Genkryptik Analysis

IOB - Indicator of Behavior (101)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	78
de	12
pl	6
es	4
fr	2

Country

us	58
me	22
fr	6
ir	4
gb	4

Actors

Nanocore RAT	2
AsyncRAT	2
NjRAT	2
Remcos	2
Genkryptik	2

Activities

Interest

Timeline

Type

Not Defined	22
Operating System	6
Web Server	6
Programming Language Software	6
Content Management System	4

Vendor

Not Defined	28
Microsoft	12
Apache	4
Sagemcom	2
K5n	2

Product

Microsoft Windows	4
Microsoft IIS	4
Sagemcom F@st 5260	2
K5n WebCalendar	2
WIKINDX	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00501	CVE-2004-2175
2	NAVER Cloud Explorer file inclusion	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00222	CVE-2020-9752
3	NAVER Vaccine nsz Archive nsGreen.dll path traversal	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00184	CVE-2019-13157
4	GNU GRUB ext2.c grub_ext2_read_block memory corruption	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00504	CVE-2017-9763
5	PhotoPost PHP Pro showproduct.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	0.00276	CVE-2004-0250
6	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.35	0.10737	CVE-2016-6210
7	BitTorrent uTorrent Bencoding Parser input validation	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00867	CVE-2020-8437
8	MDaemon Webmail cross site scripting	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00078	CVE-2019-8983
9	WIKINDX PAGING.php getPagingStart cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00142	CVE-2019-13588
10	Synology DiskStation Manager Change Password password recovery	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00074	CVE-2018-8916
11	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.32	0.00282	CVE-2017-0055
12	gtk-vnc Framebuffer memory corruption	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00222	CVE-2017-1000044
13	Oracle MySQL Enterprise Monitor Apache Struts 2 memory corruption	9.8	9.4	$100k and more	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.02365	CVE-2016-4436
14	Microsoft Internet Explorer insertAdjacentText Elements code injection	7.1	6.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.90488	CVE-2012-1879
15	Microsoft Windows Common Log File System Driver Local Privilege Escalation	7.8	7.4	$25k-$100k	$5k-$25k	Functional	Official Fix	0.03	0.28449	CVE-2023-28252
16	Microsoft Word wwlib Remote Code Execution	8.0	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.92299	CVE-2023-21716
17	FreeBSD Ping pr_pack stack-based overflow	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00000	CVE-2022-23093
18	Apache Tomcat Fix CVE-2020-9484 toctou	4.5	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00043	CVE-2022-23181
19	Lanap BotDetect Captcha Asp.net access control	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.01332	CVE-2006-2918
20	Todd Miller sudo sudoedit sudoers access control	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00061	CVE-2015-5602

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	13.107.21.200		Genkryptik	04/08/2022	verified	High
2	79.134.225.5		Genkryptik	05/04/2022	verified	High
3	79.134.225.125		Genkryptik	05/04/2022	verified	High
4	XX.XX.XXX.XX	xx-xxx-xx.xxxxxxxx.xxxx	Xxxxxxxxxx	04/12/2022	verified	High
5	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xx	Xxxxxxxxxx	05/04/2022	verified	High
6	XXX.XXX.X.X	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High
7	XXX.XXX.X.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High
8	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High
9	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High
10	XXX.XXX.XX.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High
11	XXX.XXX.XXX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High
12	XXX.XX.XXX.XX	xxxxxx.xxxxxxxxx-xxxxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High
13	XXX.XXX.XX.XX		Xxxxxxxxxx	05/04/2022	verified	High
14	XXX.XXX.XX.XX	xxxxxxx.xxxxxxxx.xxx	Xxxxxxxxxx	05/04/2022	verified	High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1059	CWE-94	Cross Site Scripting	predictive	High
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
4	TXXXX	CWE-XXX, CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
8	TXXXX	CWE-XXX	Xxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxx	predictive	High
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
10	TXXXX	CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/etc/sudoers	predictive	Medium
2	File	/uncpath/	predictive	Medium
3	File	admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser	predictive	High
4	File	cat.php	predictive	Low
5	File	category.cfm	predictive	Medium
6	File	core/lists/PAGING.php	predictive	High
7	File	xxxxxx.xxx	predictive	Medium
8	File	xxxx/xxxxx.xxx	predictive	High
9	File	xxxxxxxxxxx/xxxxx.xxx	predictive	High
10	File	xx/xxxx.x	predictive	Medium
11	File	xxxxxxx.xxx	predictive	Medium
12	File	xxxxx.xxx	predictive	Medium
13	File	xxxxxxxxx/xx/xxx/xxxxxxx.xx	predictive	High
14	File	xxxxx/xxxxxxxx.x	predictive	High
15	File	xxxxxxx/xxxx.xxx	predictive	High
16	File	xxxxxxx/xx.x	predictive	Medium
17	File	xxx.xx	predictive	Low
18	File	xxxxxxxx.xxx	predictive	Medium
19	File	xxxxxxx_xxxxxxx_xxxx.xxx	predictive	High
20	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	High
21	File	xxxx_xxxxxxxxx.xxx	predictive	High
22	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
23	File	xxxxxxx.xxx	predictive	Medium
24	File	xxxxxxxxxxx.xxx	predictive	High
25	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	High
26	Library	xxxxxxxxxxxx_xxx.xxx	predictive	High
27	Library	xxxxxxx.xxx	predictive	Medium
28	Library	xxxxxxx.xxx.xx.xxx	predictive	High
29	Argument	xxx	predictive	Low
30	Argument	xxxxx	predictive	Low
31	Argument	xxx_xx	predictive	Low
32	Argument	xxx	predictive	Low
33	Argument	xxxxxxxx	predictive	Medium
34	Argument	xx	predictive	Low
35	Argument	xxxx_xx	predictive	Low
36	Argument	xxxxxxxx	predictive	Medium
37	Argument	xxxxx	predictive	Low
38	Argument	xxxxx	predictive	Low
39	Argument	xxxxxxxxxxx	predictive	Medium
40	Argument	xxxxxxxx	predictive	Medium
41	Argument	xx	predictive	Low
42	Argument	xxxxxxxx_xx	predictive	Medium
43	Argument	xxxxxxxxxxxxxxx	predictive	High
44	Argument	xxxx	predictive	Low
45	Input Value	xxxxxxxx.+xxx	predictive	High

References (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!