Grandoreiro Analysisinfo

IOB - Indicator of Behavior (551)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en496
pl14
zh10
ru10
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server10
Juniper Junos4
YaBB4
Linux Kernel2
ActionApps2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SOCKS 5 Proxy Config privileges management7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.00
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009366.02CVE-2020-15906
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010754.84CVE-2006-6168
4Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.021470.00CVE-2007-1192
5TikiWiki tiki-index.php path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.011780.06CVE-2007-5684
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.021951.37CVE-2010-0966
7LotusCMS Fraise index.php path traversal5.65.6$0-$5k$0-$5kHighNot Defined0.509400.04CVE-2011-0518
8DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.62CVE-2007-1167
9SourceCodester Profile Registration without Reload Refresh Registration Form add.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001010.00CVE-2024-9092
10Devilz Clanportal index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.04CVE-2006-3347
11Project Worlds Student Project Allocation System Project Selection Page move_up_project.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001380.07CVE-2024-10425
12SourceCodester Electronic Medical Records System UPDATE Statement register.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.00CVE-2022-2693
13OxWall cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.036380.08CVE-2012-0872
14SourceCodester Food Ordering Management System Price place-order.php improper validation of specified quantity in input4.34.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.001230.07CVE-2024-8558
15Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000001.86
16SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.62CVE-2022-28959
17Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_vpn_web_custom.php sslvpn_config_mod os command injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.018350.04CVE-2024-7469
18nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.81CVE-2020-12440
19Netscape Communicator JPEG Comment memory corruption7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.013450.00CVE-2000-0655
20Tikiwiki Error Message tiki-listpages.php information disclosure5.35.1$0-$5k$0-$5kHighOfficial Fix0.018300.21CVE-2006-5702

