GRU تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (392)

التسلسل الزمني

اللغة

en270
ru66
es18
de16
fr8

البلد

ru152
us128
ro48
fr8
vn6

الفاعلين

GRU8
Cobalt Strike2
RecordBreaker1
SystemBC1
LokiBot1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined82
Operating System26
Web Server18
Content Management System16
Chip Software14

المجهز

Not Defined76
Microsoft26
Oracle14
AMD10
Apache10

منتج

Microsoft Windows20
AMD CPU10
Apache HTTP Server10
Oracle MySQL Server8
WordPress6

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Cisco CX Cloud Agent تجاوز الصلاحيات7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2023-20044
3nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.170.00241CVE-2020-12440
4Zyxel ATP/USG FLEX/VPN Logs Page سكربتات مشتركة3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00046CVE-2023-27990
5PHP PHAR phar_dir_read تلف الذاكرة8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00126CVE-2023-3824
6AMD CPU ASP تلف الذاكرة5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00063CVE-2022-23813
7Fortinet FortiClientEMS تشفير ضعيف6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00062CVE-2021-41028
8Microsoft Excel/Office/PowerPoint/Publisher/Visio/Word/Skype Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00050CVE-2024-20673
9AMD CPU تشفير ضعيف2.62.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00043CVE-2021-26407
10Fortinet FSSO Collector UDP Login Notification Packet توثيق ضعيف6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00068CVE-2021-26088
11Asus RT-AX56U Profile Configuration تلف الذاكرة8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00073CVE-2022-23973
12ISC BIND named الحرمان من الخدمة7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00052CVE-2023-6516
13Microsoft Windows DNS Client الحرمان من الخدمة7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00063CVE-2024-21342
14TRENDnet TEW-815DAP POST Request do_setNTP تجاوز الصلاحيات8.38.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00058CVE-2024-0919
15Linux-PAM pam_namespace.so protect_dir الحرمان من الخدمة3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2024-22365
16Oracle MySQL Server Options الحرمان من الخدمة4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2024-20968
17Oracle MySQL Server RAPID الحرمان من الخدمة6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2024-20960
18Google Go net-http الكشف عن المعلومات4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00052CVE-2023-39326
19AMI AptioV BMP Logo تجاوز الصلاحيات7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00043CVE-2023-39538
201C:Enterprise URL Parameter الكشف عن المعلومات5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00168CVE-2021-3131

