GMERA تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (24)

التسلسل الزمني

اللغة

en18
zh4
ru2

البلد

us10
gb4
ir2
ag2
wf2

الفاعلين

GMERA3
Cobalt Strike2
Patchwork1
Redaman1
Dragonfly1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Firewall Software4
Not Defined4
Web Server4
Operating System2
Document Reader Software2

المجهز

Cisco4
Linux2
Adobe2
Intellian2
Sitecore2

منتج

Cisco ASA4
Cisco Firepower Threat Defense4
Linux Kernel2
Adobe Acrobat Reader2
Intellian Aptus Web2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Siemens LOGO 8 BM TCP Packet تلف الذاكرة7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00168CVE-2022-36361
2Cisco ASA/Firepower Threat Defense Web Services Interface تجاوز الصلاحيات6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.97508CVE-2020-3452
3Cisco ASA/Firepower Threat Defense Web Services Interface الكشف عن المعلومات6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01928CVE-2020-3259
4Siemens SIMATIC ET 200SP/SIMATIC S7-1500 Web Server الحرمان من الخدمة4.34.3$0-$5k$5k-$25kNot DefinedNot Defined0.000.00105CVE-2020-15796
5Siemens SIMATIC S7-1500 الحرمان من الخدمة6.46.1$5k-$25kجاري الحسابNot DefinedOfficial Fix0.000.00124CVE-2019-19281
6Siemens LOGO!8 BM Service Port 135 توثيق ضعيف8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00131CVE-2020-7589
7Microsoft IIS IP/Domain Restriction تجاوز الصلاحيات6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.120.00817CVE-2014-4078
8Apache HTTP Server ap_get_basic_auth_pw توثيق ضعيف8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01399CVE-2017-3167
9Linux Kernel Filesystem Layer تلف الذاكرة8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.00189CVE-2021-33909
10Intellian Aptus Web توثيق ضعيف8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00659CVE-2020-8000
11Palo Alto PAN-OS GlobalProtect Portal تجاوز الصلاحيات8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.66700CVE-2020-2034
12Plesk Onyx Reflected سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00151CVE-2020-11584
13ProMinent MultiFLEX M10a Controller Web Interface الكشف عن المعلومات5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00059CVE-2017-14009
14Sitecore CMS/XP Sitecore.Security.AntiCSRF تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01277CVE-2019-9874
15Vesta Control Panel index.php file_put_contents Reflected سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00103CVE-2018-10686
16Monstra CMS ZIP File تجاوز الصلاحيات7.57.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00345CVE-2018-9037
17Adobe Acrobat Reader تجاوز الصلاحيات7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01601CVE-2017-16379
18Adobe Acrobat Reader تلف الذاكرة7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01143CVE-2017-3113
19Adobe Acrobat Reader تلف الذاكرة7.57.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.02127CVE-2017-16368
20Microsoft Windows SMB تجاوز الصلاحيات7.77.1$25k-$100k$0-$5kHighOfficial Fix0.020.97116CVE-2017-0146

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
185.209.88.123vm1887998.31ssd.had.wfGMERA31/05/2021verifiedعالي
2XX.XXX.XXX.XXXxxxx31/05/2021verifiedعالي
3XXX.XX.XXX.XXXxxxx31/05/2021verifiedعالي
4XXX.XX.XXX.Xxxxxxx.xxx.xxXxxxx31/05/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059.007CWE-79Cross Site Scriptingpredictiveعالي
2T1068CWE-264, CWE-269Execution with Unnecessary Privilegespredictiveعالي
3TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1Fileview/file/index.phppredictiveعالي
2Argument$_REQUEST['path']predictiveعالي
3Argument__xxxxxxxxxpredictiveمتوسط
4Input Valuexxxxxxxxpredictiveمتوسط
5Network Portxxx/xxxpredictiveواطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!