OldGremlin Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (220)

Cronología

Idioma

en188
zh18
ru4
es4
fr4

País

us94
cn68
ru8
at6
ce4

Actores

NetSupportManager RAT13
Cobalt Strike13
Raccoon11
SideWinder8
RecordBreaker8

Ocupaciones

Interesar

Cronología

Escribe

Not Defined72
Content Management System14
Firewall Software12
WordPress Plugin10
Hosting Control Software8

Proveedor

Not Defined70
Microsoft14
Linksys6
Siemens6
Kayako4

Producto

cPanel8
Microsoft Windows6
Microsoft Exchange Server4
WordPress4
OpenSSH4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00251CVE-2013-5033
2Arduino LED escalada de privilegios5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2019-13991
3Palo Alto PAN-OS GlobalProtect Clientless VPN desbordamiento de búfer8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00112CVE-2021-3056
4Microsoft IIS IP/Domain Restriction escalada de privilegios6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.070.00817CVE-2014-4078
5WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00467CVE-2022-21664
6VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
7Mikrotik RouterOS SNMP divulgación de información8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00307CVE-2022-45315
8Linksys WRT54GL Web Management Interface SysInfo1.htm divulgación de información4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.100.00046CVE-2024-1406
9RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00612CVE-2020-35730
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.12149CVE-2019-10232
11Sophos Firewall User Portal/Webadmin autenticación débil8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97434CVE-2022-1040
12nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.260.00241CVE-2020-12440
13CutePHP CuteNews escalada de privilegios7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02086CVE-2019-11447
14WordPress Object escalada de privilegios5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00432CVE-2022-21663
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k y más$0-$5kProof-of-ConceptOfficial Fix0.030.07920CVE-2022-26923
16QNAP QTS Media Library escalada de privilegios8.58.2$0-$5k$0-$5kHighOfficial Fix0.030.01394CVE-2017-13067
17Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01457CVE-2017-8835
18Cisco Internet of Things Field Network Director Web-based User Interface XML External Entity5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00150CVE-2019-1698
19Mycroft AI WebSocket Server escalada de privilegios7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00269CVE-2018-1000621
20RealNetworks RealServer Port 7070 Service denegación de servicio7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.030.02116CVE-2000-0272

