GroundPeony 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (190)

タイムライン

言語

en162
zh22
de4
pl2

国・地域

us134
cn48
de6
bg2

アクター

GroundPeony3
Cobalt Strike2
Ave Maria2
SideWinder2
Johnnie1

アクティビティ

関心

タイムライン

タイプ

Not Defined36
Router Operating System16
Content Management System4
Photo Gallery Software4
Operating System4

ベンダー

Not Defined26
D-Link10
TP-LINK4
Coppermine4
Combodo2

製品

Coppermine Photo Gallery4
Combodo iTop2
D-Link COVR 12002
D-Link COVR 12022
D-Link COVR 12032

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.30CVE-2010-0966
3MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.74CVE-2007-0354
4FineCMS Redirector Weixin.php6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.001210.07CVE-2017-11586
5D-Link DIR-846 HNAP1 Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.006670.00CVE-2023-33735
6PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.18CVE-2015-4134
7D-Link DIR-860L/DIR-865L/DIR-868L soap.cgi 特権昇格8.58.5$5k-$25k$5k-$25kHighNot Defined0.936440.00CVE-2018-6530
8Serendipity exit.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.15
9Esoftpro Online Guestbook Pro ogp_show.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.30CVE-2009-4935
10Softnext SPAM SQR 特権昇格7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.05CVE-2023-24835
11D-Link DIR-850L category_view.php 弱い認証8.58.1$5k-$25k$0-$5kProof-of-ConceptNot Defined0.925780.03CVE-2018-9032
12Ubiquiti EdgeOS 特権昇格8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.001040.00CVE-2017-0932
13FLDS redir.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.002030.11CVE-2008-5928
14Coppermine Photo Gallery showdoc.php ディレクトリトラバーサル5.54.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013120.00CVE-2007-4976
15Samsung Galaxy Store クロスサイトスクリプティング5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.00CVE-2023-21434
16BESDER IP Camera VideoPlayTool 特権昇格7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001060.08CVE-2023-33443
17ZhongBangKeJi CRMEB UploadService.php Getshell 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003090.05CVE-2020-21787
18Jumpserver クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2022-42225
19Netgear R6260 SOAP Request setupwizard.cgi メモリ破損8.88.8$25k-$100k$5k-$25kNot DefinedNot Defined0.000800.00CVE-2021-34978
20D-Link DIR-823 HNAP Login メモリ破損8.58.5$5k-$25k$0-$5kHighNot Defined0.968630.00CVE-2016-6563

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2022-30190

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1103.199.17.184GroundPeonyCVE-2022-301902023年08月29日verified
2XXX.XX.XXX.XXXxxx.xxx.xx.xxxXxxxxxxxxxxXxx-xxxx-xxxxx2023年08月29日verified
3XXX.XX.XXX.XXXXxxxxxxxxxxXxx-xxxx-xxxxx2023年08月29日verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/index.phppredictive
2File/category_view.phppredictive
3File/crmeb/crmeb/services/UploadService.phppredictive
4File/etc/passwdpredictive
5File/forum/away.phppredictive
6File/getcfg.phppredictive
7File/HNAP1predictive
8File/SetTriggerWPS/PINpredictive
9Fileadclick.phppredictive
10Filexxx_xxxxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxxx.xxxpredictive
13Filexxxx_xx.xxpredictive
14Filexxxxxxxxxxxxxpredictive
15Filexxxxxxxxxxx/xxxxxx.xxxpredictive
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
17Filexxxxxx.xxxpredictive
18Filexxxx/xxxxxxx.xxxpredictive
19Filexxxxxxx/xxx/x_xxx.xpredictive
20Filexxxxx.xxxpredictive
21Filexxxx.xxxpredictive
22Filexxxxxxxxx.xxx.xxxpredictive
23Filexxxx.xxxpredictive
24Filexxx/xxxxxx.xxxpredictive
25Filexxxxxxxxxxxxxxxxxxxxxxx.xx?xxxxxxxxxxxxpredictive
26Filex_xxxxxxxx_xxxxxpredictive
27Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictive
28Filexxxxxxx.xxxpredictive
29Filexxx_xxxx.xxxpredictive
30Filexxxxxxxx.xxxpredictive
31Filexxx-xxxx\xxxxx\xxxxxx_xxxx\xxxxx.xxxpredictive
32Filexxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx_xxxx.xxpredictive
33Filexxxxx_xxxxxx_xxx.xxxpredictive
34Filexxxx.xxxpredictive
35Filexxxxx.xxxpredictive
36Filexxxxxxxx.xxxpredictive
37Filexxxxxxxxxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxx.xxxpredictive
40Filexxxxxxxxxxx.xxxpredictive
41Filexxxx.xxxpredictive
42Filexxx_xxxxx.xpredictive
43Filexxxxxx.xxxpredictive
44Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictive
45Filexxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxxpredictive
46Filexx-xxxxxxxx/xxxx.xxxpredictive
47Libraryxxxxxxxx.xxxpredictive
48Libraryxxxxxxxx.xxxpredictive
49Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictive
50Argumentxxxxxxxxpredictive
51Argumentxxxxxxxxxxxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxxxxxpredictive
54Argumentxxxxxpredictive
55Argumentxxxpredictive
56Argumentxxxxpredictive
57Argumentxxpredictive
58Argumentxxxpredictive
59Argumentx_xxxxxxxxpredictive
60Argumentxxxxxxpredictive
61Argumentxxxxxpredictive
62Argumentxxxxxxxpredictive
63Argumentxxxx_xxxxxpredictive
64Argumentxxxpredictive
65Argumentxxxxx/xxxpredictive
66Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictive
67Argumentxxxpredictive
68Input Valuexxxxxxxxxxxxx/xxxxxxx_xxxxx.xxxx_xxxxxxpredictive
69Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!