Genkryptik Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (110)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en76
de18
pl6
fr4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA70
ME: Montenegro18
IR: Iran6
GB: Great Britain4
PL: Poland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Remcos4
Genkryptik3
Ave Maria3
Nanocore RAT3
AsyncRAT3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Programming Language Software6
Content Management System6
Web Server6
Mail Server Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
Microsoft12
IBM4
NAVER4
GNU2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Microsoft IIS4
Python2
IBM Sterling B2B Integrator Standard Edition2
GNU GRUB2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.006100.00CVE-2004-2175
2NAVER Cloud Explorer file inclusion7.87.8$0-$5k$0-$5kNot definedNot defined 0.005040.00CVE-2020-9752
3NAVER Vaccine nsz Archive nsGreen.dll path traversal7.07.0$0-$5k$0-$5kNot definedNot defined 0.004290.00CVE-2019-13157
4GNU GRUB ext2.c grub_ext2_read_block memory corruption6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.014470.00CVE-2017-9763
5PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.008610.00CVE-2004-0250
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial fixexpected0.924870.08CVE-2016-6210
7BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot definedNot defined 0.207260.09CVE-2020-8437
8MDaemon Webmail cross site scripting5.45.3$0-$5k$0-$5kNot definedOfficial fix 0.003400.08CVE-2019-8983
9WIKINDX PAGING.php getPagingStart cross site scripting5.75.7$0-$5k$0-$5kNot definedNot defined 0.002800.00CVE-2019-13588
10Synology DiskStation Manager Change Password password recovery7.17.0$0-$5k$0-$5kNot definedOfficial fix 0.002330.03CVE-2018-8916
11Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.00CVE-2017-0055
12gtk-vnc Framebuffer memory corruption8.58.2$0-$5k$0-$5kNot definedOfficial fix 0.017330.00CVE-2017-1000044
13Oracle MySQL Enterprise Monitor Apache Struts 2 memory corruption9.89.4$100k and more$0-$5kProof-of-ConceptOfficial fix 0.075170.00CVE-2016-4436
14PHP var_export information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.086830.07CVE-2010-2531
15Wing FTP Server Admin Web Client default permission6.46.4$0-$5k$0-$5kNot definedNot defined 0.001340.08CVE-2023-37878
16Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869680.49CVE-2020-15906
17SharpZipLib path traversal6.86.6$0-$5k$0-$5kNot definedOfficial fix 0.020160.00CVE-2021-32840
18Apache HTTP Server mod_proxy_ajp request smuggling7.37.0$25k-$100k$5k-$25kNot definedOfficial fixpossible0.484080.06CVE-2022-26377
19Vinchin Backup and Recovery hard-coded credentials9.09.0$0-$5k$0-$5kNot definedNot defined 0.002820.00CVE-2022-35866
20Microsoft Exchange Server privilege escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial fix 0.160650.00CVE-2023-35388

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.107.21.200Genkryptik04/08/2022verifiedLow
279.134.225.5Genkryptik05/04/2022verifiedMedium
379.134.225.125Genkryptik05/04/2022verifiedMedium
4XX.XX.XXX.XXxx-xxx-xx.xxxxxxxx.xxxxXxxxxxxxxx04/12/2022verifiedLow
5XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxxxx05/04/2022verifiedLow
6XXX.XXX.X.Xxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium
7XXX.XXX.X.XXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium
8XXX.XXX.XX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium
9XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium
10XXX.XXX.XX.XXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium
11XXX.XXX.XXX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium
12XXX.XX.XXX.XXxxxxxx.xxxxxxxxx-xxxxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium
13XXX.XXX.XX.XXXxxxxxxxxx05/04/2022verifiedMedium
14XXX.XXX.XX.XXxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx05/04/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Controller/Ajaxfileupload.ashxpredictiveHigh
2File/etc/sudoerspredictiveMedium
3File/uncpath/predictiveMedium
4Fileadmin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowserpredictiveHigh
5Filecat.phppredictiveLow
6Filecategory.cfmpredictiveMedium
7Filecore/lists/PAGING.phppredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxx/xxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
11Filexx/xxxx.xpredictiveMedium
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxx/xx/xxx/xxxxxxx.xxpredictiveHigh
15Filexxxxx/xxxxxxxx.xpredictiveHigh
16Filexxxxxxx/xxxx.xxxpredictiveHigh
17Filexxxxxxx/xx.xpredictiveMedium
18Filexxx.xxpredictiveLow
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
21Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
22Filexxxx_xxxxxxxxx.xxxpredictiveHigh
23Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxxxx.xxxpredictiveHigh
26Filexxxx-xxxxx.xxxpredictiveHigh
27Filexxxx-xxxxxxxx.xxxpredictiveHigh
28Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
29Libraryxxxxxxxxxxxx_xxx.xxxpredictiveHigh
30Libraryxxxxxxx.xxxpredictiveMedium
31Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
32ArgumentxxxpredictiveLow
33ArgumentxxxxxpredictiveLow
34Argumentxxx_xxpredictiveLow
35ArgumentxxxpredictiveLow
36ArgumentxxxxxxxxxxpredictiveMedium
37ArgumentxxxxpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39ArgumentxxpredictiveLow
40Argumentxxxx_xxpredictiveLow
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxpredictiveLow
47Argumentxxxxxxxx_xxpredictiveMedium
48ArgumentxxxxxxxxxxxxxxxpredictiveHigh
49ArgumentxxxxpredictiveLow
50Input Valuexxxxxxxx.+xxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!