Curious Gorge Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (136)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en74
zh60
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn104
us20
ru8
ca2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Curious Gorge5
Cobalt Strike2
BadBazaar2
Sliver2
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Content Management System10
Operating System8
Firewall Software6
Application Server Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined44
SourceCodester4
Apple4
Apache4
VMware4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHPMailer6
MediaWiki4
VMware Cloud Director4
Microsoft Windows4
MeshCMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Ignite Realtime Openfire Administration Console improper authentication7.87.7$0-$5k$0-$5kHighOfficial Fix0.973460.04CVE-2023-32315
2Apple Mac OS X TCP Timestamp information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.002430.00CVE-2003-0882
3Plesk Obsidian Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001510.04CVE-2020-11583
4OpenVPN Access Server Web Portal entropy5.65.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001510.05CVE-2022-33738
5Essential Addons for Elementor Plugin password recovery8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.084050.00CVE-2023-32243
6Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-12215
7Minio Console Operator Console missing authentication8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.053830.06CVE-2021-41266
8CRMEB Java list sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000720.03CVE-2023-25223
9Oracle Integrated Lights Out Manager (ILOM) Web Remote Code Execution9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.006920.07CVE-2015-4821
10Foxit Reader absPageSpan type conversion7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.016340.00CVE-2018-9938
11Foxit Reader addField use after free7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.023050.00CVE-2018-1178
12Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006280.03CVE-2020-14179
13Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.000430.00CVE-2023-36036
14Freemius SDK Plugin fs_request_get cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.00CVE-2023-33999
15ZFile 1 unrestricted upload7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.002830.04CVE-2022-40050
16Hytec Inter HWL-2511-SS Command Line Interface command injection9.39.1$0-$5k$0-$5kNot DefinedNot Defined0.001250.04CVE-2022-36554
17Cortex Alertmanager Config file inclusion5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.04CVE-2022-23536
18Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.00CVE-2020-11878
19Fortinet FortiOS CLI Command path traversal6.86.8$0-$5k$0-$5kHighNot Defined0.067520.07CVE-2022-41328
20Weaver E-Office File Upload utility_all.php command injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001230.00CVE-2023-2647

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.188.108.119t200514-1.comCurious Gorge03/30/2022verifiedHigh
2XX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedHigh
3XX.XXX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedHigh
4XXX.XX.XXX.XXXxxxxxx Xxxxx03/30/2022verifiedHigh
5XXX.XXX.XX.XXXXxxxxxx Xxxxx03/30/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/admin/user/listpredictiveHigh
2File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
3File/classes/Master.phppredictiveHigh
4File/classes/Master.php?f=delete_servicepredictiveHigh
5File/etc/postfix/sender_loginpredictiveHigh
6File/file/upload/1predictiveHigh
7File/filemanager/ajax_calls.phppredictiveHigh
8File/Items/*/RemoteImages/DownloadpredictiveHigh
9File/xxxxxxx/xx/xxxxxxxxxxxx/xxx-xxxxxxxxxxpredictiveHigh
10File/xxxxxx/xxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
11File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
12File/xxxxxxx/xxx/xxxxxxx_xxx.xxxpredictiveHigh
13Filexxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxxx/?xxxx=xxxx/xxxxxx_xxxxpredictiveHigh
17Filexxxx_xxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
22Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxxx.xxx.xxxpredictiveHigh
25Filexx_xxx_xx.xpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
29Filexxxxx.xpredictiveLow
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxx.xpredictiveMedium
32Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxx_xxxxx.xxxpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxx-xxxxxx.xxpredictiveHigh
41Filexxxxxxxx/predictiveMedium
42Libraryxxx.xxxpredictiveLow
43Argumentxxx_xxpredictiveLow
44Argumentxxx_xxxxpredictiveMedium
45ArgumentxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxxpredictiveLow
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxpredictiveLow
50ArgumentxxxxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
53ArgumentxxxxpredictiveLow
54ArgumentxxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxxxxxxpredictiveHigh
57Argumentxxx xxxpredictiveLow
58ArgumentxxpredictiveLow
59Argumentxxxx_xxxxxpredictiveMedium
60ArgumentxxxpredictiveLow
61ArgumentxxxxxxxxxxxxpredictiveMedium
62Argumentxxxxxx[]predictiveMedium
63ArgumentxxxxpredictiveLow
64Input Value\xxx\xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!