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
177.83.247.81GRU16/02/2022verifiedعالي
293.115.28.161GRU16/02/2022verifiedعالي
3XX.XXX.XX.XXXxxxxxxx.xxxxxxx.xxXxx16/02/2022verifiedعالي
4XXX.XX.XXX.XXxxxxxx-xx.xxx.xx.xxx.xxxxxx.xxxXxx16/02/2022verifiedعالي
5XXX.XXX.XX.XXXxx16/02/2022verifiedعالي
6XXX.XXX.XXX.XXXxx16/02/2022verifiedعالي
7XXX.XXX.XX.XXxxx.xxxxxxxxxxx.xxxXxx16/02/2022verifiedعالي
8XXX.XXX.XXX.XXXxx16/02/2022verifiedعالي
9XXX.XX.XXX.XXxxxx-xxxxx.xxxxxxxxx.xxxXxx16/02/2022verifiedعالي
10XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxx.xxxxxxxxxxxx.xxXxx16/02/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
11TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
16TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File.htaccesspredictiveمتوسط
2File/?ajax-request=jnewspredictiveعالي
3File/admin/students/view_student.phppredictiveعالي
4File/admin_ping.htmpredictiveعالي
5File/CommunitySSORedirect.jsppredictiveعالي
6File/loginLess/../../etc/passwdpredictiveعالي
7File/see_more_details.phppredictiveعالي
8File/system/proxypredictiveعالي
9File/uncpath/predictiveمتوسط
10File/usr/local/nagios/bin/npcdpredictiveعالي
11Fileaccountancy/customer/card.phppredictiveعالي
12Fileaddentry.phppredictiveمتوسط
13Fileadd_comment.phppredictiveعالي
14Fileadmin.phppredictiveمتوسط
15Fileadmin/create-package.phppredictiveعالي
16Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
17Filexxxxxxx.xxxpredictiveمتوسط
18Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
19Filexxxxxx.xxxpredictiveمتوسط
20Filexxxxxxx.xxxpredictiveمتوسط
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
22Filexxxxxxx.xxxxx.xxxpredictiveعالي
23Filexxxxxxxxxxxx.xxxpredictiveعالي
24Filexxxxx.xxxpredictiveمتوسط
25Filexxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxx/xxxx_xxx.xxxpredictiveعالي
26Filexxxxxxxxxxxxx/xxxxxx/xxxx/xxxx.xxxpredictiveعالي
27Filexxx/xxxxxx/xxxxxx.xpredictiveعالي
28Filexxxxxxxxx.xxxpredictiveعالي
29Filexxx/xxxxxxxxx-xxxxx.xxxpredictiveعالي
30Filexxx/xxxxxx.xxxpredictiveعالي
31Filexxxxx.xxxpredictiveمتوسط
32Filexxxx_xxxx.xxxpredictiveعالي
33Filexxxx_xxxxxx/xxxxxxxxx.xxpredictiveعالي
34Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveعالي
35Filexxxxxxxxx/xxxxxx/xxxxxxxx.xxx.xxxpredictiveعالي
36Filexxxxx.xxxpredictiveمتوسط
37Filexxxxx.xxxxpredictiveمتوسط
38Filexxx_xxx.xpredictiveمتوسط
39Filexxxx_xxxxxx.xxxpredictiveعالي
40Filexxx_xxxxxxxxx.xxpredictiveعالي
41Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
42Filexxxx.xxxpredictiveمتوسط
43Filexxxxx_xxxxxx_xxx.xxxpredictiveعالي
44Filexxxxxxxx.xxxpredictiveمتوسط
45Filexxxxxx_xxxxxxx.xxxpredictiveعالي
46Filexxxx_xxxxxx.xxxpredictiveعالي
47Filexxxxxxxxx xxxxxpredictiveعالي
48Filexxxxx/xxxxxxxxxxxx/xxxxx.xxxxpredictiveعالي
49Filexxxxxx_xxx/xxxxpredictiveعالي
50Filexxxxxx_xxxxxxxx.xxxpredictiveعالي
51Filexxxxxxxx.xxxpredictiveمتوسط
52Filexxxxxxxxx.xxxpredictiveعالي
53Filexxxxxxxx.xxxpredictiveمتوسط
54Filexxxx_xxx_xxx_xxxx.xxxpredictiveعالي
55Filexxxxxxxxxxxxx.xxxpredictiveعالي
56Filexxxxxx/xxxxxxxxxxx/xxxxx_xxxxxx.xxxpredictiveعالي
57Filexx-xxxxx/xxxxx.xxxpredictiveعالي
58Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
59Filexx-xxxxx.xxxpredictiveمتوسط
60Filexx-xxxxxxxxxxx.xxxpredictiveعالي
61File~/xxxx-xxxxxxx.xxxpredictiveعالي
62Libraryxxxxxxx.xxxpredictiveمتوسط
63Libraryxxx.xxxpredictiveواطئ
64Libraryxxx/xxxx.xxpredictiveمتوسط
65Libraryxxx/xxxxx/xxxxxxxx.xxpredictiveعالي
66Argument$xxx_xxxx_xxxx)predictiveعالي
67Argument*xxxxpredictiveواطئ
68Argumentxxxxxxxxxxxpredictiveمتوسط
69Argumentxxxxxxpredictiveواطئ
70Argumentxxx_xxxxx_xxxxpredictiveعالي
71Argumentxxxxxxxxpredictiveمتوسط
72Argumentxxxpredictiveواطئ
73Argumentxxxxxpredictiveواطئ
74Argumentxxx_xxpredictiveواطئ
75Argumentxxxxpredictiveواطئ
76Argumentxxxpredictiveواطئ
77Argumentxxxx_xxpredictiveواطئ
78Argumentxxxxxxxpredictiveواطئ
79Argumentxxxxxxxxxpredictiveمتوسط
80Argumentxxxpredictiveواطئ
81Argumentxxxxxxxxpredictiveمتوسط
82Argumentxxxx_xxxxpredictiveمتوسط
83Argumentxxxxxxpredictiveواطئ
84Argumentxxxxpredictiveواطئ
85Argumentxxxxpredictiveواطئ
86Argumentxxpredictiveواطئ
87Argumentxxxx_xxxx/xxxx_xxxxpredictiveعالي
88Argumentxxxxxxxxpredictiveمتوسط
89Argumentxxxxxxxx_xxxxpredictiveعالي
90Argumentxxxxxx_xxxx_xxxpredictiveعالي
91Argumentxxxxxx_xxpredictiveمتوسط
92Argumentxxxpredictiveواطئ
93Argumentxxxxpredictiveواطئ
94Argumentxxxx[]predictiveواطئ
95Argumentxxxpredictiveواطئ
96Argumentxxxxxxxxxxx/xxxxxxxxxpredictiveعالي
97Argumentxxxxx_xxpredictiveمتوسط
98Argumentxxxxx_xx/xxxxxpredictiveعالي
99Argumentxxxpredictiveواطئ
100Argumentxxxxxpredictiveواطئ
101Argumentxxxxxxxxxxxpredictiveمتوسط
102Argumentxxxxxx_xxpredictiveمتوسط
103Argumentxxxxxxxxxpredictiveمتوسط
104Argumentxxxxxx_xxpredictiveمتوسط
105Argumentxxx-xxxxxxpredictiveمتوسط
106Argumentxxxpredictiveواطئ
107Argumentxxxxxxxxx_xxxxxx_xxxpredictiveعالي
108Argumentxxxxpredictiveواطئ
109Argumentxxxpredictiveواطئ
110Argumentxxxxxxpredictiveواطئ
111Argumentxxxxxxxxpredictiveمتوسط
112Argumentxxxxxx_xxxxxxpredictiveعالي
113Input Value../predictiveواطئ
114Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveعالي
115Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveعالي
116Network Portxxx/xx (xxxxxx)predictiveعالي
117Network Portxxx/xx (xxx)predictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!