OldGremlin Analysis

IOB - Indicator of Behavior (137)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en124
zh6
fr4
ar2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us48
cn32
at12
ce4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
Microsoft Windows6
Joomla CMS4
Microsoft Exchange Server4
nginx4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Arduino LED injection5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.040.01055CVE-2019-13991
2VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2019-13275
3CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.35200CVE-2019-11447
4WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01034CVE-2022-21663
5Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.030.02288CVE-2022-26923
6QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.050.27000CVE-2017-13067
7WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01034CVE-2022-21664
8Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.33212CVE-2017-8835
9Cisco Internet of Things Field Network Director Web-based User Interface xml external entity reference5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01055CVE-2019-1698
10Mycroft AI WebSocket Server access control7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.060.01440CVE-2018-1000621
11Sophos Firewall User Portal/Webadmin code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01156CVE-2022-3236
12Proxmox Virtual Environment/Mail Gateway HTTP Request server-side request forgery8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01018CVE-2022-35508
13nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.460.00000CVE-2020-12440
14SOGo Web Calendar cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01136CVE-2016-6191
15OpenLDAP Backend sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.15351CVE-2022-29155
16Pydio pydio-core proxy.php unrestricted upload8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01440CVE-2019-9642
17BlueMind Contact Application data processing7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00954CVE-2019-9563
18Apple tvOS ImageIO state issue6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.03822CVE-2021-1818
19Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.64728CVE-2022-1040
20Grafana Dashboard path traversal3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.060.01108CVE-2022-32275

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (64)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/rapi/read_urlpredictiveHigh
3File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
4FileAppCompatCache.exepredictiveHigh
5Filecgi-bin/awstats.plpredictiveHigh
6Filecgi-bin/MANGA/admin.cgipredictiveHigh
7Filecoders/png.cpredictiveMedium
8Filexxxxxxxxx.xxx.xxxpredictiveHigh
9Filexxxxx/xxxxx.xxxpredictiveHigh
10Filexxxx_xxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexx/xx-xx.xpredictiveMedium
13Filexxx/xxxx_xxxx.xpredictiveHigh
14Filexxxx_xxxxxx.xpredictiveHigh
15Filexxxx/xxxxxxx.xpredictiveHigh
16Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
17Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
18Filexxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx_xxxxxxx/xxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxx/xxx.xxxpredictiveMedium
22Filexxxxxx.xpredictiveMedium
23Filexxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
26Filexxxxxxx/xxxxxxxxxxpredictiveHigh
27Filexxxxxxx-xxxxxxxxxx/xxx/xxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32FilexxxxxxxxxxpredictiveMedium
33Filexxxxxxx/xxxxx.xxxpredictiveHigh
34Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
35Argumentxxxxxx_xxxxpredictiveMedium
36ArgumentxxxxxpredictiveLow
37ArgumentxxxpredictiveLow
38ArgumentxxxxxxpredictiveLow
39ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
40Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
41Argumentxxxxxx_xxpredictiveMedium
42ArgumentxxxxxpredictiveLow
43ArgumentxxxxxxpredictiveLow
44Argumentxx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxxpredictiveHigh
45ArgumentxxxxpredictiveLow
46ArgumentxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48Argumentxxxxx_xxpredictiveMedium
49ArgumentxxxxxxxxpredictiveMedium
50Argumentx_x_xpredictiveLow
51Argumentxxxx_xxpredictiveLow
52Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
53ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
54ArgumentxxxpredictiveLow
55ArgumentxxxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxxx/xx/xxxx/xxxpredictiveHigh
58ArgumentxxxxxxxxpredictiveMedium
59Input Value.%xx.../.%xx.../predictiveHigh
60Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
61Input ValuexxxxxxxxxxpredictiveMedium
62Network PortxxxxpredictiveLow
63Network Portxxxx xxxxpredictiveMedium
64Network Portxxx/xxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!