Groundbait Analysis

IOB - Indicator of Behavior (42)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
de12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
co2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Groundbait6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Packet Analyzer Software12
Not Defined10
Web Browser6
Cloud Software4
Database Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Oracle8
Microsoft6
Fortinet4
Dell2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

tcpdump12
Microsoft Internet Explorer4
Fortinet FortiWLC2
Dell Command Update2
Dell Alienware Update2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1tcpdump AH Parser print-ah.c ah_print memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2016-7922
2tcpdump GeoNetworking Parser print-geonet.c memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2016-7986
3tcpdump PPP Parser print-ppp.c ppp_hdlc_if_print memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2016-7933
4tcpdump ISAKMP Parser print-isakmp.c ikev2_e_print memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2017-5205
5tcpdump GRE Parser print-gre.c memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2016-7939
6tcpdump RTCP Parser print-udp.c rtcp_print memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2016-7934
7Online Pet Shop We App sql injection6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-41377
8Moodle Administration Page sql injection7.27.2$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2022-40315
9SquirrelMail information disclosure3.33.3$0-$5k$0-$5kNot DefinedWorkaround0.030.00000
10Oracle Communications Cloud Native Core Policy code injection9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.080.94581CVE-2022-22963
11Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP denial of service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.14862CVE-2020-36518
12Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE path traversal7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01183CVE-2019-20916
13Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE buffer overflow9.89.6$100k and more$5k-$25kNot DefinedOfficial Fix0.030.02398CVE-2022-23219
14Google Chrome Extensions API Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01018CVE-2022-2164
15Dell Command Update/Alienware Update Advanced Driver Restore uncontrolled search path7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-24426
16Microsoft Internet Explorer mshtmled.dll code injection6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.72652CVE-2010-3329
17AShop Deluxe salesadmin.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00000
18Cisco IOS XR CLI Permission access control7.47.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.010.01404CVE-2017-6728
19Oracle MySQL Server DML access control6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00950CVE-2017-3634
20IBM Spectrum Protect denial of service4.84.8$5k-$25k$0-$5kNot DefinedNot Defined0.040.00885CVE-2020-4559

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.22.38.222ec2-23-22-38-222.compute-1.amazonaws.comGroundbaitverifiedMedium
223.22.221.237ec2-23-22-221-237.compute-1.amazonaws.comGroundbaitverifiedMedium
3XX.XX.XXX.Xxxx-xx-xx-xxx-x.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxverifiedMedium
4XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxverifiedMedium
5XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxverifiedMedium
6XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxverifiedMedium
7XX.XXX.XXX.XXxx.xx.xxXxxxxxxxxxverifiedHigh
8XX.XXX.XXX.XXxx.xx.xxXxxxxxxxxxverifiedHigh
9XX.XXX.XXX.XXXxxxxxxxxxverifiedHigh
10XXX.XX.XX.XXxxxxxx.xxxxxxx-xxxx.xxxXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/pet_shop/admin/?page=maintenance/manage_categorypredictiveHigh
2Fileadmin/salesadmin.phppredictiveHigh
3Filedrivers/gpu/drm/udl/udl_fb.cpredictiveHigh
4Filexxxxxx.xpredictiveMedium
5Filexxxxx-xx.xpredictiveMedium
6Filexxxxx-xxxxxx.xpredictiveHigh
7Filexxxxx-xxx.xpredictiveMedium
8Filexxxxx-xxxxxx.xpredictiveHigh
9Filexxxxx-xxx.xpredictiveMedium
10Filexxxxx-xxx.xpredictiveMedium
11Filexxxxxx.xpredictiveMedium
12Filexxx/xxxx.xpredictiveMedium
13Libraryxxxxxxxx.xxxpredictiveMedium
14ArgumentxxpredictiveLow
15Argumentxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
16ArgumentxxxxxxxxxxpredictiveMedium
17ArgumentxxxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!