StrikeSuit Gif Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (293)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en226
it36
fr22
de8
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us282
tr10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

StrikeSuit Gif5
APT282
APT322
Raccoon2
Cobalt Strike2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Smartphone Operating System16
Web Browser14
Operating System14
Bug Tracking Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
Apple18
Google14
Mozilla10
GitLab8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android14
Mozilla Firefox10
GitLab Community Edition8
Linux Kernel6
Apple macOS6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1BD Totalys MultiProcessor hard-coded credentials8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
2Puppet Agent SSL Certificate Valu certificate validation5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.04CVE-2018-11751
3Norton Password Manager origin validation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2019-18381
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
5Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.07CVE-2021-34473
6D-Link DWR-113 cross-site request forgery7.06.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005210.00CVE-2014-3136
7CrushFTP redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000780.04CVE-2018-18288
8TRENDnet TEW-651BR/TEW-652BRP/TEW-652BRU get_set.ccp memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002440.04CVE-2019-11400
9omniauth-facebook Gem Access Token improper authentication7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.009880.00CVE-2013-4593
10Google Android Permission RecentLocationApps.java permission assignment4.94.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000470.04CVE-2019-9464
11private_address_check Ruby Gem Resolv.getaddresses 7pk security6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003710.00CVE-2017-0904
12Xen memory corruption5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2017-15593
13Ghostscript JBIG2 Image jbig2_decode_gray_scale_image memory corruption5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001840.00CVE-2016-9601
14Apple watchOS WebKit memory corruption7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006270.00CVE-2017-7165
15IBM Rational License Key Server Administration/Reporting Tool information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-5045
16Eaton ELCSoft input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006040.00CVE-2018-7511
17Mozilla Firefox memory corruption8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.007680.03CVE-2018-5145
18Amazon Music Player input validation7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.025930.00CVE-2018-1169
19GNU binutils libbfd coffgen.c coff_pointerize_aux input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.008610.00CVE-2018-7208
20MediaTek MT6873/MT6875/MT6883/MT6885/MT6889/MT6891/MT6893 mdlactl Driver memory corruption6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2021-0655

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.227.196.21023-227-196-210.static.hvvc.usStrikeSuit Gif07/29/2022verifiedHigh
280.255.3.870zr0.netdoincr.comStrikeSuit Gif07/29/2022verifiedHigh
3XX.XXX.XX.XXXXxxxxxxxxx Xxx07/29/2022verifiedHigh
4XXX.XXX.XXX.XXxx.xxxxxxx.xxx.xxxxxxx.xxXxxxxxxxxx Xxx07/29/2022verifiedHigh
5XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxxxxxx-xxxXxxxxxxxxx Xxx07/29/2022verifiedHigh
6XXX.XXX.XXX.XXXxxxx.xxxxxxxxx.xxx.xxXxxxxxxxxx Xxx07/29/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/cgiServer.exxpredictiveHigh
2File/event/runquery.dopredictiveHigh
3File/system/ws/v11/ss/emailpredictiveHigh
4Fileadd_vhost.phppredictiveHigh
5Fileadv2.php?action=modifypredictiveHigh
6Fileagent.cfgpredictiveMedium
7Filearch/x86/include/asm/fpu/internal.hpredictiveHigh
8Fileasm/float.cpredictiveMedium
9Fileasm/nasm.cpredictiveMedium
10Filexxxx.xxxpredictiveMedium
11Filexxx-xxx/xxxx/xxxxx/xxxxxxx/xxxxxxxx/xxxxxpredictiveHigh
12Filexxxxxx/xxx.xpredictiveMedium
13Filexxxxxx/xxxx.xpredictiveHigh
14Filexxxxxxx.xpredictiveMedium
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx.xxpredictiveHigh
17Filexxxxxxx/xxx/xxx/xxx/xxx_xx.xpredictiveHigh
18Filexxxxxxx/xxx/xxxx/xxxxxxxxx.xpredictiveHigh
19Filexxxxxxxxxx.xpredictiveMedium
20Filexxx.xpredictiveLow
21Filexxxxxx-xxxxxxx.xxpredictiveHigh
22Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxx.xpredictiveMedium
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxx_xxx.xxxpredictiveMedium
26Filexxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
27Filexxxx/xxxx_xxxxx.xpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxx.xpredictiveLow
31Filexxxxx.xpredictiveLow
32Filexxxxxxxxxxx.xxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
35Filexxxx/xxx/xxx.xpredictiveHigh
36Filexxxx/xxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxxxx.xxxxxpredictiveHigh
37Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx/xxxxxxxxxx.xpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxx/xxxxx.xxx/xxxxpredictiveHigh
41Filexxxxxx/xxxxx.xxx/xxxx/xxxxxxxxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
42Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxxxx.xxpredictiveMedium
44Filexxxxx/xxxxx.xxxpredictiveHigh
45Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
46Filexxxx.xpredictiveLow
47Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
48Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
49Libraryxxxxxxxx.xxxpredictiveMedium
50Libraryxx/xxxxx/xxxxxx_xxxxxx.xpredictiveHigh
51Libraryxxxxxxxxx.xxxpredictiveHigh
52Libraryxxx/xxx.xxxpredictiveMedium
53Libraryxxxxxxx_xxxx_xxx.xxxpredictiveHigh
54Libraryxxxxxxx_xxx.xxxpredictiveHigh
55Argument$xxxxpredictiveLow
56Argument%xpredictiveLow
57ArgumentxxxxxxxpredictiveLow
58Argumentxxx_xxxpredictiveLow
59ArgumentxxxxxxxpredictiveLow
60Argumentxxxxxxxx/xxxxxxxpredictiveHigh
61ArgumentxxpredictiveLow
62Argumentx/xx/xxxpredictiveMedium
63ArgumentxxxxxxpredictiveLow
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66ArgumentxxxxxxxpredictiveLow
67ArgumentxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71Argumentxx_xxxx_xxxpredictiveMedium
72ArgumentxxxpredictiveLow
73Argument_xxxxxxxxxpredictiveMedium
74Input Value%xx/%xxpredictiveLow
75Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
76Network PortxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!