GandCrab Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
IOC - Indicator of Compromise (169)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (19)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (228)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /../conf/config.properties | predictive | High |
2 | File | /drivers/infiniband/core/cm.c | predictive | High |
3 | File | /files.md5 | predictive | Medium |
4 | File | /forum/away.php | predictive | High |
5 | File | /horde/util/go.php | predictive | High |
6 | File | /hrm/employeeview.php | predictive | High |
7 | File | /images/ | predictive | Medium |
8 | File | /inc/parser/xhtml.php | predictive | High |
9 | File | /login | predictive | Low |
10 | File | /modules/profile/index.php | predictive | High |
11 | File | /one_church/userregister.php | predictive | High |
12 | File | /out.php | predictive | Medium |
13 | File | /public/plugins/ | predictive | High |
14 | File | /SAP_Information_System/controllers/add_admin.php | predictive | High |
15 | File | /SASWebReportStudio/logonAndRender.do | predictive | High |
16 | File | /secure/admin/InsightDefaultCustomFieldConfig.jspa | predictive | High |
17 | File | /secure/admin/ViewInstrumentation.jspa | predictive | High |
18 | File | /tmp/phpglibccheck | predictive | High |
19 | File | /v2/quantum/save-data-upload-big-file | predictive | High |
20 | File | 4.edu.php | predictive | Medium |
21 | File | adclick.php | predictive | Medium |
22 | File | addentry.php | predictive | Medium |
23 | File | addressbookprovider.php | predictive | High |
24 | File | admin.jcomments.php | predictive | High |
25 | File | admin/pageUploadCSV.php | predictive | High |
26 | File | ajax_udf.php | predictive | Medium |
27 | File | AppCompatCache.exe | predictive | High |
28 | File | application.js.php | predictive | High |
29 | File | xxx/xxxxxxx-xxxxxxx-xxx.xx | predictive | High |
30 | File | xxxxxxxxxxxx.x | predictive | High |
31 | File | xxxx_xxxxxxxxxxx.xxx | predictive | High |
32 | File | xxxxxxx_xxxxxxx.xxx | predictive | High |
33 | File | xxxxxxx/xxxxxxxxxx/xxxxxx_xxxxxx_xxxxxxxx_xxxxx.xx | predictive | High |
34 | File | xxxxxxxxxxx.xx | predictive | High |
35 | File | xxxx_xxxxxxx.xxx | predictive | High |
36 | File | xxxxxxxx.xxx | predictive | Medium |
37 | File | xxxxxxxx.xxx | predictive | Medium |
38 | File | xxxx.xxx | predictive | Medium |
39 | File | xxx-xxx/xxx/xxxxxxxx_xxx.xxx | predictive | High |
40 | File | xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx | predictive | High |
41 | File | xxxxxxxxx-xxxxxx.xxx | predictive | High |
42 | File | xxxxxxx.xxx | predictive | Medium |
43 | File | xxxx.x | predictive | Low |
44 | File | xxxxxxx/xxxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxx_xxxxxxx.xx | predictive | High |
45 | File | xxxx/xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
46 | File | xxxxxxxx.xxxxxxxxxx | predictive | High |
47 | File | xxxxxxxxxxxxxxxxxxx.xx | predictive | High |
48 | File | xxxxxxx-xxxxxxxx.xxx | predictive | High |
49 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
50 | File | xx.xxx | predictive | Low |
51 | File | xxxxxxxxxx-xxxxxxxxxxxxx.xxx | predictive | High |
52 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | High |
53 | File | xxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxxx.x | predictive | High |
54 | File | xxxxxx.xxx | predictive | Medium |
