Grayling 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (100)

言語

en	90
it	6
de	2
es	2

国・地域

us	96
cn	2

アクター

Grayling	3
Cobalt Strike	2
PlugX	1
Sliver	1
TrickBot	1

関心

タイプ

Smartphone Operating System	4
Not Defined	4
Forum Software	2
Calendar Software	2
WordPress Plugin	2

ベンダー

Google	4
Not Defined	4
Tritanium Scripts	2
Woltlab	2
Linux	2

製品

Google Android	4
Tritanium Scripts Tritanium Bulletin Board	2
TeamCal	2
Mail Masta Plugin	2
Woltlab Burning Board	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.00	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.67	CVE-2010-0966
3	MGB OpenSource Guestbook email.php SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.01	CVE-2007-0354
4	PHPWind goto.php クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00254	0.04	CVE-2015-4135
5	Google Android Qualcomm メモリ破損	9.8	9.6	$100k 以上	$5k-$25k	Not Defined	Official Fix	0.00321	0.02	CVE-2016-5344
6	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01192	0.02	CVE-2023-21529
7	Apple macOS 特権昇格	8.0	7.9	$5k-$25k	$0-$5k	High	Official Fix	0.00080	0.00	CVE-2023-41993
8	Google Android StorageManagerService.java 情報の漏洩	4.4	4.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20219
9	Spring Framework Incomplete Fix CVE-2018-1270 特権昇格	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.24942	0.03	CVE-2018-1275
10	Alt-N MDaemon Worldclient 特権昇格	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00090	0.04	CVE-2021-27182
11	Fortinet FortiGate HTTP Header 未知の脆弱性	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.00	CVE-2020-15938
12	D-Link DIR-655 C apply_sec.cgi Blank 特権昇格	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01422	0.00	CVE-2019-13560
13	DrayTek Vigor2960/Vigor3900/Vigor300B mainfunction.cgi 特権昇格	9.8	9.8	$25k-$100k	$25k-$100k	High	Not Defined	0.97079	0.05	CVE-2020-8515
14	Woltlab Burning Board register.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00957	0.00	CVE-2007-1443
15	Wheatblog add_comment.php クロスサイトスクリプティング	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00154	0.00	CVE-2006-7002
16	TeamCal register.php ディレクトリトラバーサル	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
17	Public Warehouse Light Blog add_comment.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.01062	0.00	CVE-2007-3131
18	Drupal comment_form_add_preview 特権昇格	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03391	0.00	CVE-2007-0626
19	Mail Masta Plugin campaign_save.php SQLインジェクション	6.7	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00316	0.03	CVE-2017-6098
20	MantisBT Gravatar Plugin Content Security Policy クロスサイトスクリプティング	4.5	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00173	0.00	CVE-2016-7111

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	3.0.93.185	ec2-3-0-93-185.ap-southeast-1.compute.amazonaws.com	Grayling	2023年10月29日	verified	中
2	XX.XXX.XXX.XX		Xxxxxxxx	2023年10月29日	verified	高
3	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxx	2023年10月29日	verified	高

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/inc/campaign_save.php	predictive	高
2	File	adclick.php	predictive	中
3	File	add_comment.php	predictive	高
4	File	apply_sec.cgi	predictive	高
5	File	xxx-xxx/xxxxxxxxxxxx.xxx	predictive	高
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
7	File	xxxxx.xxx	predictive	中
8	File	xxxx.xxx	predictive	中
9	File	xxx/xxxxxx.xxx	predictive	高
10	File	xxxxxxxx.xxx	predictive	中
11	File	xxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
12	Argument	xxx::xxxxxxx::xxxxxx/xxx::xxxxxxx::xxxxxxxxxx	predictive	高
13	Argument	xxxxxxxx	predictive	中
14	Argument	xxxxxxx=xxxxxxxx	predictive	高
15	Argument	xx	predictive	低
16	Argument	xxxx	predictive	低
17	Argument	xxxx_xx	predictive	低
18	Argument	xxxxx_xxxxxx	predictive	中
19	Argument	xxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!