plugin 跨网站请求伪造6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2023-34024
8WPML Multilingual CMS Premium Plugin 跨网站请求伪造6.26.1$0-$5k$0-$5kNot DefinedNot Defined0.010.00063CVE-2022-45071
9Os Commerce 跨网站脚本6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2023-43718
10Dolibarr 跨网站脚本5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00046CVE-2023-5323
11WordPress Password Reset wp-login.php mail 权限升级6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.070.02827CVE-2017-8295
12NextGen GalleryView Plugin 跨网站脚本5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-35098
13HPE iLO 5 Local Privilege Escalation7.37.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00042CVE-2022-28634
14HPE iLO 5 Remote Code Execution8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00058CVE-2022-28633
15BTCPay Server POS Add Products 跨网站脚本3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2021-29250
16Stripe API v1 Access Restriction tokens 弱身份验证7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00260CVE-2018-19249
17ffjpeg JPEG Image jfif.c jfif_decode 内存损坏4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00073CVE-2020-23852
18ffjpeg jfif.c 拒绝服务5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00072CVE-2022-35433
19Cisco Catalyst 2960-L/Catalyst CDB-8P 802.1x 权限升级5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00058CVE-2020-3231
20pfSense pkg.php echo Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00093CVE-2022-23993

活动 (1)

These are the campaigns that can be associated with the actor:

  • Cobalt Strike

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.8.18.7Gootloader2023-09-14verified
235.206.117.6464.117.206.35.bc.googleusercontent.comGootloader2022-05-09verified
3XX.XXX.XXX.XXXxxxx.x-xxxxxxxx.xxXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verified
4XX.XXX.XXX.XXXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verified
5XX.XXX.XXX.XXXXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verified
6XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verified
7XXX.XXX.XXX.XXXxxxxxxxxx2022-01-04verified
8XXX.XX.XX.XXXxxxxxxxxxXxxxxx Xxxxxx2023-11-09verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1040CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/etc/postfix/sender_loginpredictive
2File/forms/web_importTFTPpredictive
3File/goform/openSchedWifipredictive
4File/src/jfif.cpredictive
5File/usr/local/www/pkg.phppredictive
6File/v1/tokenspredictive
7Fileadmin.phppredictive
8Filexxxxx/xxxxxxxx.xxxpredictive
9Filexxxxx/xxxxx.xxxpredictive
10Filexxxxpredictive
11Filexxx/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
12Filexxxx/xxxxxx.xpredictive
13Filexxxxxxxxxxxxxxxxx.xxxpredictive
14Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
15Filexxxxxxxxx.xxxpredictive
16Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictive
17Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictive
18Filexxxxxxx.xxxpredictive
19Filexxxxxx/xxx/xxxx.xpredictive
20Filexxx/xxxx_xxxx.xpredictive
21Filexxx/xxxxxxxxxx.xpredictive
22Filexxxx/xxxxxx.xpredictive
23Filexxxxx.xxxpredictive
24Filexxxxxxxpredictive
25Filexxxxxxxx.xxxpredictive
26Filexxxxxxxxxxxx.xxxpredictive
27Filexxxxx/xxxxxxxx.xxx.xxxpredictive
28Filexxxxxxxxxx.xpredictive
29Filexxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictive
30Filexxxxxxx.xxxxpredictive
31Filexxxxxxx.xxpredictive
32Filexxxx/xxxxxx_xxxxxx.xxxpredictive
33Filexxxxxxxxxxxx.xxxpredictive
34Filexxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxxpredictive
35Filexx-xxxxx.xxxpredictive
36Library/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.xpredictive
37Argument$_xxxxxxx['xxx_xxxxxx']predictive
38Argumentxxxxxxpredictive
39Argumentxxxpredictive
40Argumentxxxxxxxxxxpredictive
41Argumentxxxxxxxxpredictive
42Argumentxxxxxxxxpredictive
43Argumentxxxxpredictive
44Argumentxxpredictive
45Argumentxxx[xxxx_xx]predictive
46Argumentxxxxxxpredictive
47Argumentxxxxxxx_xxxxxx_xxxxx[x]predictive
48Argumentxxxxxxpredictive
49Argumentxxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]predictive
50Argumentxxx_xxxxx_xxpredictive
51Argumentxxxxxxpredictive
52Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictive
53Argumentxxxxxxxxpredictive
54Argumentxxxxxxxpredictive
55Argumentxxxxxpredictive
56Input Value/../predictive
57Input Valuexxxxxxxxxxpredictive
58Input Valuex+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)predictive
59Input Value\xxx../../../../xxx/xxxxxxpredictive
60Input Value\xxx\xxxpredictive
61Network Portxxx/xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!