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.144.135.247ec2-3-144-135-247.us-east-2.compute.amazonaws.comGrandoreiro02/01/2024verifiedHigh
24.229.235.160Grandoreiro02/02/2024verifiedVery High
315.188.63.127ec2-15-188-63-127.eu-west-3.compute.amazonaws.comGrandoreiro08/23/2022verifiedLow
415.228.57.146ec2-15-228-57-146.sa-east-1.compute.amazonaws.comGrandoreiro06/19/2023verifiedMedium
515.228.233.242ec2-15-228-233-242.sa-east-1.compute.amazonaws.comGrandoreiro06/19/2023verifiedMedium
615.229.47.198ec2-15-229-47-198.sa-east-1.compute.amazonaws.comGrandoreiro06/19/2023verifiedMedium
718.215.238.53ec2-18-215-238-53.compute-1.amazonaws.comGrandoreiro02/01/2024verifiedHigh
8XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx11/04/2023verifiedMedium
9XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx06/19/2023verifiedMedium
10XX.XXX.XXX.XXXxxxxxxxxxx02/01/2024verifiedVery High
11XX.XXX.XX.XXXXxxxxxxxxxx02/01/2024verifiedVery High
12XX.XXX.XXX.XXXXxxxxxxxxxx02/01/2024verifiedVery High
13XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx08/23/2022verifiedLow
14XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx08/23/2022verifiedLow
15XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxxxxx.xxxXxxxxxxxxxx02/02/2024verifiedVery High
16XX.XX.XXX.XXxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxxxx01/29/2023verifiedMedium
17XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx08/23/2022verifiedLow
18XX.XXX.XXX.XXXXxxxxxxxxxx02/01/2024verifiedVery High
19XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx02/01/2024verifiedHigh
20XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx08/23/2022verifiedLow
21XX.XX.XXX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxx02/01/2024verifiedHigh
22XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxxXxxxxxxxxxx02/01/2024verifiedVery High
23XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxx02/01/2024verifiedHigh
24XXX.XXX.XXX.XXxxxxxxxxxxx.xxx-xxxxxxxxxxxxxx.xxXxxxxxxxxxx09/10/2024verifiedVery High
25XXX.XXX.X.XXXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxxxxxxxx02/01/2024verifiedMedium
26XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxxxxxx08/23/2022verifiedMedium
27XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxxxxxx02/01/2024verifiedVery High
28XXX.XX.XXX.XXXxx.xxxxxxx.xxxxXxxxxxxxxxx04/16/2021verifiedLow
29XXX.XXX.XXX.XXXXxxxxxxxxxx11/22/2022verifiedMedium
30XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxxxxxx02/01/2024verifiedVery High
31XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxxxxxx11/22/2022verifiedMedium
32XXX.XXX.XXX.XXXxxxxxxxxxx09/10/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (96)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin-profile.phppredictiveHigh
2File/admin/emp-profile-avatar.phppredictiveHigh
3File/archibus/login.axvwpredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/classes/SystemSettings.php?f=update_settingspredictiveHigh
6File/downloadpredictiveMedium
7File/foms/routers/place-order.phppredictiveHigh
8File/forum/away.phppredictiveHigh
9File/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]predictiveHigh
10File/kortex_lite/control/edit_profile.phppredictiveHigh
11File/mgmt/tm/util/bashpredictiveHigh
12File/request.phppredictiveMedium
13File/xxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx.xxpredictiveHigh
14File/xxxx.xxxpredictiveMedium
15File/xxxxxxx/xxxxxxx_xxxxxxxxx/xxxx_xx_xxxxxxx.xxxpredictiveHigh
16File/xxxxxxx/predictiveMedium
17File/xxx/xxxx_xxx_xxx_xxxxxx.xxxpredictiveHigh
18Filexxxxxxx/xxxxx.xxxpredictiveHigh
19Filexxx.xxxpredictiveLow
20Filexxxxx/xxx/xxxxxxx/xxx/xxxx.xxxpredictiveHigh
21Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxx_xxxxxxx.xxxpredictiveHigh
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxx_xxxx.xpredictiveMedium
27Filexxx/xxxxxx.xxxpredictiveHigh
28Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxxpredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxx.xxxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxx.xxxpredictiveMedium
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
37Filexxxx_xxxxxx.xxxpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxx.xxxpredictiveMedium
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
45Filexxxx-xxxxx.xxxpredictiveHigh
46Filexxxx-xxxxxxxxx.xxxpredictiveHigh
47Filexxxx-xxxxx.xxxpredictiveHigh
48Filexxxx-xxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxxxxxx.xpredictiveHigh
50Filexxxxx/xxxxxxx.xpredictiveHigh
51Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
52Filexxxx.xxpredictiveLow
53Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
54ArgumentxxxxxxxxxxxpredictiveMedium
55Argumentxxxxxxx/xxxxxxxxxxpredictiveHigh
56ArgumentxxxxxxxxxpredictiveMedium
57Argumentxxxxx_xxxxx_xxxpredictiveHigh
58Argumentxxxxxxx_xxpredictiveMedium
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxxxxxxxpredictiveMedium
62Argumentxxx_xxxxpredictiveMedium
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65ArgumentxxxxxxxxxxpredictiveMedium
66Argumentxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxpredictiveHigh
67Argumentxxxx_xxxxpredictiveMedium
68Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
69ArgumentxxpredictiveLow
70Argumentxxx_xxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxxxxpredictiveHigh
72Argumentxxxxxxxx_xxxpredictiveMedium
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxxpredictiveLow
75Argumentxx_xxx[xxxx_xxxxxx_xxx]predictiveHigh
76ArgumentxxxxpredictiveLow
77ArgumentxxxpredictiveLow
78Argumentxxxx_xxxxpredictiveMedium
79ArgumentxxxxxxxxxxxxxpredictiveHigh
80ArgumentxxxpredictiveLow
81Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveHigh
82ArgumentxxxxxxpredictiveLow
83Argumentxxxx_xxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxpredictiveLow
86Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
87ArgumentxxxpredictiveLow
88ArgumentxxxxxpredictiveLow
89ArgumentxxxxxpredictiveLow
90ArgumentxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92ArgumentxxxxxxxpredictiveLow
93Argument\xxx\predictiveLow
94Input Value../..predictiveLow
95Input ValuexxxxxpredictiveLow
96Network Portxxx/xxxxxpredictiveMedium

References (10)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!