GRU Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (400)

Chronologie

Langue

en272
ru68
de22
es14
fr8

De campagne

ru158
us144
ro36
fr8
de4

Acteurs

GRU8
Cobalt Strike2
RecordBreaker1
SystemBC1
DNSBirthday1

Activités

Intérêt

Chronologie

Taper

Not Defined106
Programming Language Software16
Web Server16
Chip Software12
Virtualization Software12

Fournisseur

Not Defined80
Microsoft16
Apache16
AMD12
Citrix8

Produit

AMD CPU12
Apache HTTP Server12
Microsoft Windows8
PHP6
Oracle MySQL Server4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Cisco CX Cloud Agent elévation de privilèges7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2023-20044
3nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.30CVE-2020-12440
4Zyxel ATP/USG FLEX/VPN Logs Page cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000460.02CVE-2023-27990
5PHP PHAR phar_dir_read buffer overflow8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.05CVE-2023-3824
6AMD CPU ASP buffer overflow5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.02CVE-2022-23813
7Fortinet FortiClientEMS chiffrement faible6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2021-41028
8Microsoft Excel/Office/PowerPoint/Publisher/Visio/Word/Skype Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000500.00CVE-2024-20673
9AMD CPU chiffrement faible2.62.6$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2021-26407
10Fortinet FSSO Collector UDP Login Notification Packet authentification faible6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2021-26088
11Asus RT-AX56U Profile Configuration buffer overflow8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.000730.02CVE-2022-23973
12ISC BIND named dénie de service7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000520.02CVE-2023-6516
13Microsoft Windows DNS Client dénie de service7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000630.00CVE-2024-21342
14TRENDnet TEW-815DAP POST Request do_setNTP elévation de privilèges8.38.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.09CVE-2024-0919
15Linux-PAM pam_namespace.so protect_dir dénie de service3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2024-22365
16Oracle MySQL Server Options dénie de service4.44.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2024-20968
17Oracle MySQL Server RAPID dénie de service6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2024-20960
18Google Go net-http divulgation de l'information4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000520.02CVE-2023-39326
19AMI AptioV BMP Logo elévation de privilèges7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.02CVE-2023-39538
201C:Enterprise URL Parameter divulgation de l'information5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001680.06CVE-2021-3131

