GMERA Analysisinfo

IOB - Indicator of Behavior (26)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en18
zh6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader4
Cisco ASA4
Cisco Firepower Threat Defense4
ProMinent MultiFLEX M10a Controller2
Siemens LOGO 8 BM2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Siemens LOGO 8 BM TCP Packet buffer overflow8.48.4$5k-$25k$5k-$25kNot definedNot defined 0.003340.00CVE-2022-36361
2Cisco ASA/Firepower Threat Defense Web Services Interface input validation6.86.7$25k-$100k$0-$5kAttackedOfficial fixverified0.944520.05CVE-2020-3452
3WordPress sql injection6.86.7$5k-$25k$0-$5kNot definedOfficial fix 0.075700.00CVE-2022-21664
4WordPress Object injection5.35.2$5k-$25k$0-$5kNot definedOfficial fix 0.007410.00CVE-2022-21663
5Cisco ASA/Firepower Threat Defense Web Services Interface information disclosure6.86.7$5k-$25k$0-$5kAttackedOfficial fixverified0.537600.04CVE-2020-3259
6Siemens SIMATIC ET 200SP/SIMATIC S7-1500 Web Server denial of service4.34.3$0-$5k$0-$5kNot definedNot defined 0.011650.00CVE-2020-15796
7Siemens SIMATIC S7-1500 resource consumption6.46.3$5k-$25k$0-$5kNot definedOfficial fix 0.006290.00CVE-2019-19281
8Siemens LOGO!8 BM Service Port 135 missing authentication8.27.8$5k-$25k$0-$5kNot definedOfficial fix 0.003540.04CVE-2020-7589
9Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix 0.155470.03CVE-2014-4078
10Apache HTTP Server ap_get_basic_auth_pw improper authentication8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.090490.02CVE-2017-3167
11Linux Kernel Filesystem Layer out-of-bounds write8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.023660.11CVE-2021-33909
12Intellian Aptus Web hard-coded credentials8.58.5$0-$5k$0-$5kNot definedNot defined 0.008110.03CVE-2020-8000
13Palo Alto PAN-OS GlobalProtect Portal os command injection8.17.7$0-$5k$0-$5kNot definedOfficial fixpossible0.614200.04CVE-2020-2034
14Plesk Onyx Reflected cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.008730.07CVE-2020-11584
15ProMinent MultiFLEX M10a Controller Web Interface information disclosure5.45.4$0-$5k$0-$5kNot definedNot defined 0.002560.00CVE-2017-14009
16Sitecore CMS/XP Sitecore.Security.AntiCSRF deserialization8.58.5$0-$5k$0-$5kAttackedNot definedverified0.183930.07CVE-2019-9874
17Vesta Control Panel index.php file_put_contents Reflected cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.004270.03CVE-2018-10686
18Monstra CMS ZIP File unrestricted upload7.57.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.021410.04CVE-2018-9037
19Adobe Acrobat Reader type conversion7.57.4$25k-$100k$0-$5kNot definedOfficial fix 0.090890.00CVE-2017-16379
20Adobe Acrobat Reader use after free7.57.2$25k-$100k$0-$5kNot definedOfficial fix 0.048020.00CVE-2017-3113

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.209.88.123vm1887998.31ssd.had.wfGMERA05/31/2021verifiedLow
2XX.XXX.XXX.XXXxxxx05/31/2021verifiedLow
3XXX.XX.XXX.XXXxxxx05/31/2021verifiedLow
4XXX.XX.XXX.Xxxxxxx.xxx.xxXxxxx05/31/2021verifiedVery Low

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileview/file/index.phppredictiveHigh
2Argument$_REQUEST['path']predictiveHigh
3Argument__xxxxxxxxxpredictiveMedium
4Input ValuexxxxxxxxpredictiveMedium
5Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!