Genkryptik Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en82
de16
fr4
sv2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us68
me20
gb6
ir4
se2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ave Maria3
AsyncRAT3
Remcos3
Nanocore RAT3
Genkryptik3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Web Server6
Operating System6
Connectivity Software4
Programming Language Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Microsoft14
IBM6
Tim Kosse2
Citrix2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FreeBSD4
Microsoft IIS4
nginx2
Microsoft Windows2
PHPChain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00501CVE-2004-2175
2NAVER Cloud Explorer file inclusion7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00222CVE-2020-9752
3NAVER Vaccine nsz Archive nsGreen.dll path traversal7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00184CVE-2019-13157
4GNU GRUB ext2.c grub_ext2_read_block memory corruption6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00504CVE-2017-9763
5PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00276CVE-2004-0250
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.040.10737CVE-2016-6210
7BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00867CVE-2020-8437
8MDaemon Webmail cross site scripting5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00070CVE-2019-8983
9WIKINDX PAGING.php getPagingStart cross site scripting5.75.7$0-$5kCalculatingNot DefinedNot Defined0.000.00201CVE-2019-13588
10Synology DiskStation Manager Change Password password recovery7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00068CVE-2018-8916
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00548CVE-2017-0055
12gtk-vnc Framebuffer memory corruption8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.000.00268CVE-2017-1000044
13Oracle MySQL Enterprise Monitor Apache Struts 2 memory corruption9.89.4$100k and moreCalculatingProof-of-ConceptOfficial Fix0.000.02365CVE-2016-4436
14Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix5.500.00936CVE-2020-15906
15SharpZipLib path traversal6.86.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00473CVE-2021-32840
16Apache HTTP Server mod_proxy_ajp request smuggling7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00903CVE-2022-26377
17Vinchin Backup and Recovery hard-coded credentials9.09.0$0-$5k$0-$5kNot DefinedNot Defined0.040.00688CVE-2022-35866
18Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00064CVE-2023-35388
19Chengdu Flash Flood Disaster Monitoring and Warning System Ajaxfileupload.ashx unrestricted upload6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00063CVE-2023-3802
20TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix10.000.01009CVE-2006-6168

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.107.21.200Genkryptik04/08/2022verifiedHigh
279.134.225.5Genkryptik05/04/2022verifiedHigh
379.134.225.125Genkryptik05/04/2022verifiedHigh
4XX.XX.XXX.XXxx-xxx-xx.xxxxxxxx.xxxxXxxxxxxxxx04/12/2022verifiedHigh
5XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxxxx05/04/2022verifiedHigh
6XXX.XXX.X.Xxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh
7XXX.XXX.X.XXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh
8XXX.XXX.XX.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh
9XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh
10XXX.XXX.XX.XXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh
12XXX.XX.XXX.XXxxxxxx.xxxxxxxxx-xxxxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh
13XXX.XXX.XX.XXXxxxxxxxxx05/04/2022verifiedHigh
14XXX.XXX.XX.XXxxxxxxx.xxxxxxxx.xxxXxxxxxxxxx05/04/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Controller/Ajaxfileupload.ashxpredictiveHigh
2File/etc/sudoerspredictiveMedium
3File/uncpath/predictiveMedium
4Fileadmin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowserpredictiveHigh
5Filecat.phppredictiveLow
6Filecategory.cfmpredictiveMedium
7Filecore/lists/PAGING.phppredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxx/xxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
11Filexx/xxxx.xpredictiveMedium
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxx/xx/xxx/xxxxxxx.xxpredictiveHigh
15Filexxxxx/xxxxxxxx.xpredictiveHigh
16Filexxxxxxx/xxxx.xxxpredictiveHigh
17Filexxxxxxx/xx.xpredictiveMedium
18Filexxx.xxpredictiveLow
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
21Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
22Filexxxx_xxxxxxxxx.xxxpredictiveHigh
23Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxxxx.xxxpredictiveHigh
26Filexxxx-xxxxx.xxxpredictiveHigh
27Filexxxx-xxxxxxxx.xxxpredictiveHigh
28Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
29Libraryxxxxxxxxxxxx_xxx.xxxpredictiveHigh
30Libraryxxxxxxx.xxxpredictiveMedium
31Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
32ArgumentxxxpredictiveLow
33ArgumentxxxxxpredictiveLow
34Argumentxxx_xxpredictiveLow
35ArgumentxxxpredictiveLow
36ArgumentxxxxxxxxxxpredictiveMedium
37ArgumentxxxxpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39ArgumentxxpredictiveLow
40Argumentxxxx_xxpredictiveLow
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxpredictiveLow
47Argumentxxxxxxxx_xxpredictiveMedium
48ArgumentxxxxxxxxxxxxxxxpredictiveHigh
49ArgumentxxxxpredictiveLow
50Input Valuexxxxxxxx.+xxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!