GMERA Analysis

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16
zh4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
gb4
ir2
ag2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

GMERA2
Dragonfly1
Patchwork1
Redaman1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Document Reader Software4
Operating System4
Firewall Software2
Web Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Adobe4
Siemens2
Palo Alto2
ProMinent2
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader4
Siemens LOGO 8 BM2
Palo Alto PAN-OS2
ProMinent MultiFLEX M10a Controller2
Apache HTTP Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Siemens LOGO 8 BM TCP Packet buffer overflow7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00885CVE-2022-36361
2Siemens SIMATIC ET 200SP/SIMATIC S7-1500 Web Server denial of service4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2020-15796
3Siemens SIMATIC S7-1500 resource consumption6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-19281
4Siemens LOGO!8 BM Service Port 135 missing authentication8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2020-7589
5Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.390.29797CVE-2014-4078
6Apache HTTP Server ap_get_basic_auth_pw improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.210.07767CVE-2017-3167
7Linux Kernel Filesystem Layer out-of-bounds write8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.090.05839CVE-2021-33909
8Intellian Aptus Web hard-coded credentials8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-8000
9Palo Alto PAN-OS GlobalProtect Portal os command injection8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02055CVE-2020-2034
10Plesk Onyx Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.060.01055CVE-2020-11584
11ProMinent MultiFLEX M10a Controller Web Interface information disclosure5.45.4$0-$5kCalculatingNot DefinedNot Defined0.010.00885CVE-2017-14009
12Sitecore CMS/XP Sitecore.Security.AntiCSRF deserialization8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.03938CVE-2019-9874
13Vesta Control Panel index.php file_put_contents Reflected cross site scripting5.25.2$0-$5kCalculatingNot DefinedNot Defined0.010.01440CVE-2018-10686
14Monstra CMS ZIP File unrestricted upload7.57.1$0-$5kCalculatingProof-of-ConceptNot Defined0.040.02166CVE-2018-9037
15Adobe Acrobat Reader type conversion7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01126CVE-2017-16379
16Adobe Acrobat Reader use after free7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.03183CVE-2017-3113
17Adobe Acrobat Reader memory corruption7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.03183CVE-2017-16368
18Microsoft Windows SMB input validation7.77.1$25k-$100k$0-$5kHighOfficial Fix0.060.84860CVE-2017-0146
19Microsoft Windows SmartCard Authentication EsteemAudit privileges management6.35.4$25k-$100kCalculatingFunctionalOfficial Fix0.040.00000

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
185.209.88.123vm1887998.31ssd.had.wfGMERAverifiedHigh
2XX.XXX.XXX.XXXxxxxverifiedHigh
3XXX.XX.XXX.XXXxxxxverifiedHigh
4XXX.XX.XXX.Xxxxxxx.xxx.xxXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-269Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileview/file/index.phppredictiveHigh
2Argument$_REQUEST['path']predictiveHigh
3Argument__xxxxxxxxxpredictiveMedium
4Input ValuexxxxxxxxpredictiveMedium
5Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!