OldGremlin Analysis

IOB - Indicator of Behavior (228)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en202
zh10
fr4
ru4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
Microsoft Windows6
asith-eranga ISIC Tour Booking4
IBM Cognos Analytics4
cPanel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.06CVE-2013-5033
2Arduino LED injection5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2019-13991
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.04CVE-2021-3056
4Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.27CVE-2014-4078
5WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
6VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002850.05CVE-2019-13275
7Mikrotik RouterOS SNMP out-of-bounds8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003280.05CVE-2022-45315
8Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.27CVE-2024-1406
9RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting4.84.7$0-$5k$0-$5kHighOfficial Fix0.069130.00CVE-2020-35730
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.03CVE-2019-10232
11Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974100.00CVE-2022-1040
12nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.78CVE-2020-12440
13CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021430.05CVE-2019-11447
14WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.07CVE-2022-21663
15Microsoft Windows Active Directory Domain Services certificate validation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070700.07CVE-2022-26923
16QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.07CVE-2017-13067
17Peplink Balance Cookie admin.cgi sql injection8.58.2$0-$5kCalculatingProof-of-ConceptOfficial Fix0.013940.00CVE-2017-8835
18Cisco Internet of Things Field Network Director Web-based User Interface xml external entity reference5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001500.04CVE-2019-1698
19Mycroft AI WebSocket Server access control7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002400.00CVE-2018-1000621
20Synology Router Manager Firewall default permission4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-39347

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (105)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/php/ping.phppredictiveHigh
4File/rapi/read_urlpredictiveHigh
5File/scripts/unlock_tasks.phppredictiveHigh
6File/SysInfo1.htmpredictiveHigh
7File/sysinfo_json.cgipredictiveHigh
8File/system/dictData/loadDictItempredictiveHigh
9File/system/user/modules/mod_users/controller.phppredictiveHigh
10File/uncpath/predictiveMedium
11File/view/vpn/autovpn/sub_commit.phppredictiveHigh
12File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
13Filexxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxx/xxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxx-xxx/xxxxxxx.xxpredictiveHigh
17Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
18Filexxxxxx/xxx.xpredictiveMedium
19Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxx.xxx.xxxpredictiveHigh
21Filexxxxx/xxxxx.xxxpredictiveHigh
22Filexxxx_xxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxx.xxxpredictiveMedium
25Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
27Filexx/xx-xx.xpredictiveMedium
28Filexxx/xxxx_xxxx.xpredictiveHigh
29Filexxxxxx/xxxxxxxxxxxpredictiveHigh
30Filexxxx_xxxxxx.xpredictiveHigh
31Filexxxx/xxxxxxx.xpredictiveHigh
32Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
34Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
35Filexxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxx_xxxxxxx/xxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxx/xxx.xxxpredictiveMedium
40Filexxxxxx.xpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
44Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxx/xxxxxxxxxxpredictiveHigh
47Filexxxxxxx-xxxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxxxx/xxxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxx.xxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55FilexxxxxxxxxxpredictiveMedium
56Filexxxxxxx/xxxxx.xxxpredictiveHigh
57Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59Argumentxxxxxxx_xxxxpredictiveMedium
60Argumentxxxxxx_xxxxpredictiveMedium
61ArgumentxxxxxpredictiveLow
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
66ArgumentxxxxxpredictiveLow
67Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
68Argumentxxxxxx_xxpredictiveMedium
69ArgumentxxxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxxxxxxxpredictiveMedium
72ArgumentxxxxxxpredictiveLow
73Argumentxx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxxpredictiveHigh
74ArgumentxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxpredictiveLow
77ArgumentxxxxxxxxxpredictiveMedium
78Argumentxxxxxxxx[xx]predictiveMedium
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81Argumentxxx_xxxxpredictiveMedium
82Argumentxxxxx_xxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84Argumentx_x_xpredictiveLow
85Argumentxxxxxxx/xxxxxpredictiveHigh
86Argumentxxxxxx_xxxpredictiveMedium
87ArgumentxxxxxxpredictiveLow
88Argumentxxxx_xxpredictiveLow
89Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
90ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
91Argumentxxxx_xxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxxx/xx/xxxx/xxxpredictiveHigh
96ArgumentxxxxxxxxpredictiveMedium
97Input Value.%xx.../.%xx.../predictiveHigh
98Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
99Input Valuexxxxxxx -xxxpredictiveMedium
100Input ValuexxxxxxxxxxpredictiveMedium
101Network PortxxxxpredictiveLow
102Network PortxxxxpredictiveLow
103Network Portxxxx xxxxpredictiveMedium
104Network Portxxx/xxxpredictiveLow
105Network Portxxx/xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!