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.181.156.84no-rdns.mivocloud.comOldGremlin2022-06-02verifiedAlto
245.61.138.170OldGremlin2022-06-02verifiedAlto
3XX.XXX.XXX.XXXXxxxxxxxxx2022-04-18verifiedAlto
4XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-06-02verifiedAlto
5XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-06-02verifiedAlto
6XXX.XX.XX.XXxxxxxxxxx2022-04-18verifiedAlto
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-18verifiedAlto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/api/RecordingList/DownloadRecord?file=predictiveAlto
2File/apply.cgipredictiveMedio
3File/php/ping.phppredictiveAlto
4File/rapi/read_urlpredictiveAlto
5File/scripts/unlock_tasks.phppredictiveAlto
6File/SysInfo1.htmpredictiveAlto
7File/sysinfo_json.cgipredictiveAlto
8File/system/user/modules/mod_users/controller.phppredictiveAlto
9File/uncpath/predictiveMedio
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveAlto
11FileAppCompatCache.exepredictiveAlto
12Filexxxxxxx/xxxx.xxxpredictiveAlto
13Filexxxxxxxx.xxxpredictiveMedio
14Filexxx-xxx/xxxxxxx.xxpredictiveAlto
15Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveAlto
16Filexxxxxx/xxx.xpredictiveMedio
17Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
18Filexxxxxxxxx.xxx.xxxpredictiveAlto
19Filexxxxx/xxxxx.xxxpredictiveAlto
20Filexxxx_xxxxx.xxxpredictiveAlto
21Filexxxxx.xxxpredictiveMedio
22Filexxxxxx.xxxpredictiveMedio
23Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveAlto
24Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveAlto
25Filexx/xx-xx.xpredictiveMedio
26Filexxx/xxxx_xxxx.xpredictiveAlto
27Filexxxxxx/xxxxxxxxxxxpredictiveAlto
28Filexxxx_xxxxxx.xpredictiveAlto
29Filexxxx/xxxxxxx.xpredictiveAlto
30Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveAlto
31Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveAlto
32Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveAlto
33Filexxxxxxxxxx.xxxpredictiveAlto
34Filexxxxxxx_xxxxxxx/xxxx.xxxpredictiveAlto
35Filexxxxx.xxxpredictiveMedio
36Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
37Filexxx/xxx.xxxpredictiveMedio
38Filexxxxxx.xpredictiveMedio
39Filexxxx.xxxpredictiveMedio
40Filexxxxx.xxxpredictiveMedio
41Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
42Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveAlto
43Filexxxxxxxx.xxxpredictiveMedio
44Filexxxxxxx/xxxxxxxxxxpredictiveAlto
45Filexxxxxxx-xxxxxxxxxx/xxx/xxxxx.xxxpredictiveAlto
46Filexxxx.xxxpredictiveMedio
47Filexxxxx/xxxxx.xxxpredictiveAlto
48Filexxxxxxxx.xxxpredictiveMedio
49Filexxxxxxxxx.xxxpredictiveAlto
50Filexxxx.xxxpredictiveMedio
51FilexxxxxxxxxxpredictiveMedio
52Filexxxxxxx/xxxxx.xxxpredictiveAlto
53Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveAlto
54ArgumentxxxxxxpredictiveBajo
55Argumentxxxxxxx_xxxxpredictiveMedio
56Argumentxxxxxx_xxxxpredictiveMedio
57ArgumentxxxxxpredictiveBajo
58ArgumentxxxpredictiveBajo
59ArgumentxxxxxxxxpredictiveMedio
60ArgumentxxxxxxpredictiveBajo
61ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
62ArgumentxxxxxpredictiveBajo
63Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveAlto
64Argumentxxxxxx_xxpredictiveMedio
65ArgumentxxxxxpredictiveBajo
66ArgumentxxxxxxpredictiveBajo
67ArgumentxxxxxxxxxxxxpredictiveMedio
68ArgumentxxxxxxpredictiveBajo
69Argumentxx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxxpredictiveAlto
70ArgumentxxxxpredictiveBajo
71ArgumentxxxxpredictiveBajo
72ArgumentxxpredictiveBajo
73ArgumentxxxxxxxxxpredictiveMedio
74Argumentxxxxxxxx[xx]predictiveMedio
75ArgumentxxxxxxxpredictiveBajo
76Argumentxxx_xxxxpredictiveMedio
77Argumentxxxxx_xxpredictiveMedio
78ArgumentxxxxxxxxpredictiveMedio
79Argumentx_x_xpredictiveBajo
80Argumentxxxxxxx/xxxxxpredictiveAlto
81Argumentxxxxxx_xxxpredictiveMedio
82ArgumentxxxxxxpredictiveBajo
83Argumentxxxx_xxpredictiveBajo
84Argumentxxxxxxxx_xxxxxxxxpredictiveAlto
85ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
86Argumentxxxx_xxpredictiveBajo
87ArgumentxxxpredictiveBajo
88ArgumentxxxxpredictiveBajo
89ArgumentxxxxxxxxpredictiveMedio
90Argumentxxxx/xx/xxxx/xxxpredictiveAlto
91ArgumentxxxxxxxxpredictiveMedio
92Input Value.%xx.../.%xx.../predictiveAlto
93Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto
94Input Valuexxxxxxx -xxxpredictiveMedio
95Input ValuexxxxxxxxxxpredictiveMedio
96Network PortxxxxpredictiveBajo
97Network PortxxxxpredictiveBajo
98Network Portxxxx xxxxpredictiveMedio
99Network Portxxx/xxxpredictiveBajo
100Network Portxxx/xxxxpredictiveMedio

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!