Curious Gorge Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en76
zh46
es4
ru4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn90
us26
ru8
ca4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
Cobalt Strike2
BadBazaar2
APT411
pupy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined52
Operating System8
Content Management System6
Firewall Software6
Network Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined42
Microsoft8
Oracle6
Fortinet4
Phpletter2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MediaWiki4
Postfix4
Microsoft Windows4
Oracle MySQL Server2
PRTG Network Monitor2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kHighOfficial Fix0.974090.04CVE-2023-32315
2Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.00CVE-2003-0882
3Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2020-11583
4OpenVPN Access Server Web Portal entropy5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.05CVE-2022-33738
5Essential Addons for Elementor Plugin password recovery8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.038930.02CVE-2023-32243
6Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-12215
7Oracle Integrated Lights Out Manager (ILOM) Web Remote Code Execution9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006920.03CVE-2015-4821
8Foxit Reader absPageSpan type conversion7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.015860.00CVE-2018-9938
9Foxit Reader addField use after free7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.022380.00CVE-2018-1178
10Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006280.03CVE-2020-14179
11Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.000430.05CVE-2023-36036
12Freemius SDK Plugin fs_request_get cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2023-33999
13ZFile 1 unrestricted upload7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.002830.04CVE-2022-40050
14Hytec Inter HWL-2511-SS Command Line Interface command injection9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.001260.04CVE-2022-36554
15Cortex Alertmanager Config file inclusion5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.05CVE-2022-23536
16Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
17Fortinet FortiOS CLI Command path traversal6.86.8$0-$5k$0-$5kHighNot Defined0.067520.08CVE-2022-41328
18Weaver E-Office File Upload utility_all.php command injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.18CVE-2023-2647
19Rocket.Chat 2FA session fixiation7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000910.02CVE-2023-28316
20SourceCodester Lost and Found Information System access control7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000780.00CVE-2023-2670

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.108.119t200514-1.comCurious Gorge03/30/2022verifiedHigh
2XX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedHigh
3XX.XXX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedHigh
4XXX.XX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedHigh
5XXX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/classes/Master.phppredictiveHigh
3File/classes/Master.php?f=delete_servicepredictiveHigh
4File/etc/postfix/sender_loginpredictiveHigh
5File/file/upload/1predictiveHigh
6File/filemanager/ajax_calls.phppredictiveHigh
7File/Items/*/RemoteImages/DownloadpredictiveHigh
8File/restapi/v1/certificates/FFM-SSLInspectpredictiveHigh
9File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
10File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
11File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHigh
12Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHigh
16Filexxxx_xxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
21Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxx.xxxpredictiveHigh
24Filexx_xxx_xx.xpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
28Filexxxxx.xpredictiveLow
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxx_xxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexxxxxx-xxxxxx.xxpredictiveHigh
40Filexxxxxxxx/predictiveMedium
41Libraryxxx.xxxpredictiveLow
42Argumentxxx_xxpredictiveLow
43Argumentxxx_xxxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxxxxxpredictiveLow
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxpredictiveLow
49ArgumentxxxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
52ArgumentxxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxxxxxxpredictiveHigh
56Argumentxxx xxxpredictiveLow
57ArgumentxxpredictiveLow
58Argumentxxxx_xxxxxpredictiveMedium
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxxxxxpredictiveMedium
61Argumentxxxxxx[]predictiveMedium
62ArgumentxxxxpredictiveLow
63Input Value\xxx\xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!