Grandoreiro Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (320)

Langue

en	268
pl	16
es	14
pt	8
it	6

De campagne

us	82
ru	10
es	8
pt	6
it	2

Acteurs

Grandoreiro	9
Wocao	1
APT34	1
RedLine Stealer	1
Raccoon	1

Intérêt

Taper

Not Defined	36
Web Server	10
Router Operating System	4
Programming Language Software	4
Content Management System	4

Fournisseur

Not Defined	26
Cisco	8
Apache	6
DZCP	4
Juniper	4

Produit

Apache HTTP Server	6
DZCP deV!L`z Clanportal	4
Juniper Junos	4
Cisco SD-WAN vManage	4
PHP	4

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	SOCKS 5 Proxy Config elévation de privilèges	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Workaround	0.00	0.00000
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.73	0.00943	CVE-2010-0966
4	nginx elévation de privilèges	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.14	0.00241	CVE-2020-12440
5	Netscape Communicator JPEG Comment buffer overflow	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.01345	CVE-2000-0655
6	DZCP deV!L`z Clanportal browser.php divulgation de l'information	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	1.45	0.02733	CVE-2007-1167
7	phpMyAdmin elévation de privilèges	7.9	7.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00180	CVE-2016-6621
8	PHP Cookie elévation de privilèges	5.0	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00130	CVE-2022-31629
9	PHP PHP-FPM dénie de service	5.9	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00584	CVE-2015-9253
10	Campcodes Beauty Salon Management System admin-profile.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00064	CVE-2023-3874
11	PHP GD Extension imageloadfont buffer overflow	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00064	CVE-2022-31630
12	OrangeScrum AWS Credential cross site scripting	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2023-1783
13	ARCHIBUS Web Central login.axvw elévation de privilèges	5.6	5.4	$0-$5k	Calculateur	Not Defined	Official Fix	0.00	0.00115	CVE-2021-41553
14	Apache HTTP Server mod_auth_digest buffer overflow	5.6	5.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03	0.00220	CVE-2020-35452
15	Oracle HTTP Server OSSL Module elévation de privilèges	9.0	8.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.97406	CVE-2021-40438
16	Apache HTTP Server mod_proxy elévation de privilèges	7.3	7.3	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.04	0.97406	CVE-2021-40438
17	Apache HTTP Server MPM Event Worker elévation de privilèges	6.5	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.97329	CVE-2019-0211
18	Apache HTTP Server mod_proxy_uwsgi buffer overflow	8.5	8.5	$25k-$100k	$25k-$100k	Not Defined	Not Defined	0.04	0.01526	CVE-2020-11984
19	Apache HTTP Server ap_escape_quotes buffer overflow	5.6	5.6	$25k-$100k	$25k-$100k	Not Defined	Not Defined	0.04	0.00579	CVE-2021-39275
20	XMB Forum member.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00234	CVE-2003-0375

