Grandoreiro Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (320)

Zeitverlauf

Sprache

en282
pl14
es14
pt6
it4

Land

us66
ru10
es10
pt6
it2

Akteure

Grandoreiro10
Wocao1
APT341
BianLian1
Responder1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined30
Web Server14
Content Management System6
Forum Software4
Network Management Software4

Hersteller

Not Defined28
Apache8
Adobe6
Cisco4
Docmint2

Produkt

Apache HTTP Server6
Cisco SD-WAN vManage4
Adobe Media Encoder4
YaBB4
PHP4

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1SOCKS 5 Proxy Config erweiterte Rechte7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.00
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.21CVE-2010-0966
4nginx erweiterte Rechte6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.27CVE-2020-12440
5Netscape Communicator JPEG Comment Pufferüberlauf7.36.6$0-$5kWird berechnetProof-of-ConceptOfficial Fix0.013450.00CVE-2000-0655
6DZCP deV!L`z Clanportal browser.php Information Disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.54CVE-2007-1167
7phpMyAdmin erweiterte Rechte7.97.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001800.00CVE-2016-6621
8PHP Cookie erweiterte Rechte5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001300.08CVE-2022-31629
9PHP PHP-FPM Denial of Service5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005840.04CVE-2015-9253
10Campcodes Beauty Salon Management System admin-profile.php SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2023-3874
11PHP GD Extension imageloadfont Pufferüberlauf6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000640.04CVE-2022-31630
12OrangeScrum AWS Credential Cross Site Scripting5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2023-1783
13ARCHIBUS Web Central login.axvw erweiterte Rechte5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2021-41553
14Apache HTTP Server mod_auth_digest Pufferüberlauf5.65.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.002200.03CVE-2020-35452
15Oracle HTTP Server OSSL Module erweiterte Rechte9.08.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.974060.03CVE-2021-40438
16Apache HTTP Server mod_proxy erweiterte Rechte7.37.3$25k-$100k$25k-$100kNot DefinedNot Defined0.974060.00CVE-2021-40438
17Apache HTTP Server MPM Event Worker erweiterte Rechte6.56.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.973470.00CVE-2019-0211
18Apache HTTP Server mod_proxy_uwsgi Pufferüberlauf8.58.5$25k-$100k$5k-$25kNot DefinedNot Defined0.015260.04CVE-2020-11984
19Apache HTTP Server ap_escape_quotes Pufferüberlauf5.65.6$25k-$100k$25k-$100kNot DefinedNot Defined0.005790.02CVE-2021-39275
20XMB Forum member.php Cross Site Scripting4.34.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002700.00CVE-2003-0375

