Guccifer 2.0 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

fr4
ru2
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Guccifer 2.01

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
WordPress Plugin6
Content Management System6
Wireless LAN Software4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
IBM8
Microsoft6
Monroe Electronics4
Juniper2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Monroe Electronics R189 One-Net EAS4
monetize Plugin2
Juniper Junos2
MemberSonic Lite Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1ProFTPD mod_copy File access control7.37.0$0-$5k$0-$5kHighOfficial Fix0.970910.35CVE-2015-3306
2LOCKON EC-CUBE path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002800.00CVE-2013-3654
3Monroe Electronics R189 One-Net EAS Default Configuration cryptographic issues9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007260.00CVE-2013-0137
4Choice-wireless WIXFMR-111 ajax.cgi improper authentication9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.008210.00CVE-2013-4731
5Monroe Electronics R189 One-Net EAS credentials management9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.008260.00CVE-2013-4732
6Monroe Electronics R189 One-Net EAS access control7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003210.00CVE-2013-4733
7Linux Kernel xdp_umem.c xdp_umem_reg out-of-bounds write6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2020-12659
8SAE FW-50 Remote Telemetry Unit path traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.002350.00CVE-2020-10634
9IBM Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-6022
10IBM Rational Quality Manager Web UI cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-6031
11IBM Rational Quality Manager cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-6036
12IBM Curam Social Program Management xml external entity reference7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001940.00CVE-2016-6111
13Nagios cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.00CVE-2016-6209
14Cisco 2100 Wireless LAN Controller resource management7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2012-0369
15Cisco Wireless LAN Controller Software resource management7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2012-0370
16Cisco Wireless LAN Controller Software access control9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003690.00CVE-2012-0371
17ninja-forms Plugin cross-site request forgery5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2020-12462
18jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.061240.04CVE-2020-11022
19Netgear WNR2000v5 stack-based overflow6.15.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.00CVE-2018-21181
20BigBlueButton information disclosure6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001890.03CVE-2020-12112

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
195.130.9.198Guccifer 2.012/23/2020verifiedHigh
295.130.15.34Guccifer 2.012/23/2020verifiedHigh
3XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedHigh
4XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedHigh
5XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedHigh
6XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedHigh
7XX.XXX.XX.XXXxxxxxxx X.x12/23/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Forms/predictiveLow
2File/see_more_details.phppredictiveHigh
3Fileajax.cgipredictiveMedium
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxxxxxx.xxxpredictiveMedium
6Filexx/xxxxxxx-xxxxxxx.xpredictiveHigh
7Filexxx/xxx/xxx_xxxx.xpredictiveHigh
8Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxx-xxxxx-xxxpredictiveHigh
9Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxx-xxxxxxxxxxx-xxxxx%xxxxxxxxx%xxxxxxx.xxxpredictiveHigh
10Filexxxxxxx-xxxxxx.xxxpredictiveHigh
11Argumentxxxx/xxxxpredictiveMedium
12ArgumentxxpredictiveLow
13ArgumentxxxpredictiveLow
14ArgumentxxxxxxxpredictiveLow
15Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
16Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!