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
177.83.247.81GRU16/02/2022verifiedÉlevé
293.115.28.161GRU16/02/2022verifiedÉlevé
3XX.XXX.XX.XXXxxxxxxx.xxxxxxx.xxXxx16/02/2022verifiedÉlevé
4XXX.XX.XXX.XXxxxxxx-xx.xxx.xx.xxx.xxxxxx.xxxXxx16/02/2022verifiedÉlevé
5XXX.XXX.XX.XXXxx16/02/2022verifiedÉlevé
6XXX.XXX.XXX.XXXxx16/02/2022verifiedÉlevé
7XXX.XXX.XX.XXxxx.xxxxxxxxxxx.xxxXxx16/02/2022verifiedÉlevé
8XXX.XXX.XXX.XXXxx16/02/2022verifiedÉlevé
9XXX.XX.XXX.XXxxxx-xxxxx.xxxxxxxxx.xxxXxx16/02/2022verifiedÉlevé
10XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxx.xxxxxxxxxxxx.xxXxx16/02/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (118)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File.htaccesspredictiveMoyen
2File/?ajax-request=jnewspredictiveÉlevé
3File/admin/students/view_student.phppredictiveÉlevé
4File/admin_ping.htmpredictiveÉlevé
5File/CommunitySSORedirect.jsppredictiveÉlevé
6File/loginLess/../../etc/passwdpredictiveÉlevé
7File/see_more_details.phppredictiveÉlevé
8File/system/proxypredictiveÉlevé
9File/uncpath/predictiveMoyen
10File/usr/local/nagios/bin/npcdpredictiveÉlevé
11Fileaccountancy/customer/card.phppredictiveÉlevé
12Fileaddentry.phppredictiveMoyen
13Fileadd_comment.phppredictiveÉlevé
14Fileadmin.phppredictiveMoyen
15Fileadmin/create-package.phppredictiveÉlevé
16Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
17Filexxxxxxx.xxxpredictiveMoyen
18Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
19Filexxxxxx.xxxpredictiveMoyen
20Filexxxxxxx.xxxpredictiveMoyen
21Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
22Filexxxxxxx.xxxxx.xxxpredictiveÉlevé
23Filexxxxxxxxxxxx.xxxpredictiveÉlevé
24Filexxxxx.xxxpredictiveMoyen
25Filexxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxx/xxxx_xxx.xxxpredictiveÉlevé
26Filexxxxxxxxxxxxx/xxxxxx/xxxx/xxxx.xxxpredictiveÉlevé
27Filexxx/xxxxxx/xxxxxx.xpredictiveÉlevé
28Filexxxxxxxxx.xxxpredictiveÉlevé
29Filexxx/xxxxxxxxx-xxxxx.xxxpredictiveÉlevé
30Filexxx/xxxxxx.xxxpredictiveÉlevé
31Filexxxxx.xxxpredictiveMoyen
32Filexxxx_xxxx.xxxpredictiveÉlevé
33Filexxxx_xxxxxx/xxxxxxxxx.xxpredictiveÉlevé
34Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
35Filexxxxxxxxx/xxxxxx/xxxxxxxx.xxx.xxxpredictiveÉlevé
36Filexxxxx.xxxpredictiveMoyen
37Filexxxxx.xxxxpredictiveMoyen
38Filexxx_xxx.xpredictiveMoyen
39Filexxxx_xxxxxx.xxxpredictiveÉlevé
40Filexxx_xxxxxxxxx.xxpredictiveÉlevé
41Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
42Filexxxx.xxxpredictiveMoyen
43Filexxxxx_xxxxxx_xxx.xxxpredictiveÉlevé
44Filexxxxxxxx.xxxpredictiveMoyen
45Filexxxxxxx.xxxpredictiveMoyen
46Filexxxxxx_xxxxxxx.xxxpredictiveÉlevé
47Filexxxx_xxxxxx.xxxpredictiveÉlevé
48Filexxxxxxxxx xxxxxpredictiveÉlevé
49Filexxxxx/xxxxxxxxxxxx/xxxxx.xxxxpredictiveÉlevé
50Filexxxxxx_xxx/xxxxpredictiveÉlevé
51Filexxxxxx_xxxxxxxx.xxxpredictiveÉlevé
52Filexxxxxxxx.xxxpredictiveMoyen
53Filexxxxxxxxx.xxxpredictiveÉlevé
54Filexxxxxxxx.xxxpredictiveMoyen
55Filexxxx_xxx_xxx_xxxx.xxxpredictiveÉlevé
56Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
57Filexxxxxx/xxxxxxxxxxx/xxxxx_xxxxxx.xxxpredictiveÉlevé
58Filexx-xxxxx/xxxxx.xxxpredictiveÉlevé
59Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
60Filexx-xxxxx.xxxpredictiveMoyen
61Filexx-xxxxxxxxxxx.xxxpredictiveÉlevé
62File~/xxxx-xxxxxxx.xxxpredictiveÉlevé
63Libraryxxxxxxx.xxxpredictiveMoyen
64Libraryxxx.xxxpredictiveFaible
65Libraryxxx/xxxx.xxpredictiveMoyen
66Libraryxxx/xxxxx/xxxxxxxx.xxpredictiveÉlevé
67Argument$xxx_xxxx_xxxx)predictiveÉlevé
68Argument*xxxxpredictiveFaible
69ArgumentxxxxxxxxxxxpredictiveMoyen
70ArgumentxxxxxxpredictiveFaible
71Argumentxxx_xxxxx_xxxxpredictiveÉlevé
72ArgumentxxxxxxxxpredictiveMoyen
73ArgumentxxxpredictiveFaible
74ArgumentxxxxxpredictiveFaible
75Argumentxxx_xxpredictiveFaible
76ArgumentxxxxpredictiveFaible
77ArgumentxxxpredictiveFaible
78Argumentxxxx_xxpredictiveFaible
79ArgumentxxxxxxxpredictiveFaible
80ArgumentxxxxxxxxxpredictiveMoyen
81ArgumentxxxpredictiveFaible
82ArgumentxxxxxxxxpredictiveMoyen
83Argumentxxxx_xxxxpredictiveMoyen
84ArgumentxxxxxxpredictiveFaible
85ArgumentxxxxpredictiveFaible
86ArgumentxxxxpredictiveFaible
87ArgumentxxpredictiveFaible
88Argumentxxxx_xxxx/xxxx_xxxxpredictiveÉlevé
89ArgumentxxxxxxxxpredictiveMoyen
90Argumentxxxxxxxx_xxxxpredictiveÉlevé
91Argumentxxxxxx_xxxx_xxxpredictiveÉlevé
92Argumentxxxxxx_xxpredictiveMoyen
93ArgumentxxxpredictiveFaible
94ArgumentxxxxpredictiveFaible
95Argumentxxxx[]predictiveFaible
96ArgumentxxxpredictiveFaible
97Argumentxxxxxxxxxxx/xxxxxxxxxpredictiveÉlevé
98Argumentxxxxx_xxpredictiveMoyen
99Argumentxxxxx_xx/xxxxxpredictiveÉlevé
100ArgumentxxxpredictiveFaible
101ArgumentxxxxxpredictiveFaible
102ArgumentxxxxxxxxxxxpredictiveMoyen
103Argumentxxxxxx_xxpredictiveMoyen
104ArgumentxxxxxxxxxpredictiveMoyen
105Argumentxxxxxx_xxpredictiveMoyen
106Argumentxxx-xxxxxxpredictiveMoyen
107ArgumentxxxpredictiveFaible
108Argumentxxxxxxxxx_xxxxxx_xxxpredictiveÉlevé
109ArgumentxxxxpredictiveFaible
110ArgumentxxxpredictiveFaible
111ArgumentxxxxxxpredictiveFaible
112ArgumentxxxxxxxxpredictiveMoyen
113Argumentxxxxxx_xxxxxxpredictiveÉlevé
114Input Value../predictiveFaible
115Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveÉlevé
116Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveÉlevé
117Network Portxxx/xx (xxxxxx)predictiveÉlevé
118Network Portxxx/xx (xxx)predictiveMoyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!