GoldBrute Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (95)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en74
fr8
de4
it4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us74
cn20
ie2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

GoldBrute2
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Video Surveillance Software12
Content Management System8
Forum Software6
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Sourcecodester2
phpAdultSite2
Ovislink2
Linux2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

ZoneMinder12
Phorum4
Store Locator Plugin2
MantisBT2
PBSite2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MaxWebPortal pm_delete2.asp sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03
2Phorum pm.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.016500.03CVE-2007-2339
3Pmachine lib.inc.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.028690.04CVE-2003-1086
4DeluxeBB pm.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006770.03CVE-2006-3303
5LokwaBB Message pm.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002720.04CVE-2002-1880
6Phorum pm.php path traversal5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.009910.05CVE-2006-3611
7PCXP TOPPE CMS pm.php cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.002590.04CVE-2005-2465
8ZoneMinder index.php Reflected cross site scripting5.35.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.03
9ZoneMinder HTTP POST Request index.php injection5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000960.03CVE-2022-39291
10ZoneMinder index.php sql injection6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.04
11ZoneMinder index.php Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001620.02CVE-2017-5367
12ZoneMinder index.php Reflected cross site scripting4.34.2$0-$5k$0-$5kNot DefinedUnavailable0.000000.04
13ZoneMinder zm_html_view_*.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.002200.03CVE-2008-3881
14ZoneMinder index.php sql injection8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001260.04CVE-2023-26034
15ZoneMinder index.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.007250.03CVE-2017-5368
16ONEdotOH Simple File Manager fm.php memory corruption7.37.1$0-$5k$0-$5kHighUnavailable0.021590.03CVE-2006-6376
17Anti-Web write.cgi path traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.007020.00CVE-2017-9097
18Jobbr co-profile.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001360.00CVE-2009-2427
19Juunan06 eCommerce crudTreatment.php cross-site request forgery5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000740.03CVE-2018-15202
20Bingo News bn_smrep1.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010810.04CVE-2007-0145

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1104.156.249.231104.156.249.231.vultrusercontent.comGoldBrute03/28/2022verifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxxx03/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/login_action.cgipredictiveHigh
2File/drivers/infiniband/core/cm.cpredictiveHigh
3File/zm/index.phppredictiveHigh
4Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
5Fileal_initialize.phppredictiveHigh
6Fileas_archives.phppredictiveHigh
7Filebn_smrep1.phppredictiveHigh
8FileCartView.phppredictiveMedium
9Filecgi-bin/mft/wireless_mft.cgipredictiveHigh
10Filecgi-bin/write.cgipredictiveHigh
11Filech_info.phppredictiveMedium
12Filecl_catlisting.asppredictiveHigh
13Filecl_minical.phppredictiveHigh
14Filexx/xxxxx/xxxx/xxxxxx.xxxpredictiveHigh
15Filexx-xxxxxxx.xxxpredictiveHigh
16Filexx/xxxxxxxxx/xxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
17Filexx.xxxpredictiveLow
18Filexx.xxxpredictiveLow
19Filexxxxx_xx.xxxxpredictiveHigh
20Filexxxxxxx/xxx.xxxpredictiveHigh
21Filexx_xxxxxx.xxxpredictiveHigh
22Filexx-xxxxxxx.xxxpredictiveHigh
23Filexx-xxxxxxx.xxxpredictiveHigh
24Filexx.xxxxxxxxxx.xxxpredictiveHigh
25Filexx.xxxpredictiveLow
26Filexx.xxxpredictiveLow
27Filexx_xxxxxxxxxx.xxxpredictiveHigh
28Filexx_xxx.xxxpredictiveMedium
29Filexx_xxxxxx.xxxpredictiveHigh
30Filexx_xxxxxxx.xxxpredictiveHigh
31Filexx_xxxxxx.xxxpredictiveHigh
32Filexx_xxxx_xxxx.xxxpredictiveHigh
33Filexx.xxxpredictiveLow
34Filexx_xxxxxxx.xxxpredictiveHigh
35Filexx_xxxxx.xxxpredictiveMedium
36Filexxxxx-xx.xpredictiveMedium
37Filexx-xxxxxxx/xx-xxxxxxx.xxxpredictiveHigh
38Filexxxx.xxxpredictiveMedium
39Filexx-xxx.xxxpredictiveMedium
40Filexxxxx-xxxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxx/xxxxxx.xpredictiveHigh
43Filexx_xxxx_xxxx_*.xxxpredictiveHigh
44Filexx_xxxx_xxxx_xxxxx.xxxpredictiveHigh
45Filexx_xxxx_xxxx_xxxxxx.xxxpredictiveHigh
46File~/xx-xxxxx-xxxxxxx.xxxpredictiveHigh
47Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
48Libraryxx_xxx.xxx.xxxpredictiveHigh
49Libraryxx/xxx.xxx.xxxpredictiveHigh
50Argument$_xxxxxx["xxx_xxxx"]predictiveHigh
51Argument$_xxxxxx[xxx_xxxx']predictiveHigh
52Argumentxxxxxx=xxxxpredictiveMedium
53ArgumentxxxxxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxxxpredictiveLow
56Argumentxxx_xxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLow
58Argumentxx_xxx_xxpredictiveMedium
59ArgumentxxxxxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63Argumentxxxxxx#####predictiveMedium
64ArgumentxxxxpredictiveLow
65Argumentxxx_xxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxxxx[xxxxx][xxxxx][x][xxxx]predictiveHigh
68Argumentxxxxxxx[xxxxxxxx]predictiveHigh
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxpredictiveLow
71ArgumentxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73Argumentxxxxx_xxxxpredictiveMedium
74ArgumentxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxxxxx/xxxxxxxpredictiveHigh
77ArgumentxxxxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxpredictiveLow
79Argumentxxxx_xxxpredictiveMedium
80ArgumentxxxxpredictiveLow
81Argumentxx_xxxxpredictiveLow
82ArgumentxxxxxxpredictiveLow
83Argumentxxxxxxx_xxx_xxxxpredictiveHigh
84Argumentxxxx_xxxpredictiveMedium
85Argumentxxx_xxxxxpredictiveMedium
86ArgumentxxxxxxxpredictiveLow
87Argumentxx_xxxxxx_xxxxxpredictiveHigh
88Argumentxxxx_xxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxpredictiveLow
91Argumentxxx_xxxxxxpredictiveMedium
92ArgumentxxxxxpredictiveLow
93ArgumentxxxxpredictiveLow
94Argument_xxxxpredictiveLow
95Argument_xxx/_xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!