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	3.144.135.247	ec2-3-144-135-247.us-east-2.compute.amazonaws.com	Grandoreiro	01/02/2024	verified	Moyen
2	4.229.235.160		Grandoreiro	02/02/2024	verified	Élevé
3	15.188.63.127	ec2-15-188-63-127.eu-west-3.compute.amazonaws.com	Grandoreiro	23/08/2022	verified	Moyen
4	15.228.57.146	ec2-15-228-57-146.sa-east-1.compute.amazonaws.com	Grandoreiro	19/06/2023	verified	Moyen
5	15.228.233.242	ec2-15-228-233-242.sa-east-1.compute.amazonaws.com	Grandoreiro	19/06/2023	verified	Moyen
6	15.229.47.198	ec2-15-229-47-198.sa-east-1.compute.amazonaws.com	Grandoreiro	19/06/2023	verified	Moyen
7	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Moyen
8	XX.XXX.XX.XX	xxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	04/11/2023	verified	Moyen
9	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	19/06/2023	verified	Moyen
10	XX.XXX.XXX.XX		Xxxxxxxxxxx	01/02/2024	verified	Élevé
11	XX.XXX.XX.XXX		Xxxxxxxxxxx	01/02/2024	verified	Élevé
12	XX.XXX.XXX.XXX		Xxxxxxxxxxx	01/02/2024	verified	Élevé
13	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Moyen
14	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Moyen
15	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	02/02/2024	verified	Élevé
16	XX.XX.XXX.XX	xxx-xxxxxxxx.xxx.xxx.xxx	Xxxxxxxxxxx	29/01/2023	verified	Élevé
17	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Moyen
18	XX.XXX.XXX.XXX		Xxxxxxxxxxx	01/02/2024	verified	Élevé
19	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Moyen
20	XX.XXX.XX.XX	xxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Moyen
21	XX.XX.XXX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxxxxxx	01/02/2024	verified	Élevé
22	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Élevé
23	XX.XXX.XX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxxxxxx	01/02/2024	verified	Élevé
24	XXX.XXX.X.XXX	xxxxxxxx.xxxxxxxxxxx.xxx.xx	Xxxxxxxxxxx	01/02/2024	verified	Élevé
25	XXX.XXX.XXX.XXX	xxxxx.xx-xxx-xxx-xxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Élevé
26	XXX.XXX.XXX.XXX	xxxxx.xx-xxx-xxx-xxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Élevé
27	XXX.XX.XXX.XXX	xx.xxxxxxx.xxxx	Xxxxxxxxxxx	16/04/2021	verified	Élevé
28	XXX.XXX.XXX.XXX		Xxxxxxxxxxx	22/11/2022	verified	Élevé
29	XXX.XXX.XX.XX	xxx-xxx-xx-xx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Élevé
30	XXX.XX.X.XXX	xxxxx.xx-xxx-xx-x.xxx	Xxxxxxxxxxx	22/11/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	T1059	CWE-94	Argument Injection	predictive	Élevé
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (52)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/admin/admin-profile.php	predictive	Élevé
2	File	/archibus/login.axvw	predictive	Élevé
3	File	/cgi-bin/wapopen	predictive	Élevé
4	File	/download	predictive	Moyen
5	File	/forum/away.php	predictive	Élevé
6	File	/mgmt/tm/util/bash	predictive	Élevé
7	File	/SASWebReportStudio/logonAndRender.do	predictive	Élevé
8	File	/xxxxxxx/	predictive	Moyen
9	File	xxxxxxx/xxxxx.xxx	predictive	Élevé
10	File	xxxxx/xxx/xxxxxxx/xxx/xxxx.xxx	predictive	Élevé
11	File	xxxxxxxxxx_xxxxx.xxx	predictive	Élevé
12	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
13	File	xxxxxxxxx_xxxxxxx.xxx	predictive	Élevé
14	File	xxxxxxxx.xxx	predictive	Moyen
15	File	xxxx_xxxx.x	predictive	Moyen
16	File	xxx/xxxxxx.xxx	predictive	Élevé
17	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Élevé
18	File	xxxxx.xxx	predictive	Moyen
19	File	xxxx.xxxx	predictive	Moyen
20	File	xxxxxx.xxx	predictive	Moyen
21	File	xxxxxxx.xxx	predictive	Moyen
22	File	xxxx_xxxxxx.xxx	predictive	Élevé
23	File	xxxxxxx.xxx	predictive	Moyen
24	File	xxxx.xxx	predictive	Moyen
25	File	xxxxxxx.xxx	predictive	Moyen
26	File	xxxxx/xxxxxxx.x	predictive	Élevé
27	File	xx-xxxxx/xxxx-xxx.xxx	predictive	Élevé
28	File	xxxx.xx	predictive	Faible
29	Argument	xxxxxxxxxxx	predictive	Moyen
30	Argument	xxxxxxxxx	predictive	Moyen
31	Argument	xxxxx_xxxxx_xxx	predictive	Élevé
32	Argument	xxxxxxx_xx	predictive	Moyen
33	Argument	xxxxxxxx	predictive	Moyen
34	Argument	xxxxxx	predictive	Faible
35	Argument	xxx_xxxx	predictive	Moyen
36	Argument	xxxx	predictive	Faible
37	Argument	xxxxxxxxxx	predictive	Moyen
38	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	Élevé
39	Argument	xx	predictive	Faible
40	Argument	xxxxxxxxxxxxxx	predictive	Élevé
41	Argument	xxxxxxxx_xxx	predictive	Moyen
42	Argument	xxxxxx	predictive	Faible
43	Argument	xx_xxx[xxxx_xxxxxx_xxx]	predictive	Élevé
44	Argument	xxx	predictive	Faible
45	Argument	xxxx_xxxx	predictive	Moyen
46	Argument	xxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxx	predictive	Élevé
47	Argument	xxxxxx	predictive	Faible
48	Argument	xxxxxxxx	predictive	Moyen
49	Argument	\xxx\	predictive	Faible
50	Input Value	../..	predictive	Faible
51	Input Value	xxxxx	predictive	Faible
52	Network Port	xxx/xxxxx	predictive	Moyen

Références (9)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you know our Splunk app?

Download it now for free!