55 | File | xxxxx.xxx | predictive | Medium |
56 | File | xxxx.xxx | predictive | Medium |
57 | File | xxx/xxx/xxx.x | predictive | High |
58 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | High |
59 | File | xxxx.xxx | predictive | Medium |
60 | File | xxxxx_xxxxxxxx.xxx | predictive | High |
61 | File | xxxxxxxxx.xxx | predictive | High |
62 | File | xxx/xxxxxx.xxx | predictive | High |
63 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | High |
64 | File | xxxxx.xxx | predictive | Medium |
65 | File | xxxxxxx/xxxxxxxxxxxxxxxxxx.xxx | predictive | High |
66 | File | xxxxxx/xxxx/xxxxxx_xxx.xxx | predictive | High |
67 | File | xxxx_xxxx.xxx | predictive | High |
68 | File | xxx.xx | predictive | Low |
69 | File | xxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
70 | File | xxxxxx/xxxxxx/xxxxxx-xx.x | predictive | High |
71 | File | xxxxxx-xxxxx.xxx | predictive | High |
72 | File | xxxxxxxxxx/xxx.x | predictive | High |
73 | File | xxxxxxxxxx/xxxx_xx.x | predictive | High |
74 | File | xxxxxxxxxx/xxxx.x | predictive | High |
75 | File | xxxxxxxxxx/xxxxxxx_xxxxxxxx.x | predictive | High |
76 | File | xxxxxxxxxx/xxxxxxxxx.x | predictive | High |
77 | File | xxxxxxxxxx/xxxxxxxxxxxxxx.x | predictive | High |
78 | File | xxxxxxxxxxx/xxxxxx.x | predictive | High |
79 | File | xxxx/xx.xxx | predictive | Medium |
80 | File | xxxxx.xxx | predictive | Medium |
81 | File | xxxx.xxx | predictive | Medium |
82 | File | xxxxxxxxxxxxxx_xxxxxxxxx.xxx | predictive | High |
83 | File | xxxxxxxxx.xxx | predictive | High |
84 | File | xxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxx | predictive | High |
85 | File | xxx/xxxx/xxxx.x | predictive | High |
86 | File | xxx/xxxxxxxxx/xx_xxx_xxxxxx.x | predictive | High |
87 | File | xxxx/xxxxxxxxx.xxx | predictive | High |
88 | File | xxxxx_xxxxx.xxx | predictive | High |
89 | File | xxxx.xxx | predictive | Medium |
90 | File | xxxxx/xxxxxxx.xxx | predictive | High |
91 | File | xxxx.xxx | predictive | Medium |
92 | File | xxxxxxxx.xxx | predictive | Medium |
93 | File | xxxxxxxxxx.xxx | predictive | High |
94 | File | xxx_xxxxxxxxxxxx.xxx | predictive | High |
95 | File | xxxxxxxxxx.xx | predictive | High |
96 | File | xxxxx.xxx | predictive | Medium |
97 | File | xxxxx.xxx | predictive | Medium |
98 | File | xxxxxxxx.xxx | predictive | Medium |
99 | File | xxxxxxxxxx.xxx | predictive | High |
100 | File | xxxxxxxx.xxx | predictive | Medium |
101 | File | xxxxxxxx_xxxxxxxxxxxx_xxxxxx.xx | predictive | High |
102 | File | xxxxxxxx_xxxx.xxx | predictive | High |
103 | File | xxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
104 | File | xxxxxxxx.x | predictive | Medium |
105 | File | xx_xxxx.x | predictive | Medium |
106 | File | xx_xxx.x | predictive | Medium |
107 | File | xxxxxxx.xx | predictive | Medium |
108 | File | xxxxxx.xxxx | predictive | Medium |
109 | File | xxxxxxxx-xxxxxx_xxxxx.xxx | predictive | High |
110 | File | xxx_xxxxx.xxx | predictive | High |
111 | File | xxxxx.xxx | predictive | Medium |
112 | File | xxxxxxxxxxxxxxxx.xx | predictive | High |
113 | File | xxxxxxx.xxx | predictive | Medium |
114 | File | xxxxxxxxxxxxxxxx.xxxx | predictive | High |
115 | File | xxxxx.xx | predictive | Medium |
116 | File | xxxxxxxxx.x | predictive | Medium |
117 | File | xxxxx_xxxxxx.xxxx | predictive | High |
118 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | High |
