GCleaner Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (318)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en236
ru64
it6
fr6
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA238
RU: Russia18
RO: Romania8
IT: Italy6
FR: France4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

GCleaner6
RedLine Stealer3
Amadey3
Stealc3
AMOS3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined38
Programming Language Software8
Forum Software6
Content Management System6
Groupware Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Oracle4
IBM4
DZCP4
SourceCodester4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

IBM Domino4
DZCP deV!L`z Clanportal4
Devilz Clanportal4
Oracle Banking Trade Finance Process Management2
System Dashboard Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined
 
0.000000.53
2Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial fix
 
0.005530.41CVE-2015-5911
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot definedNot defined
 
0.000000.24
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix
 
0.009700.15CVE-2010-0966
5DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.081890.03CVE-2007-1167
6Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$100k and more$0-$5kHighOfficial fixverified0.935020.02CVE-2023-4966
7TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix
 
0.042775.81CVE-2006-6168
8PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined
 
0.002850.06CVE-2007-0529
9LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot definedUnavailable
 
0.000000.56
10Campcodes Online Laundry Management System HTTP Request Parameter manage_user.php resource injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.005780.08CVE-2024-4817
11Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.001800.08CVE-2024-4686
12LG SuperSign CMS Service Port 9080 reboot input validation6.46.2$5k-$25k$0-$5kNot definedWorkaround
 
0.219690.01CVE-2018-16706
13Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.001800.04CVE-2024-4649
14PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailablepossible0.016940.04CVE-2008-2018
15SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix
 
0.010480.59CVE-2022-28959
16Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fix
 
0.869681.01CVE-2020-15906
17PHP Scripts Mall Multi Language Olx Clone Script cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.004680.00CVE-2018-6845
18System Dashboard Plugin sd_option_value authorization4.34.2$0-$5k$0-$5kNot definedNot defined
 
0.001800.00CVE-2023-5713
19DZCP Witze Addon index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.006630.01CVE-2012-5000
20YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined
 
0.005210.04CVE-2004-2402

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.12.253.985-12-253-98.residential.rdsnet.roGCleaner05/22/2023verifiedHigh
25.42.64.56GCleaner06/25/2024verifiedVery High
35.42.65.64GCleaner05/16/2024verifiedVery High
4XX.XX.XXX.XXXxxxxxxx03/01/2023verifiedMedium
5XX.XX.XXX.XXXxxxxxxx03/01/2023verifiedMedium
6XX.XX.XXX.XXXxxxxxxx03/01/2023verifiedMedium
7XX.XX.XXX.XXXxxxxxxx03/01/2023verifiedMedium
8XX.XX.XXX.XXXxxxxxxx03/01/2023verifiedMedium
9XX.XX.XXX.XXXxxxxxxx06/30/2023verifiedHigh
10XX.XX.XX.XXxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxx12/12/2024verifiedVery High
11XXX.XXX.XX.XXXxxxxxxx03/07/2025verifiedVery High
12XXX.XXX.XXX.XXXxxxxxxx06/25/2024verifiedVery High
13XXX.XXX.XXX.XXXxxxxxxx05/16/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-37Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (74)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/manage-ambulance.phppredictiveHigh
2File/advanced-tools/nova/bin/netwatchpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/newdriver.phppredictiveHigh
5File/oauth/idp/.well-known/openid-configurationpredictiveHigh
6File/protocol/iscuser/uploadiscuser.phppredictiveHigh
7File/protocol/log/listloginfo.phppredictiveHigh
8File/qsr_server/device/rebootpredictiveHigh
9File/spip.phppredictiveMedium
10File/xxxxxxxxx.xxxpredictiveHigh
11File/xxxx/xxxxxx_xxxxx_xxxxx_xxxxxx_xxxx.xxxpredictiveHigh
12File/xxxx/xxxxxxx_xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
13File/xxxx/xxxxxxx_xxxx_xxxx_xxxxxx_xxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxxxx/xxxx/xxxxx.xxxxx.xxxpredictiveHigh
16Filexxx_xxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
18Filexxx.xxxpredictiveLow
19Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
20Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictiveHigh
21Filexxxxxx/xxxxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
22Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx/xxxxx.xxxpredictiveHigh
29Filexxxxxx.xpredictiveMedium
30Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
31Filexxxxxxxx.xpredictiveMedium
32Filexxxxxxx_xxxxxxxx_xxx.xxxpredictiveHigh
33Filexxxxxx_xxxx.xxxpredictiveHigh
34Filexxxxxx_xxxx.xxxpredictiveHigh
35Filexxx_xxxx.xxxpredictiveMedium
36Filexxxxx_xxxxxx.xxxpredictiveHigh
37Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
38Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
39Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxx/xxxxx/xxxxxxxxxxxxxxxx/predictiveHigh
41Filexxxxxxxx.xxxxx.xxxpredictiveHigh
42Filexxxx-xxxxx.xxxpredictiveHigh
43Filexxxx-xxxxxxxx.xxxpredictiveHigh
44Filexxxxx/xxxxx.xxxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxx/xx/xxxx/xxx/xxxxxx/xxxxxxxxx.xxpredictiveHigh
47Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
48Filexxxx.xxpredictiveLow
49ArgumentxxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxpredictiveLow
52ArgumentxxxxxxxpredictiveLow
53ArgumentxxxxxpredictiveLow
54ArgumentxxxpredictiveLow
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57Argumentxxxxx_xxxpredictiveMedium
58ArgumentxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxpredictiveLow
61ArgumentxxpredictiveLow
62ArgumentxxxxxxxpredictiveLow
63ArgumentxxxxxxxxxxxxxxpredictiveHigh
64ArgumentxxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66Argumentxxxx_xxxxpredictiveMedium
67ArgumentxxxxxxpredictiveLow
68Argumentxxxxxxx_xxxpredictiveMedium
69ArgumentxxxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxpredictiveLow
72Argument_xxxxxpredictiveLow
73Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
74Input Valuexxxxxx%xx+xx+%xxx%xx+%xx+%xxx%xx+--+-predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!