Gallmaker Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (252)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en206
zh36
de4
pl4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

la212
us14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
Ave Maria8
RedLine Stealer6
AsyncRAT5
Lazarus4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined96
Content Management System26
Operating System16
Programming Language Software8
Forum Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined96
Microsoft12
Linux6
Apache6
Revive6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Linux Kernel6
WordPress6
Revive Adserver6
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.32CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.26CVE-2020-15906
3Drupal Sanitization API cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2020-13672
4LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.08
5LiteSpeed Cache Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000510.03CVE-2023-4372
6WebTitan Appliance Extensions Persistent cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
7ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.009880.05CVE-2020-7847
8request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.081090.04CVE-2023-27163
9DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.38CVE-2010-0966
10PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.07CVE-2007-1287
11nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.68CVE-2020-12440
12Microsoft Windows Scripting Engine Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.330480.00CVE-2021-34480
13DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.07CVE-2022-41479
14Basilix Webmail login.php3 command injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07
15JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
16Microsoft Office Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.001820.00CVE-2023-21735
17Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.04CVE-2021-27182
18CouchCMS mysql2i.func.php Path information disclosure3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.02CVE-2019-1010042
19Esri ArcGIS Server sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.05CVE-2021-29114
20Shenzhen Yunni Technology iLnkP2P UID Generator Random cryptographic issues7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.001760.03CVE-2019-11219

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.140.116.124Gallmaker12/17/2020verifiedHigh
2XX.XXX.XXX.XXXXxxxxxxxx12/17/2020verifiedHigh
3XXX.XX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxxx12/17/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (140)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/dl_sendmail.phppredictiveHigh
2File/adminPage/conf/reloadpredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/api/v2/cli/commandspredictiveHigh
5File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictiveHigh
6File/DXR.axdpredictiveMedium
7File/forum/away.phppredictiveHigh
8File/mfsNotice/pagepredictiveHigh
9File/novel/bookSetting/listpredictiveHigh
10File/novel/userFeedback/listpredictiveHigh
11File/owa/auth/logon.aspxpredictiveHigh
12File/spip.phppredictiveMedium
13File/x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3predictiveHigh
14File/zm/index.phppredictiveHigh
15Fileadclick.phppredictiveMedium
16Fileadmin.cropcanvas.phppredictiveHigh
17Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexx_xxxx_xx_xxxx_xxxx.xxxpredictiveHigh
22Filexxxxxxx.xpredictiveMedium
23Filexxxx_xxxxxxx.xxxpredictiveHigh
24Filexxx-xxx/xxxxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxx_xxxxx.xxxxpredictiveHigh
27Filexxxxx-xxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx/xxx_xxxxxxxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
30Filexxxxxxxxxxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexx.xxxpredictiveLow
33Filexxxxxxx/xxx/xxxxxxxx/xxxxxx/xxxxxxx.xpredictiveHigh
34Filexxxx-xxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxx_xxxx.xxxpredictiveHigh
38Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxx/xxxxxx.xxxpredictiveHigh
40Filexxxxxxxx/xxxxxxx/xxxxxxx.xxxx.xxxpredictiveHigh
41Filexxxxx.xxxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxx?x=xxxx&x=xxxx&x=xx_xxx_xxxxxxpredictiveHigh
45Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
46Filexxxx_xxxxxxx.xxxpredictiveHigh
47Filexxxxx.xxxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxxx.xxxxpredictiveMedium
50Filexxxxxxxxx.xpredictiveMedium
51Filexx_xxxx.xpredictiveMedium
52Filexxx/xxxx/xxxx_xxxxxxxxx.xpredictiveHigh
53Filexxxxxxx_xxxx.xxxpredictiveHigh
54Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
59Filexxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx_xxxx.xxpredictiveHigh
60Filexxxx/xxxxxxxxxxxxxx/xxxx_xxxxxxx.xpredictiveHigh
61Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
62Filexxxxxxx_xxxxxx.xxxpredictiveHigh
63Filexxxx_xxxxx.xxxxpredictiveHigh
64Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
65Filexxx/xxxx/xxxxpredictiveHigh
66Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
67Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
69Filexxxx_xxxxxx.xxpredictiveHigh
70Filexxxx-xxxxx.xxxpredictiveHigh
71Filexxxx-xxxxxxxx.xxxpredictiveHigh
72Filexxxxxxxxx.xxxpredictiveHigh
73Filexxxxxx_xxxxx.xxxpredictiveHigh
74Filexxxxxx.xxxpredictiveMedium
75Filexxxxxxx-xxxxx.xxxpredictiveHigh
76Filexxxx_xxxxx.xxxpredictiveHigh
77Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
78Filexxxx.xxxpredictiveMedium
79Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
80Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
81Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
82Filexxxx.xxxpredictiveMedium
83File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
84File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
85Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
86Argumentxxx_xxxpredictiveLow
87ArgumentxxxxpredictiveLow
88ArgumentxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxx_xxx_xx_xxx_xxxxxxxxxx_xpredictiveHigh
91Argumentxxxxx_xxxxpredictiveMedium
92Argumentxxxx_xxx_xxxxpredictiveHigh
93ArgumentxxxxxxxxxxpredictiveMedium
94ArgumentxxxpredictiveLow
95ArgumentxxxxxxxxxxxxxxxpredictiveHigh
96ArgumentxxxxxxxxxxxxpredictiveMedium
97ArgumentxxxxpredictiveLow
98Argumentxxxxxxxxx_xxxxxxpredictiveHigh
99ArgumentxxxxxxxxxpredictiveMedium
100Argumentxx_xxxxxxxpredictiveMedium
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxxpredictiveLow
104Argumentxxxxxx_xxxxxpredictiveMedium
105Argumentxx_xxpredictiveLow
106Argumentxxxxxxx[xxxxxxx]predictiveHigh
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxxxpredictiveLow
109ArgumentxxxxxpredictiveLow
110ArgumentxxpredictiveLow
111ArgumentxxxpredictiveLow
112ArgumentxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114Argumentxxx xxxxxxxx/xxxxxxx xxxxxxxxpredictiveHigh
115ArgumentxxxxxxxxpredictiveMedium
116Argumentxxxxxx/xxxxx/xxxxpredictiveHigh
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxpredictiveLow
119Argumentxxxxxx_xxxxxxpredictiveHigh
120ArgumentxxxpredictiveLow
121Argumentxxxxxxxx_xxpredictiveMedium
122Argumentxxxxxx_xxxxxpredictiveMedium
123ArgumentxxxxxxpredictiveLow
124Argumentxxxx_xxxxpredictiveMedium
125ArgumentxxxxpredictiveLow
126ArgumentxxxxxxpredictiveLow
127ArgumentxxxxxxxpredictiveLow
128ArgumentxxxpredictiveLow
129ArgumentxxxxxpredictiveLow
130Argumentxxxxx/xxxpredictiveMedium
131Argumentxxxx_xxpredictiveLow
132ArgumentxxxpredictiveLow
133ArgumentxxxxxxxxpredictiveMedium
134Argumentxxx:xxxxpredictiveMedium
135Argument_xxx_xxxxxxxxxxx_predictiveHigh
136Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
137Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
138Pattern|xx xx xx xx|predictiveHigh
139Network PortxxxxxpredictiveLow
140Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!