119 | File | xxxxxxxxxxxxxxxx.xxx | predictive | High |
120 | File | xxxxxxxxx.xx | predictive | Medium |
121 | File | xx-xxxxx/xxxxx.xxx | predictive | High |
122 | File | xxxxxx.xxx | predictive | Medium |
123 | File | xxxx_xxxx_xxxxxxx.xxx | predictive | High |
124 | File | ~/xxxxxxxx-xxxxxxxx.xxx | predictive | High |
125 | Library | xxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxx/xxxx/xxxxxx/xxx/xxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxxxxxxxxxxxx.xxxx | predictive | High |
126 | Library | xxxxxx.xxx | predictive | Medium |
127 | Library | xxxxxx.xxxxxxxxx.xxxxxxx.xxxxx_xxxxx.xxx | predictive | High |
128 | Library | xxxxxxxx_x.xxx | predictive | High |
129 | Library | xxxxxxx\xxx\xxxxxxxx-xxx-x.xxx | predictive | High |
130 | Library | xxxxxxx_xxxxxx_xxx_x.x.xxx | predictive | High |
131 | Library | xxx/xxxxxxx.x | predictive | High |
132 | Library | xxx/xxxxxxxxx/x-xxxx.xxx | predictive | High |
133 | Library | xxx/xxx.xxx | predictive | Medium |
134 | Library | xxx/xxxxx/xxxxxxxxxxx.xxx | predictive | High |
135 | Library | xxxxxxxxx.x.x.xxx.xxx | predictive | High |
136 | Library | xxxxxxxx.xxx | predictive | Medium |
137 | Library | xxxxxxxxxxx.xxx | predictive | High |
138 | Library | xxxxx.xxx | predictive | Medium |
139 | Argument | $_xxxx['xxxxxxx'] | predictive | High |
140 | Argument | $_xxxxxx | predictive | Medium |
141 | Argument | xxxxx | predictive | Low |
142 | Argument | xxxxxxx | predictive | Low |
143 | Argument | xx | predictive | Low |
144 | Argument | xxx_xxx_xxxxx | predictive | High |
145 | Argument | xxxxxxxx | predictive | Medium |
146 | Argument | xxxxxxxx | predictive | Medium |
147 | Argument | xx_xxxx_xx | predictive | Medium |
148 | Argument | xxxx_xxx_xxxx | predictive | High |
149 | Argument | xxx | predictive | Low |
150 | Argument | xxx | predictive | Low |
151 | Argument | xxxx_xx | predictive | Low |
152 | Argument | xxxxxxx | predictive | Low |
153 | Argument | xxxxxxx | predictive | Low |
154 | Argument | xxxxxxx | predictive | Low |
155 | Argument | xxxxxx | predictive | Low |
156 | Argument | xxx | predictive | Low |
157 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
158 | Argument | xxxxx | predictive | Low |
159 | Argument | xxxx | predictive | Low |
160 | Argument | xxxx | predictive | Low |
161 | Argument | xxxxxxxxxxxxxxx | predictive | High |
162 | Argument | xxxxxxx | predictive | Low |
163 | Argument | xxxx | predictive | Low |
164 | Argument | xxxxxxxx | predictive | Medium |
165 | Argument | xxxxxxxx | predictive | Medium |
166 | Argument | xxxx | predictive | Low |
167 | Argument | xxxx | predictive | Low |
168 | Argument | xxxxx_xxxxxxxx_xx | predictive | High |
169 | Argument | xxxxxxx | predictive | Low |
170 | Argument | xxxxx_xxxx | predictive | Medium |
171 | Argument | xxxx | predictive | Low |
172 | Argument | xx | predictive | Low |
173 | Argument | xxxxxxxxx | predictive | Medium |
174 | Argument | xx_xxxx | predictive | Low |
175 | Argument | xx_xxxx | predictive | Low |
176 | Argument | xxxxx_xxxx | predictive | Medium |
177 | Argument | xxxxxxx xxxxxxx | predictive | High |
178 | Argument | xxxx | predictive | Low |
179 | Argument | xxxxxxx | predictive | Low |
180 | Argument | xxxxxxxxxx | predictive | Medium |
181 | Argument | xxx_xxxxx | predictive | Medium |
182 | Argument | xxxx | predictive | Low |
183 | Argument | xxx_xxxxxxx | predictive | Medium |
