GIMF Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en194
zh38
de4
ru4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la220
gb6
us6
cn6
ir4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
Ave Maria8
AsyncRAT5
RedLine Stealer4
Lazarus4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
Content Management System22
WordPress Plugin14
Operating System12
Programming Language Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined96
Microsoft12
Revive6
Adobe4
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Revive Adserver6
WordPress4
Adobe ColdFusion4
ZoneMinder4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.49CVE-2020-15906
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.75
4Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2020-13672
5LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2023-4372
6WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
7ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.05CVE-2020-7847
8request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.05CVE-2023-27163
9DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.85CVE-2010-0966
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
11nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.60CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.377400.00CVE-2021-34480
13NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.00CVE-2022-0349
14DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.17CVE-2022-41479
15Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
16JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
17Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001820.00CVE-2023-21735
18Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
19CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
20Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.05CVE-2021-29114

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cyber Jihad

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1111.90.148.5server1.kamon.laGIMFCyber Jihad06/16/2021verifiedHigh
2XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedHigh
3XXX.XXX.XXX.XXXXxxxXxxxx Xxxxx06/16/2021verifiedHigh
4XXX.XXX.XXX.XXxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedHigh
5XXX.XXX.XXX.XXXxxx.xxx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxXxxxx Xxxxx06/16/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (129)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/adminPage/conf/reloadpredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/api/v2/cli/commandspredictiveHigh
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
6File/DXR.axdpredictiveMedium
7File/forum/away.phppredictiveHigh
8File/mfsNotice/pagepredictiveHigh
9File/novel/bookSetting/listpredictiveHigh
10File/novel/userFeedback/listpredictiveHigh
11File/owa/auth/logon.aspxpredictiveHigh
12File/spip.phppredictiveMedium
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
14File/zm/index.phppredictiveHigh
15Fileadclick.phppredictiveMedium
16Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
21Filexxxx_xxxxxxx.xxxpredictiveHigh
22Filexxx-xxx/xxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
25Filexxxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
28Filexxxxxxxxxxx.xxxpredictiveHigh
29Filexxxx-xxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
31Filexxxx.xxxpredictiveMedium
32Filexxxxx_xxxx.xxxpredictiveHigh
33Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxx/xxxxxx.xxxpredictiveHigh
35Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
36Filexxxxx.xxxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
39Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
40Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
41Filexxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxx.xxxxpredictiveMedium
45Filexx_xxxx.xpredictiveMedium
46Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
47Filexxxxxxx_xxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
53Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
54Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
55Filexxxx_xxxxx.xxxxpredictiveHigh
56Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
57Filexxx/xxxx/xxxxpredictiveHigh
58Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
59Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
61Filexxxx_xxxxxx.xxpredictiveHigh
62Filexxxx-xxxxx.xxxpredictiveHigh
63Filexxxx-xxxxxxxx.xxxpredictiveHigh
64Filexxxxxx_xxxxx.xxxpredictiveHigh
65Filexxxxxx.xxxpredictiveMedium
66Filexxxxxxx-xxxxx.xxxpredictiveHigh
67Filexxxx_xxxxx.xxxpredictiveHigh
68Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
69Filexxxx.xxxpredictiveMedium
70Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
71Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
72Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
73Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
74Filexxxx.xxxpredictiveMedium
75File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
76File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
77Libraryxxxxxx.xxxpredictiveMedium
78Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
79Argumentxxx_xxxpredictiveLow
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
84Argumentxxxxx_xxxxpredictiveMedium
85Argumentxxxx_xxx_xxxxpredictiveHigh
86ArgumentxxxxxxxxxxpredictiveMedium
87Argumentxxx_xxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxxxxxxxxxxpredictiveHigh
90ArgumentxxxxpredictiveLow
91Argumentxxxxxxxxx_xxxxxxpredictiveHigh
92ArgumentxxxxxxxxxpredictiveMedium
93Argumentxx_xxxxxxxpredictiveMedium
94ArgumentxxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96ArgumentxxxxxpredictiveLow
97Argumentxxxxxx_xxxxxpredictiveMedium
98Argumentxx_xxpredictiveLow
99Argumentxxxxxxx[xxxxxxx]predictiveHigh
100ArgumentxxxxxxxpredictiveLow
101ArgumentxxxxxxpredictiveLow
102ArgumentxxxxxpredictiveLow
103ArgumentxxpredictiveLow
104ArgumentxxxpredictiveLow
105ArgumentxxxxpredictiveLow
106ArgumentxxxxpredictiveLow
107Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
108ArgumentxxxxxxxxpredictiveMedium
109Argumentxx_xxpredictiveLow
110Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
111ArgumentxxxxxxxpredictiveLow
112ArgumentxxxxpredictiveLow
113Argumentxxxxxx_xxxxxxpredictiveHigh
114Argumentxxxxxxxx_xxpredictiveMedium
115Argumentxxxxxx_xxxxxpredictiveMedium
116Argumentxxxx_xxxxpredictiveMedium
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119ArgumentxxxxxxxpredictiveLow
120ArgumentxxxpredictiveLow
121ArgumentxxxxxpredictiveLow
122ArgumentxxxpredictiveLow
123ArgumentxxxxxxxxpredictiveMedium
124Argument_xxx_xxxxxxxxxxx_predictiveHigh
125Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
126Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
127Pattern|xx xx xx xx|predictiveHigh
128Network PortxxxxxpredictiveLow
129Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!