GRU Analysis

IOB - Indicator of Behavior (246)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en186
ru16
de12
es10
it8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us126
ro44
ru34
pl4
vn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Apple macOS4
ZyXEL ZyNOS4
Mercusys Mercury X18G4
Apache HTTP Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2Asus RT-AX56U Profile Configuration out-of-bounds write8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.060.01036CVE-2022-23973
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.120.00000CVE-2020-12440
4Citrix XenServer path traversal8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00954CVE-2018-14007
5Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-12215
6Asus RT-AX56U sql injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-23972
7Asus RT-AX56U PORT path traversal7.27.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2022-23971
8SquirrelMail Deliver.class.php path traversal7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01282CVE-2018-8741
9RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02762CVE-2020-12640
10Cisco IOS/IOS XE Cluster Management Protocol input validation9.89.3$100k and more$0-$5kHighWorkaround0.050.95332CVE-2017-3881
11Apache HTTP Server mod_auth_digest input validation8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.07767CVE-2017-9788
12Softbiz FAQ Script add_comment.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.02800CVE-2005-3938
13Gallery add_comment.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01319CVE-2005-0219
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.960.02800CVE-2007-0354
15Magento CE/Magento EE injection8.58.2$0-$5k$0-$5kHighOfficial Fix0.040.89156CVE-2016-4010
16Apache HTTP Server mod_session_crypto Padding cryptographic issues6.56.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.43518CVE-2016-0736
17Adobe Illustrator out-of-bounds4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01046CVE-2022-44499
18Adobe Experience Manager cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01046CVE-2022-42349
19Adobe Campaign server-side request forgery6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01046CVE-2022-42343
20Adobe Experience Manager URL cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.090.01046CVE-2022-44469

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin/students/view_student.phppredictiveHigh
3File/CommunitySSORedirect.jsppredictiveHigh
4File/loginLess/../../etc/passwdpredictiveHigh
5File/see_more_details.phppredictiveHigh
6File/system/proxypredictiveHigh
7File/uncpath/predictiveMedium
8Fileaccountancy/customer/card.phppredictiveHigh
9Fileaddentry.phppredictiveMedium
10Fileadd_comment.phppredictiveHigh
11Fileadmin.phppredictiveMedium
12Fileadmin/create-package.phppredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxx/xxxx_xxx.xxxpredictiveHigh
21Filexxxxxxxxxxxxx/xxxxxx/xxxx/xxxx.xxxpredictiveHigh
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexxx/xxxxxxxxx-xxxxx.xxxpredictiveHigh
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxx_xxxx.xxxpredictiveHigh
27Filexxxx_xxxxxx/xxxxxxxxx.xxpredictiveHigh
28Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxx/xxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
30Filexxxxx.xxxxpredictiveMedium
31Filexxx_xxx.xpredictiveMedium
32Filexxxx_xxxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxx_xxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxx xxxxxpredictiveHigh
39Filexxxxxx_xxx/xxxxpredictiveHigh
40Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxx/xxxxxxxxxxx/xxxxx_xxxxxx.xxxpredictiveHigh
47Filexx-xxxxx/xxxxx.xxxpredictiveHigh
48Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
49Filexx-xxxxx.xxxpredictiveMedium
50Filexx-xxxxxxxxxxx.xxxpredictiveHigh
51File~/xxxx-xxxxxxx.xxxpredictiveHigh
52Libraryxxxxxxx.xxxpredictiveMedium
53Libraryxxx.xxxpredictiveLow
54Argument$xxx_xxxx_xxxx)predictiveHigh
55ArgumentxxxxxxpredictiveLow
56Argumentxxx_xxxxx_xxxxpredictiveHigh
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxpredictiveLow
59ArgumentxxxxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxpredictiveLow
62Argumentxxxx_xxpredictiveLow
63ArgumentxxxxxxxpredictiveLow
64ArgumentxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69Argumentxxxxxxxx_xxxxpredictiveHigh
70Argumentxxxxxx_xxxx_xxxpredictiveHigh
71Argumentxxxxxx_xxpredictiveMedium
72ArgumentxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74Argumentxxxx[]predictiveLow
75ArgumentxxxpredictiveLow
76Argumentxxxxx_xxpredictiveMedium
77Argumentxxxxx_xx/xxxxxpredictiveHigh
78ArgumentxxxxxpredictiveLow
79ArgumentxxxxxxxxxxxpredictiveMedium
80Argumentxxxxxx_xxpredictiveMedium
81ArgumentxxxxxxxxxpredictiveMedium
82Argumentxxxxxx_xxpredictiveMedium
83ArgumentxxxpredictiveLow
84Argumentxxxxxxxxx_xxxxxx_xxxpredictiveHigh
85ArgumentxxxxpredictiveLow
86ArgumentxxxpredictiveLow
87ArgumentxxxxxxpredictiveLow
88ArgumentxxxxxxxxpredictiveMedium
89Input Value../predictiveLow
90Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
91Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveHigh
92Network Portxxx/xx (xxxxxx)predictiveHigh
93Network Portxxx/xx (xxx)predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!