Gayfemboy
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:50
- Modified
- 21/12/2025 09:48
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 22 attack patterns (mitre), 1 intrusion sets (apt), 4 sectors, 12 countries, 54 indicators, 16 vulnerabilities (cve), 2 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (22)
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1499 usesEndpoint Denial of Service MITRE
-
T1571 usesNon-Standard Port MITRE
-
T1133 usesExternal Remote Services MITRE
-
T1016 usesSystem Network Configuration Discovery MITRE
-
T1595 usesActive Scanning MITRE
-
T1568 usesDynamic Resolution MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
-
T1078 usesValid Accounts MITRE
-
T1102 usesWeb Service MITRE
-
T1562 usesImpair Defenses MITRE
-
T1588 usesObtain Capabilities MITRE
Intrusion sets (APT) (1)
-
Gayfemboy usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (4)
-
Construction targets
-
Technology targets
-
Media targets
-
Manufacturing targets
Countries (12)
-
United Kingdom of Great Britain and Northern Ireland targets
-
United States of America targets
-
Brazil targets
-
France targets
-
Singapore targets
-
China targets
-
Iran, Islamic Republic of targets
-
Israel targets
-
Germany targets
-
Switzerland targets
-
Mexico targets
-
Russian Federation targets
Indicators (54)
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
-
stix 100/100· Valid until 21/08/2026 · Source: AlienVault
Vulnerabilities (CVE) (16)
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when …
- Attack vector
- Network
- Published
- 04/11/2024
- Modified
- 21/12/2025
DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
- Attack vector
- ADJACENT_NETWORK
- Published
- 04/11/2024
- Modified
- 21/12/2025
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.
- Attack vector
- Adjacent
- Published
- 01/05/2023
- Modified
- 21/12/2025
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration …
- Attack vector
- Network
- Published
- 04/11/2024
- Modified
- 21/12/2025
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMGroup.`
- Attack vector
- ADJACENT_NETWORK
- Published
- 04/11/2024
- Modified
- 21/12/2025
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
- Attack vector
- ADJACENT_NETWORK
- Published
- 04/11/2024
- Modified
- 21/12/2025
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code …
- Attack vector
- Network
- Published
- 28/07/2025
- Modified
- 21/12/2025
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the …
- Attack vector
- ADJACENT_NETWORK
- Published
- 28/10/2024
- Modified
- 21/12/2025
DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 …
- Attack vector
- NETWORK
- Published
- 11/06/2019
- Modified
- 21/12/2025
DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `autodiscovery_clear.`
- Attack vector
- ADJACENT_NETWORK
- Published
- 04/11/2024
- Modified
- 21/12/2025
A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part …
- Attack vector
- NETWORK
- Published
- 26/07/2024
- Modified
- 21/12/2025
Reports (2)
-
12 MITREs 2 Malwares
-
4 CVEs 14 MITREs 2 Malwares 56 Observables 1 APT