Guccifer 2.0 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

语言

en	58

国家/地区

us	6
fr	4
ru	4

演员

Guccifer 2.0	1

利益

类型

Not Defined	22
WordPress Plugin	10
Wireless LAN Software	4
Web Server	4
Application Server Software	2

供应商

Not Defined	24
IBM	10
Microsoft	6
Monroe Electronics	6
Cisco	2

产品

Monroe Electronics R189 One-Net EAS	6
IBM Quality Manager	2
IBM WebSphere Application Server Liberty	2
facebook-for-woocommerce Plugin	2
Cisco Wireless LAN Controller Software	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	ProFTPD mod_copy File 权限升级	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.97188	0.03	CVE-2015-3306
2	LOCKON EC-CUBE 目录遍历	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00267	0.00	CVE-2013-3654
3	Monroe Electronics R189 One-Net EAS Default Configuration 弱加密	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00726	0.02	CVE-2013-0137
4	Choice-wireless WIXFMR-111 ajax.cgi 弱身份验证	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00519	0.02	CVE-2013-4731
5	Monroe Electronics R189 One-Net EAS 权限升级	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00560	0.00	CVE-2013-4732
6	Monroe Electronics R189 One-Net EAS 权限升级	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.00	CVE-2013-4733
7	Linux Kernel xdp_umem.c xdp_umem_reg 内存损坏	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00072	0.00	CVE-2020-12659
8	SAE FW-50 Remote Telemetry Unit 目录遍历	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00235	0.00	CVE-2020-10634
9	IBM Quality Manager Web UI 跨网站脚本	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2016-6022
10	IBM Rational Quality Manager Web UI 跨网站脚本	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2016-6031
11	IBM Rational Quality Manager 跨网站脚本	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.02	CVE-2016-6036
12	IBM Curam Social Program Management XML External Entity	7.8	7.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00194	0.03	CVE-2016-6111
13	Nagios 跨网站脚本	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00081	0.02	CVE-2016-6209
14	Cisco 2100 Wireless LAN Controller 拒绝服务	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00181	0.02	CVE-2012-0369
15	Cisco Wireless LAN Controller Software 拒绝服务	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2012-0370
16	Cisco Wireless LAN Controller Software 权限升级	9.8	9.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00369	0.02	CVE-2012-0371
17	ninja-forms Plugin 跨网站请求伪造	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2020-12462
18	jQuery html 跨网站脚本	5.8	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06124	0.03	CVE-2020-11022
19	Netgear WNR2000v5 内存损坏	6.1	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00096	0.00	CVE-2018-21181
20	BigBlueButton 信息公开	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00189	0.00	CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	参与者	Identified	类型	可信度
1	95.130.9.198	Guccifer 2.0	2020-12-23	verified	高
2	95.130.15.34	Guccifer 2.0	2020-12-23	verified	高
3	XX.XXX.XX.XX	Xxxxxxxx X.x	2020-12-23	verified	高
4	XX.XXX.XX.XX	Xxxxxxxx X.x	2020-12-23	verified	高
5	XX.XXX.XX.XX	Xxxxxxxx X.x	2020-12-23	verified	高
6	XX.XXX.XX.XX	Xxxxxxxx X.x	2020-12-23	verified	高
7	XX.XXX.XX.XX	Xxxxxxxx X.x	2020-12-23	verified	高

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/Forms/	predictive	低
2	File	/see_more_details.php	predictive	高
3	File	ajax.cgi	predictive	中
4	File	xxxxxxxx.xxx	predictive	中
5	File	xxxxxxxx.xxx	predictive	中
6	File	xx/xxxxxxx-xxxxxxx.x	predictive	高
7	File	xxx/xxx/xxx_xxxx.x	predictive	高
8	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxx	predictive	高
9	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxx	predictive	高
10	File	xxxxxxx-xxxxxx.xxx	predictive	高
11	Argument	xxxx/xxxx	predictive	中
12	Argument	xx	predictive	低
13	Argument	xxx	predictive	低
14	Argument	xxxxxxx	predictive	低
15	Input Value	::$xxxxx_xxxxxxxxxx	predictive	高
16	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!