184 | Argument | xxxxx | predictive | Low |
185 | Argument | xxxxxx xxxxxx | predictive | High |
186 | Argument | xxxxxxxx | predictive | Medium |
187 | Argument | xxxx | predictive | Low |
188 | Argument | xxxxxxxx | predictive | Medium |
189 | Argument | xxxxxxxx | predictive | Medium |
190 | Argument | xxxx_xxxxx | predictive | Medium |
191 | Argument | xxxx | predictive | Low |
192 | Argument | xxxxxxxxxxx | predictive | Medium |
193 | Argument | xxxxxxx_xx | predictive | Medium |
194 | Argument | xxxxx | predictive | Low |
195 | Argument | xxxxxxx | predictive | Low |
196 | Argument | xxxxxxxxxx | predictive | Medium |
197 | Argument | xxxx | predictive | Low |
198 | Argument | xxxxxxxxxx | predictive | Medium |
199 | Argument | xxxxxxxxxx | predictive | Medium |
200 | Argument | xxxxxxx | predictive | Low |
201 | Argument | xxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxx | predictive | High |
202 | Argument | xxxxxx_xx | predictive | Medium |
203 | Argument | xxxxxx | predictive | Low |
204 | Argument | xxxxxx-xxxxx | predictive | Medium |
205 | Argument | xxxxxxx | predictive | Low |
206 | Argument | xxxxxxxxxxxx | predictive | Medium |
207 | Argument | xxxx | predictive | Low |
208 | Argument | xxxxx | predictive | Low |
209 | Argument | xxxx_xxxxx_xxxx | predictive | High |
210 | Argument | xxxxxxxxxx | predictive | Medium |
211 | Argument | xxxxx | predictive | Low |
212 | Argument | xxxxxx-xxx | predictive | Medium |
213 | Argument | xxxxxx/xxxxxxxxxxxxxxxx | predictive | High |
214 | Argument | x_xx | predictive | Low |
215 | Argument | xxxxx | predictive | Low |
216 | Argument | xxxxx | predictive | Low |
217 | Argument | xxxxx | predictive | Low |
218 | Argument | xxxx | predictive | Low |
219 | Argument | xxx | predictive | Low |
220 | Argument | xxxxxxxx | predictive | Medium |
221 | Argument | xxxxxxxxxxxxxxxxx | predictive | High |
222 | Argument | xxxxxxx?xxxxxxxx | predictive | High |
223 | Argument | xxxxx | predictive | Low |
224 | Argument | xxxx-xxx | predictive | Medium |
225 | Argument | xxx_xxxx | predictive | Medium |
226 | Input Value | xxxxxxxx+'@xxx | predictive | High |
227 | Network Port | xxx/xxx (xxxxx), xxx/xxx (xxxxxxxxx-xx) | predictive | High |
228 | Network Port | xxx/xxxxx | predictive | Medium |
References (18)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2018/02/threat-round-up-0209-0216.html
- https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
- https://blog.talosintelligence.com/2018/09/threat-roundup-0921-0928.html
- https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html
- https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
- https://blog.talosintelligence.com/2019/12/threat-roundup-1213-1220.html
- https://blog.talosintelligence.com/2020/05/threat-roundup-0522-0529.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
- https://blog.talosintelligence.com/2020/09/threat-roundup-0911-0918.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
- https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
- https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
- https://cert.gov.ua/article/2807
- https://community.blueliv.com/#!/s/5afd59bd82df413e376682f2
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/GandCrab
- https://isc.sans.edu/forums/diary/GandCrab+Ransomware+Now+Coming+From+Malspam/23321/
- https://precisionsec.com/threat-intelligence-feeds/gandcrab/