Genkryptik Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

Idioma

en	88
de	12
es	4
sv	2
pl	2

País

us	72
me	20
ir	4
se	2
fr	2

Actores

Genkryptik	3
Remcos	3
Ave Maria	3
Nanocore RAT	3
AsyncRAT	3

Interesar

Escribe

Not Defined	32
Operating System	6
Content Management System	6
Web Server	6
Programming Language Software	4

Proveedor

Not Defined	32
Microsoft	8
IBM	4
Apache	4
Sagemcom	2

Producto

Microsoft Windows	4
Microsoft IIS	4
Sagemcom F@st 5260	2
IBM Doors Web Access	2
phpMyAdmin	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00501	0.00	CVE-2004-2175
2	NAVER Cloud Explorer escalada de privilegios	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00222	0.00	CVE-2020-9752
3	NAVER Vaccine nsz Archive nsGreen.dll directory traversal	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00184	0.04	CVE-2019-13157
4	GNU GRUB ext2.c grub_ext2_read_block desbordamiento de búfer	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00504	0.03	CVE-2017-9763
5	PhotoPost PHP Pro showproduct.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00276	0.04	CVE-2004-0250
6	OpenSSH Authentication Username divulgación de información	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.07	CVE-2016-6210
7	BitTorrent uTorrent Bencoding Parser escalada de privilegios	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00867	0.04	CVE-2020-8437
8	MDaemon Webmail cross site scripting	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.02	CVE-2019-8983
9	WIKINDX PAGING.php getPagingStart cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00201	0.02	CVE-2019-13588
10	Synology DiskStation Manager Change Password escalada de privilegios	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.03	CVE-2018-8916
11	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.07	CVE-2017-0055
12	gtk-vnc Framebuffer desbordamiento de búfer	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00268	0.00	CVE-2017-1000044
13	Oracle MySQL Enterprise Monitor Apache Struts 2 desbordamiento de búfer	9.8	9.4	$100k y más	$0-$5k	Proof-of-Concept	Official Fix	0.02365	0.00	CVE-2016-4436
14	Tiki Admin Password tiki-login.php autenticación débil	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.90	CVE-2020-15906
15	SharpZipLib directory traversal	6.8	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00611	0.06	CVE-2021-32840
16	Apache HTTP Server mod_proxy_ajp escalada de privilegios	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00903	0.00	CVE-2022-26377
17	Vinchin Backup and Recovery autenticación débil	9.0	9.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00688	0.04	CVE-2022-35866
18	Microsoft Exchange Server Privilege Escalation	8.3	7.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00064	0.02	CVE-2023-35388
19	Chengdu Flash Flood Disaster Monitoring and Warning System Ajaxfileupload.ashx escalada de privilegios	6.9	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.08	CVE-2023-3802
20	TikiWiki tiki-register.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.52	CVE-2006-6168

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	13.107.21.200		Genkryptik	2022-04-08	verified	Alto
2	79.134.225.5		Genkryptik	2022-05-04	verified	Alto
3	79.134.225.125		Genkryptik	2022-05-04	verified	Alto
4	XX.XX.XXX.XX	xx-xxx-xx.xxxxxxxx.xxxx	Xxxxxxxxxx	2022-04-12	verified	Alto
5	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xx	Xxxxxxxxxx	2022-05-04	verified	Alto
6	XXX.XXX.X.X	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto
7	XXX.XXX.X.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto
8	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto
9	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto
10	XXX.XXX.XX.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto
11	XXX.XXX.XXX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto
12	XXX.XX.XXX.XX	xxxxxx.xxxxxxxxx-xxxxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto
13	XXX.XXX.XX.XX		Xxxxxxxxxx	2022-05-04	verified	Alto
14	XXX.XXX.XX.XX	xxxxxxx.xxxxxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	Alto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/Controller/Ajaxfileupload.ashx	predictive	Alto
2	File	/etc/sudoers	predictive	Medio
3	File	/uncpath/	predictive	Medio
4	File	admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser	predictive	Alto
5	File	cat.php	predictive	Bajo
6	File	category.cfm	predictive	Medio
7	File	core/lists/PAGING.php	predictive	Alto
8	File	xxxxxx.xxx	predictive	Medio
9	File	xxxx/xxxxx.xxx	predictive	Alto
10	File	xxxxxxxxxxx/xxxxx.xxx	predictive	Alto
11	File	xx/xxxx.x	predictive	Medio
12	File	xxxxxxx.xxx	predictive	Medio
13	File	xxxxx.xxx	predictive	Medio
14	File	xxxxxxxxx/xx/xxx/xxxxxxx.xx	predictive	Alto
15	File	xxxxx/xxxxxxxx.x	predictive	Alto
16	File	xxxxxxx/xxxx.xxx	predictive	Alto
17	File	xxxxxxx/xx.x	predictive	Medio
18	File	xxx.xx	predictive	Bajo
19	File	xxxxxxxx.xxx	predictive	Medio
20	File	xxxxxxx_xxxxxxx_xxxx.xxx	predictive	Alto
21	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Alto
22	File	xxxx_xxxxxxxxx.xxx	predictive	Alto
23	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
24	File	xxxxxxx.xxx	predictive	Medio
25	File	xxxxxxxxxxx.xxx	predictive	Alto
26	File	xxxx-xxxxx.xxx	predictive	Alto
27	File	xxxx-xxxxxxxx.xxx	predictive	Alto
28	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	Alto
29	Library	xxxxxxxxxxxx_xxx.xxx	predictive	Alto
30	Library	xxxxxxx.xxx	predictive	Medio
31	Library	xxxxxxx.xxx.xx.xxx	predictive	Alto
32	Argument	xxx	predictive	Bajo
33	Argument	xxxxx	predictive	Bajo
34	Argument	xxx_xx	predictive	Bajo
35	Argument	xxx	predictive	Bajo
36	Argument	xxxxxxxxxx	predictive	Medio
37	Argument	xxxx	predictive	Bajo
38	Argument	xxxxxxxx	predictive	Medio
39	Argument	xx	predictive	Bajo
40	Argument	xxxx_xx	predictive	Bajo
41	Argument	xxxxxxxx	predictive	Medio
42	Argument	xxxxx	predictive	Bajo
43	Argument	xxxxx	predictive	Bajo
44	Argument	xxxxxxxxxxx	predictive	Medio
45	Argument	xxxxxxxx	predictive	Medio
46	Argument	xx	predictive	Bajo
47	Argument	xxxxxxxx_xx	predictive	Medio
48	Argument	xxxxxxxxxxxxxxx	predictive	Alto
49	Argument	xxxx	predictive	Bajo
50	Input Value	xxxxxxxx.+xxx	predictive	Alto

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!