Godfather Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

fr22
en14
it14
sv12
es10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us58

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Godfather1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Database Software8
Operating System8
Packet Analyzer Software8
Anti-Malware Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Oracle26
Not Defined14
Siemens6
SourceFire6
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

tcpdump8
Oracle MySQL Server6
SourceFire ClamAV6
Siemens Solid Edge4
Linux Kernel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Oracle MySQL Enterprise Monitor Monitoring unrestricted upload8.18.0$5k-$25k$0-$5kHighOfficial Fix0.975330.00CVE-2017-12617
2Oracle MySQL Server Stored Procedure denial of service6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.00CVE-2018-2583
3Oracle MySQL Server Optimizer denial of service6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.00CVE-2018-2665
4Oracle Sun ZFS Storage Appliance Kit User Interface access control9.38.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001620.00CVE-2018-2623
5Oracle Solaris Kernel denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.00CVE-2018-2710
6Oracle Java SE Installer access control7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000490.00CVE-2018-2627
7Oracle Java SE Serialization access control5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.004240.00CVE-2018-2657
8Oracle MySQL Server DDL denial of service6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.04CVE-2018-2622
9Oracle MySQL Server GIS denial of service6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001690.00CVE-2018-2573
10Oracle MySQL Server Optimizer denial of service6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.00CVE-2018-2668
11Oracle Converged Commerce Foundation Data privileges management8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003110.04CVE-2016-0635
12Oracle Retail Assortment Planning Operations / Maintenance path traversal8.48.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003440.00CVE-2016-9878
13Oracle MICROS Relate CRM Software Apache Tomcat 7pk security7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.008860.00CVE-2017-5664
14Oracle Retail Merchandising System Cross Pillar access control6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000530.07CVE-2018-2730
15Oracle Siebel CRM Desktop Outlook Client access control8.17.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000610.00CVE-2018-2574
16Oracle Siebel Engineering - Installer / Deployment Siebel Approval Manager information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2018-2632
17Oracle Sun ZFS Storage Appliance Kit Core Services access control10.09.5$100k and more$5k-$25kNot DefinedOfficial Fix0.005750.04CVE-2018-2611
18Oracle Sun ZFS Storage Appliance Kit User Interface information disclosure8.68.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001440.00CVE-2018-2624
19Oracle Integrated Lights Out Manager Remote Console Application access control7.77.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2018-2566
20Oracle Integrated Lights Out Manager Remote Console Application access control7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001480.00CVE-2018-2568

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.230.9.163ec2-34-230-9-163.compute-1.amazonaws.comGodfather12/28/2023verifiedMedium

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/index.php/newsletter/subscriber/new/predictiveHigh
2Fileaddrtoname.cpredictiveMedium
3FileCommandLineExecutor.javapredictiveHigh
4Filexxxxxxx/xxxxx/xxxxxx/xx.xpredictiveHigh
5Filexxxxxxxxxxx/xxxxxxx.xpredictiveHigh
6Filexxxxxxxxx/xxxxx.xpredictiveHigh
7Filexxx/xxxx/xxx-xxxxx.xpredictiveHigh
8Filexxx/xxxxxxx/xxxxxxxxx.xpredictiveHigh
9Filexxx.xpredictiveLow
10Filexx_xxxxx.xpredictiveMedium
11Filexxxxx-xxx.xpredictiveMedium
12Filexxxxx-xxxxxx.xpredictiveHigh
13Filexxxxx-xxxxxx.xpredictiveHigh
14Filexxxxx-xxxx.xpredictiveMedium
15Filexxxxx-xx.xpredictiveMedium
16Filexxxxx-xxx.xpredictiveMedium
17Filexxxxx-xx.xpredictiveMedium
18Filexxx_xxxxxxx.xpredictiveHigh
19Argumentxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
20ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!