GandCrab v5 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

言語

en	24

アクター

Baldr	1
Nemty	1
Sload	1
GandCrab v5	1
CoinMiner	1

関心

タイプ

Forum Software	22
Not Defined	2

ベンダー

Not Defined	22
Jelsoft	2

製品

phpBB	10
PunBB	6
vBulletin	4
Tapatalk Plugin	2
Jelsoft vBulletin	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	vBulletin decodeArguments 特権昇格	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.74237	0.00	CVE-2015-7808
2	vBulletin クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01146	0.00	CVE-2004-1824
3	Tapatalk Plugin XMLRPC API unsubscribe_forum.php SQLインジェクション	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00242	0.00	CVE-2014-2023
4	phpBB Perl ucp_pm_options.php message_options 未知の脆弱性	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00335	0.04	CVE-2015-1432
5	vBulletin SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00214	0.00	CVE-2014-5102
6	PunBB クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00199	0.03	CVE-2010-0455
7	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.28	CVE-2018-6200
8	vBulletin Vbulletin Forum Remote Code Execution	9.8	8.5	$0-$5k	$0-$5k	Unproven	Official Fix	0.00620	0.00	CVE-2012-4328
9	phpBB install.php 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00590	0.03	CVE-2002-1707
10	PunBB register.php SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00543	0.05	CVE-2005-0569
11	vBulletin moderation.php SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00284	0.03	CVE-2016-6195
12	vBulletin XMLRPC API breadcrumbs_create.php SQLインジェクション	6.3	6.3	$0-$5k	$0-$5k	High	Unavailable	0.00102	0.00	CVE-2014-2022
13	vBulletin visitormessage.php 特権昇格	7.5	7.4	$0-$5k	$0-$5k	High	Unavailable	0.03104	0.04	CVE-2014-9463
14	PunBB Password Reset moderate.php 特権昇格	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02283	0.04	CVE-2008-1484
15	phpBB modcp.php 情報の漏洩	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00392	0.00	CVE-2008-7143
16	PunBB profile.php SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00322	0.00	CVE-2005-2193
17	phpBB links.php SQLインジェクション	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00220	0.00	CVE-2007-4653
18	phpBB Remote Avatar 特権昇格	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00188	0.02	CVE-2017-1000419
19	phpBB 情報の漏洩	9.8	8.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00269	0.00	CVE-2008-1766
20	phpBB startup.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00287	0.04	CVE-2015-1431

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	92.63.197.48		GandCrab v5		2018年10月13日	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	ajax/api/hook/decodeArguments	predictive	高
2	File	breadcrumbs_create.php	predictive	高
3	File	forumrunner/includes/moderation.php	predictive	高
4	File	includes/startup.php	predictive	高
5	File	xxxxxxxx/xxx/xxx_xx_xxxxxxx.xxx	predictive	高
6	File	xxxxxxx.xxx	predictive	中
7	File	xxxxx.xxx	predictive	中
8	File	xxxxx.xxx	predictive	中
9	File	xxxxxxxx.xxx	predictive	中
10	File	xxxxxxx.xxx	predictive	中
11	File	xxxxxxxxxx.xxx	predictive	高
12	File	xxxxxxxx.xxx	predictive	中
13	File	xxxxxxxxxxx_xxxxx.xxx	predictive	高
14	File	xxxxxxxxxxxxxx.xxx	predictive	高
15	Argument	xxxxxxxxx	predictive	中
16	Argument	xxxxxxxxx	predictive	中
17	Argument	xxx_xxxx	predictive	中
18	Argument	xxxxx_xxxx_xxx	predictive	高
19	Argument	xxx	predictive	低
20	Argument	xxxxxxx	predictive	低
21	Argument	xxxx	predictive	低
22	Argument	xxxxxxxxxxxxxxxx	predictive	高
23	Argument	xxxxx	predictive	低
24	Argument	xxxxxx	predictive	低
25	Argument	xxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!