GreyEnergy Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en174
zh122
pl82
ru76
pt74

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E8
Tenda i216
MailCleaner4
OpenSSH4
Google Chrome4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.00CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.05CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.08CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.00CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.05CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32951
8Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3074
9Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-33688
10Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.05CVE-2021-44790
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
14Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
15Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-32955
16ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
17AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
18Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
19Dell Repository Manager Logger Module improper authorization3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28977
20Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.23.82.72GreyEnergy10/29/2018verifiedLow
22.2.82.64GreyEnergy10/29/2018verifiedLow
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frGreyEnergy10/29/2018verifiedLow
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comGreyEnergy10/29/2018verifiedVery Low
55.149.248.77GreyEnergy05/31/2021verifiedLow
619.2.45.3GreyEnergy10/29/2018verifiedLow
721.15.46.55GreyEnergy10/29/2018verifiedLow
8XX.XXX.XXX.XXXXxxxxxxxxx05/31/2021verifiedLow
9XX.XX.XX.XXxxxxxxxxx.xx-xx-xx-xx.xxXxxxxxxxxx05/31/2021verifiedLow
10XX.XXX.XX.XXXXxxxxxxxxx05/31/2021verifiedLow
11XX.XXX.XX.XXXxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
12XX.XX.XX.XXxxxxxxxxx10/29/2018verifiedLow
13XX.XXX.XXX.XXXxxxxxxxxx05/31/2021verifiedLow
14XX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx05/31/2021verifiedLow
15XX.XXX.XX.XXXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
16XX.XXX.XX.XXxxxxxx.xx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
17XXX.XXX.XXX.X.Xxxxxxxxxx05/31/2021verifiedLow
18XXX.XXX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
19XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
20XXX.XXX.X.XXXxxx-xxx-x-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
21XXX.XXX.X.XXXxxx-xxx-x-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
22XXX.XX.XXX.XXXxxxxxxxx.xx-xxx-xx-xxx.xxXxxxxxxxxx05/31/2021verifiedLow
23XXX.XXX.XX.XXXXxxxxxxxxx05/31/2021verifiedLow
24XXX.XXX.X.XXXxx-xxxx.xxxXxxxxxxxxx05/31/2021verifiedLow
25XXX.XXX.XX.XXXxxxxxx.xxxxxx.xxx.xxXxxxxxxxxx05/31/2021verifiedLow
26XXX.XXX.XX.XXXxxxxxxxxx05/31/2021verifiedLow
27XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxx03/05/2022verifiedLow
28XXX.XXX.XX.XXXxx-xxxx.xxxx.xxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
29XXX.XXX.X.XXXxxxx.xxxxxx.xxxXxxxxxxxxx05/31/2021verifiedVery Low
30XXX.XXX.XXX.XXXxxxxxxxxx05/31/2021verifiedLow
31XXX.XXX.XXX.XXXxxxxxxxxx05/31/2021verifiedLow
32XXX.XXX.XXX.XXXxxxx.xxxxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedLow
33XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxxxxxx05/31/2021verifiedLow
34XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxxx05/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index2.htmlpredictiveHigh
2File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
3File/catalog/all-productspredictiveHigh
4File/changePasswordpredictiveHigh
5File/forum/away.phppredictiveHigh
6File/goform/addIpMacBindpredictiveHigh
7File/goform/DelDhcpRulepredictiveHigh
8File/goform/delIpMacBindpredictiveHigh
9File/goform/DelPortMappingpredictiveHigh
10File/goform/modifyDhcpRulepredictiveHigh
11File/goform/modifyIpMacBindpredictiveHigh
12File/goform/setBlackRulepredictiveHigh
13File/goform/SetDDNSCfgpredictiveHigh
14File/xxxxxx/xxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
20File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
21File/xxxxxx_xx.xxxpredictiveHigh
22File/xxx.xxxpredictiveMedium
23File/xxxxx.xxxx.xxxpredictiveHigh
24File/xxxxxxxx.xxxpredictiveHigh
25File/xxx/xxxxxxx/xxxpredictiveHigh
26File/xxxx.xxxpredictiveMedium
27File/xxxxxx.xx/_xxxx/xxxxxpredictiveHigh
28File/xxxxxxx/xxx/xxxxxxxxxx.xxxx?xxxxxx=xxxxxxxxxxpredictiveHigh
29File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
30File/xxxxxxx.xxpredictiveMedium
31File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
32File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
33Filexxxxxxx.xxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxx-xxx/xxxxxxx.xxpredictiveHigh
36Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexx/xxxxxxx.xpredictiveMedium
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
44Filexx.xxxpredictiveLow
45Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
46Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxx.xxxpredictiveMedium
51Filexxxxx.xxxx.xxxpredictiveHigh
52Filexxx.xxpredictiveLow
53Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxx=xxxxxxxxxxpredictiveHigh
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxxx_xx.xxxpredictiveHigh
57Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
59Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxx-xxxxx.xxxpredictiveHigh
62Filexxxx-xxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
64Argumentxxxxx_xxxxxpredictiveMedium
65ArgumentxxxxxxxxxxxxxpredictiveHigh
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxxxxpredictiveMedium
71ArgumentxxxxxpredictiveLow
72ArgumentxxxxxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxpredictiveLow
75ArgumentxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxpredictiveLow
78ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
79Argumentxxxxxxxxx/xxxxxxpredictiveHigh
80Argumentxx/xxxxpredictiveLow
81ArgumentxxxxxxxpredictiveLow
82ArgumentxxpredictiveLow
83ArgumentxxpredictiveLow
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxxxxxxxxxpredictiveHigh
86ArgumentxxxxxxxxxxxxxpredictiveHigh
87Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxxxxxpredictiveMedium
90Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
91Argumentxx_xxxxxpredictiveMedium
92ArgumentxxxxpredictiveLow
93Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
94Argumentxxxxx xxxxxxpredictiveMedium
95ArgumentxxxxxxxxxxxpredictiveMedium
96ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
97Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
98ArgumentxxxxxxpredictiveLow
99ArgumentxxxxxxxxpredictiveMedium
100ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
101ArgumentxxxxxxxxxpredictiveMedium
102Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
103Argumentxxxxxx[]predictiveMedium
104ArgumentxxxpredictiveLow
105ArgumentxxxxxxxxxpredictiveMedium
106ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxpredictiveLow
108ArgumentxxxxxpredictiveLow
109ArgumentxxxxxxxxxxpredictiveMedium
110Argumentxxx_xxxpredictiveLow
111Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
112Argument\xxxx\xxxxpredictiveMedium
113Network Portxxx/xx (xxxx)predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!