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
13.144.135.247ec2-3-144-135-247.us-east-2.compute.amazonaws.comGrandoreiro01.02.2024verifiziertMedium
24.229.235.160Grandoreiro02.02.2024verifiziertHigh
315.188.63.127ec2-15-188-63-127.eu-west-3.compute.amazonaws.comGrandoreiro23.08.2022verifiziertMedium
415.228.57.146ec2-15-228-57-146.sa-east-1.compute.amazonaws.comGrandoreiro19.06.2023verifiziertMedium
515.228.233.242ec2-15-228-233-242.sa-east-1.compute.amazonaws.comGrandoreiro19.06.2023verifiziertMedium
615.229.47.198ec2-15-229-47-198.sa-east-1.compute.amazonaws.comGrandoreiro19.06.2023verifiziertMedium
7XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxx01.02.2024verifiziertMedium
8XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx04.11.2023verifiziertMedium
9XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx19.06.2023verifiziertMedium
10XX.XXX.XXX.XXXxxxxxxxxxx01.02.2024verifiziertHigh
11XX.XXX.XX.XXXXxxxxxxxxxx01.02.2024verifiziertHigh
12XX.XXX.XXX.XXXXxxxxxxxxxx01.02.2024verifiziertHigh
13XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx23.08.2022verifiziertMedium
14XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx23.08.2022verifiziertMedium
15XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxxxxx.xxxXxxxxxxxxxx02.02.2024verifiziertHigh
16XX.XX.XXX.XXxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxxxx29.01.2023verifiziertHigh
17XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx23.08.2022verifiziertMedium
18XX.XXX.XXX.XXXXxxxxxxxxxx01.02.2024verifiziertHigh
19XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx01.02.2024verifiziertMedium
20XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx23.08.2022verifiziertMedium
21XX.XX.XXX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxx01.02.2024verifiziertHigh
22XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxxXxxxxxxxxxx01.02.2024verifiziertHigh
23XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxx01.02.2024verifiziertHigh
24XXX.XXX.X.XXXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxxxxxxxx01.02.2024verifiziertHigh
25XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxxxxxx23.08.2022verifiziertHigh
26XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxxxxxx01.02.2024verifiziertHigh
27XXX.XX.XXX.XXXxx.xxxxxxx.xxxxXxxxxxxxxxx16.04.2021verifiziertHigh
28XXX.XXX.XXX.XXXXxxxxxxxxxx22.11.2022verifiziertHigh
29XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxxxxxx01.02.2024verifiziertHigh
30XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxxxxxx22.11.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
8TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (52)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/admin/admin-profile.phpprädiktivHigh
2File/archibus/login.axvwprädiktivHigh
3File/cgi-bin/wapopenprädiktivHigh
4File/downloadprädiktivMedium
5File/forum/away.phpprädiktivHigh
6File/mgmt/tm/util/bashprädiktivHigh
7File/SASWebReportStudio/logonAndRender.doprädiktivHigh
8File/xxxxxxx/prädiktivMedium
9Filexxxxxxx/xxxxx.xxxprädiktivHigh
10Filexxxxx/xxx/xxxxxxx/xxx/xxxx.xxxprädiktivHigh
11Filexxxxxxxxxx_xxxxx.xxxprädiktivHigh
12Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
13Filexxxxxxxxx_xxxxxxx.xxxprädiktivHigh
14Filexxxxxxxx.xxxprädiktivMedium
15Filexxxx_xxxx.xprädiktivMedium
16Filexxx/xxxxxx.xxxprädiktivHigh
17Filexxx/xxxxxxxxxxx/xxxxxxx.xxxprädiktivHigh
18Filexxxxx.xxxprädiktivMedium
19Filexxxx.xxxxprädiktivMedium
20Filexxxxxx.xxxprädiktivMedium
21Filexxxxxxx.xxxprädiktivMedium
22Filexxxx_xxxxxx.xxxprädiktivHigh
23Filexxxxxxx.xxxprädiktivMedium
24Filexxxx.xxxprädiktivMedium
25Filexxxxxxx.xxxprädiktivMedium
26Filexxxxx/xxxxxxx.xprädiktivHigh
27Filexx-xxxxx/xxxx-xxx.xxxprädiktivHigh
28Filexxxx.xxprädiktivLow
29ArgumentxxxxxxxxxxxprädiktivMedium
30ArgumentxxxxxxxxxprädiktivMedium
31Argumentxxxxx_xxxxx_xxxprädiktivHigh
32Argumentxxxxxxx_xxprädiktivMedium
33ArgumentxxxxxxxxprädiktivMedium
34ArgumentxxxxxxprädiktivLow
35Argumentxxx_xxxxprädiktivMedium
36ArgumentxxxxprädiktivLow
37ArgumentxxxxxxxxxxprädiktivMedium
38Argumentxxxxxxx[xx_xxx_xxxx]prädiktivHigh
39ArgumentxxprädiktivLow
40ArgumentxxxxxxxxxxxxxxprädiktivHigh
41Argumentxxxxxxxx_xxxprädiktivMedium
42ArgumentxxxxxxprädiktivLow
43Argumentxx_xxx[xxxx_xxxxxx_xxx]prädiktivHigh
44ArgumentxxxprädiktivLow
45Argumentxxxx_xxxxprädiktivMedium
46Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxprädiktivHigh
47ArgumentxxxxxxprädiktivLow
48ArgumentxxxxxxxxprädiktivMedium
49Argument\xxx\prädiktivLow
50Input Value../..prädiktivLow
51Input ValuexxxxxprädiktivLow
52Network Portxxx/xxxxxprädiktivMedium

Referenzen (9)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!