Groundbait Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en28
de16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA20
CO: Colombia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Groundbait6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Packet Analyzer Software8
Web Browser8
Cloud Software4
Learning Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Google6
Fortinet6
Oracle4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

tcpdump8
Google Chrome6
Fortinet FortiWLC4
Moodle2
Apple iOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Creme CRM Salesman Creation Page Stored cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.002060.00CVE-2018-14396
2tcpdump AH Parser print-ah.c ah_print memory corruption8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.009250.03CVE-2016-7922
3tcpdump GeoNetworking Parser print-geonet.c memory corruption8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.009310.03CVE-2016-7986
4tcpdump PPP Parser print-ppp.c ppp_hdlc_if_print memory corruption8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.009310.00CVE-2016-7933
5tcpdump ISAKMP Parser print-isakmp.c ikev2_e_print memory corruption8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.010800.00CVE-2017-5205
6tcpdump GRE Parser print-gre.c memory corruption8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.009310.00CVE-2016-7939
7tcpdump RTCP Parser print-udp.c rtcp_print memory corruption8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.009310.00CVE-2016-7934
8Online Pet Shop We App manage_category sql injection6.76.6$0-$5k$0-$5kNot definedNot defined 0.000580.00CVE-2022-41377
9Moodle Administration Page sql injection7.27.2$5k-$25k$5k-$25kNot definedNot defined 0.003660.00CVE-2022-40315
10SquirrelMail information disclosure3.33.3$0-$5k$0-$5kNot definedWorkaround 0.000000.00
11Oracle Communications Cloud Native Core Policy code injection9.89.7$25k-$100k$0-$5kAttackedOfficial fixverified0.944740.00CVE-2022-22963
12Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP denial of service7.57.3$5k-$25k$0-$5kNot definedOfficial fix 0.004770.00CVE-2020-36518
13Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE path traversal7.57.3$5k-$25k$0-$5kNot definedOfficial fix 0.006220.00CVE-2019-20916
14Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE buffer overflow9.89.6$100k and more$25k-$100kNot definedOfficial fix 0.004170.03CVE-2022-23219
15Google Chrome Extensions API privilege escalation5.55.3$25k-$100k$0-$5kNot definedOfficial fix 0.000210.04CVE-2022-2164
16Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path7.87.6$5k-$25k$0-$5kNot definedOfficial fix 0.000390.00CVE-2022-24426
17Microsoft Internet Explorer mshtmled.dll code injection6.35.7$25k-$100k$0-$5kProof-of-ConceptOfficial fixpossible0.634710.07CVE-2010-3329
18AShop Deluxe salesadmin.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000000.03
19Cisco IOS XR CLI Permission access control7.47.1$25k-$100k$0-$5kNot definedOfficial fix 0.000480.00CVE-2017-6728
20Oracle MySQL Server DML access control6.56.2$5k-$25k$0-$5kNot definedOfficial fix 0.003710.00CVE-2017-3634

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.22.38.222ec2-23-22-38-222.compute-1.amazonaws.comGroundbait12/23/2020verifiedVery Low
223.22.221.237ec2-23-22-221-237.compute-1.amazonaws.comGroundbait12/23/2020verifiedVery Low
3XX.XX.XXX.Xxxx-xx-xx-xxx-x.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx12/23/2020verifiedVery Low
4XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx12/23/2020verifiedVery Low
5XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx12/23/2020verifiedVery Low
6XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx05/31/2021verifiedVery Low
7XX.XXX.XXX.XXxx.xx.xxXxxxxxxxxx12/23/2020verifiedLow
8XX.XXX.XXX.XXxx.xx.xxXxxxxxxxxx12/23/2020verifiedLow
9XX.XXX.XXX.XXXxxxxxxxxx12/23/2020verifiedLow
10XXX.XX.XX.XXxxxxxx.xxxxxxx-xxxx.xxxXxxxxxxxxx12/23/2020verifiedLow

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/pet_shop/admin/?page=maintenance/manage_categorypredictiveHigh
2Fileadmin/salesadmin.phppredictiveHigh
3Filedrivers/gpu/drm/udl/udl_fb.cpredictiveHigh
4Filexxxxxx.xpredictiveMedium
5Filexxxxx-xx.xpredictiveMedium
6Filexxxxx-xxxxxx.xpredictiveHigh
7Filexxxxx-xxx.xpredictiveMedium
8Filexxxxx-xxxxxx.xpredictiveHigh
9Filexxxxx-xxx.xpredictiveMedium
10Filexxxxx-xxx.xpredictiveMedium
11Filexxxxxx.xpredictiveMedium
12Filexxx/xxxx.xpredictiveMedium
13Libraryxxxxxxxx.xxxpredictiveMedium
14Argumentxxxxxxxxx/xxxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxx/xxxxxxx_xxxxxxx-xxxxxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxx/xxxxxxxx_xxxxxxx-xxxxxxxxxxpredictiveHigh
15ArgumentxxpredictiveLow
16Argumentxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
17ArgumentxxxxxxxxxxpredictiveMedium
18ArgumentxxxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!