Gwmndy 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

タイムライン

言語

en14

国・地域

us8
cn6

アクター

Gwmndy2

アクティビティ

関心

タイムライン

タイプ

Not Defined8
Smartphone Operating System2
Programming Language Software2
Application Server Software2

ベンダー

Not Defined4
Apache4
Google2
Gempar2
Basti2web2

製品

portable SDK for UPnP2
Google Android2
Gempar Script Toko Online2
Basti2web Book Panel2
MidiCart PHP Shopping Cart2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1myPHPNuke print.php SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.009620.04CVE-2008-4088
2Maran PHP Shop prod.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.001370.05CVE-2008-4879
3ESMI PayPal Storefront products1h.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
4Gempar Script Toko Online shop_display_products.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.07CVE-2009-0296
5MidiCart PHP Shopping Cart item_show.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
6Cisco Linksys EA2700 URL 情報の漏洩4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00
7Sumeffect digiSHOP cart.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2010-4633
8Basti2web Book Panel books.php SQLインジェクション7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.06CVE-2009-4889
9Cisco IOS NTP Interface Queue 特権昇格7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005630.00CVE-2016-1478
10phpMyAdmin 特権昇格6.86.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.051280.05CVE-2016-6633
11Apache Commons FileUpload 特権昇格9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.058660.04CVE-2016-1000031
12portable SDK for UPnP unique_service_name メモリ破損10.09.5$0-$5k$0-$5kHighOfficial Fix0.974140.05CVE-2012-5958
13Apache Tomcat StatusManagerServlet 情報の漏洩5.95.4$5k-$25k$0-$5kUnprovenOfficial Fix0.002720.00CVE-2016-0706
14Google Android GPS GpsXtraDownloader.java Hang サービス拒否5.95.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017310.00CVE-2016-5348

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.125.125.5Gwmndy2019年08月02日verified
2XX.XXX.XXX.XXXXxxxxx2019年08月02日verified
3XX.XX.X.XXXxxxxx2019年08月02日verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1059CAPEC-242CWE-94Argument Injectionpredictive
2TXXXX.XXXCAPEC-18CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
3TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Filebooks.phppredictive
2Filecart.phppredictive
3FileGpsXtraDownloader.javapredictive
4Filexxxx_xxxx.xxxpredictive
5Filexxxxx.xxxpredictive
6Filexxxx.xxxpredictive
7Filexxxxxxxxxx.xxxpredictive
8Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
9Argumentxxxxxxpredictive
10Argumentxxxpredictive
11Argumentxxx_xxpredictive
12Argumentxxxx_xxpredictive
13Argumentxxpredictive
14Argumentxxxpredictive
15Network Portxxx/xxx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!