OldGremlin Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (220)

Chronologie

Langue

en196
zh8
es4
fr4
de2

De campagne

us100
cn52
at12
ce6
ru6

Acteurs

Cobalt Strike13
NetSupportManager RAT12
Raccoon10
SideWinder8
RecordBreaker7

Activités

Intérêt

Chronologie

Taper

Not Defined84
Firewall Software14
Router Operating System10
Content Management System10
Operating System10

Fournisseur

Not Defined70
Microsoft12
QNAP6
Sophos6
Tenda4

Produit

Microsoft Windows8
QNAP QTS6
Liferay Portal6
WordPress4
Palo Alto PAN-OS4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00251CVE-2013-5033
2Arduino LED elévation de privilèges5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2019-13991
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00112CVE-2021-3056
4Microsoft IIS IP/Domain Restriction elévation de privilèges6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.070.00817CVE-2014-4078
5WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00467CVE-2022-21664
6VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
7Mikrotik RouterOS SNMP divulgation de l'information8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00307CVE-2022-45315
8Linksys WRT54GL Web Management Interface SysInfo1.htm divulgation de l'information4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.100.00046CVE-2024-1406
9RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00612CVE-2020-35730
10Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.12149CVE-2019-10232
11Sophos Firewall User Portal/Webadmin authentification faible8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97434CVE-2022-1040
12nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.240.00241CVE-2020-12440
13CutePHP CuteNews elévation de privilèges7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02086CVE-2019-11447
14WordPress Object elévation de privilèges5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00432CVE-2022-21663
15Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k et plus$0-$5kProof-of-ConceptOfficial Fix0.030.07920CVE-2022-26923
16QNAP QTS Media Library elévation de privilèges8.58.2$0-$5k$0-$5kHighOfficial Fix0.030.01394CVE-2017-13067
17Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01457CVE-2017-8835
18Cisco Internet of Things Field Network Director Web-based User Interface XML External Entity5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00150CVE-2019-1698
19Mycroft AI WebSocket Server elévation de privilèges7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00269CVE-2018-1000621
20RealNetworks RealServer Port 7070 Service dénie de service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.030.02116CVE-2000-0272

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.181.156.84no-rdns.mivocloud.comOldGremlin02/06/2022verifiedÉlevé
245.61.138.170OldGremlin02/06/2022verifiedÉlevé
3XX.XXX.XXX.XXXXxxxxxxxxx18/04/2022verifiedÉlevé
4XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02/06/2022verifiedÉlevé
5XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02/06/2022verifiedÉlevé
6XXX.XX.XX.XXxxxxxxxxx18/04/2022verifiedÉlevé
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx18/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/api/RecordingList/DownloadRecord?file=predictiveÉlevé
2File/apply.cgipredictiveMoyen
3File/php/ping.phppredictiveÉlevé
4File/rapi/read_urlpredictiveÉlevé
5File/scripts/unlock_tasks.phppredictiveÉlevé
6File/SysInfo1.htmpredictiveÉlevé
7File/sysinfo_json.cgipredictiveÉlevé
8File/system/user/modules/mod_users/controller.phppredictiveÉlevé
9File/uncpath/predictiveMoyen
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveÉlevé
11FileAppCompatCache.exepredictiveÉlevé
12Filexxxxxxx/xxxx.xxxpredictiveÉlevé
13Filexxxxxxxx.xxxpredictiveMoyen
14Filexxx-xxx/xxxxxxx.xxpredictiveÉlevé
15Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveÉlevé
16Filexxxxxx/xxx.xpredictiveMoyen
17Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
18Filexxxxxxxxx.xxx.xxxpredictiveÉlevé
19Filexxxxx/xxxxx.xxxpredictiveÉlevé
20Filexxxx_xxxxx.xxxpredictiveÉlevé
21Filexxxxx.xxxpredictiveMoyen
22Filexxxxxx.xxxpredictiveMoyen
23Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveÉlevé
24Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveÉlevé
25Filexx/xx-xx.xpredictiveMoyen
26Filexxx/xxxx_xxxx.xpredictiveÉlevé
27Filexxxxxx/xxxxxxxxxxxpredictiveÉlevé
28Filexxxx_xxxxxx.xpredictiveÉlevé
29Filexxxx/xxxxxxx.xpredictiveÉlevé
30Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveÉlevé
31Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveÉlevé
32Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveÉlevé
33Filexxxxxxxxxx.xxxpredictiveÉlevé
34Filexxxxxxx_xxxxxxx/xxxx.xxxpredictiveÉlevé
35Filexxxxx.xxxpredictiveMoyen
36Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
37Filexxx/xxx.xxxpredictiveMoyen
38Filexxxxxx.xpredictiveMoyen
39Filexxxx.xxxpredictiveMoyen
40Filexxxxx.xxxpredictiveMoyen
41Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveÉlevé
42Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveÉlevé
43Filexxxxxxxx.xxxpredictiveMoyen
44Filexxxxxxx/xxxxxxxxxxpredictiveÉlevé
45Filexxxxxxx-xxxxxxxxxx/xxx/xxxxx.xxxpredictiveÉlevé
46Filexxxx.xxxpredictiveMoyen
47Filexxxxx/xxxxx.xxxpredictiveÉlevé
48Filexxxxxxxx.xxxpredictiveMoyen
49Filexxxxxxxxx.xxxpredictiveÉlevé
50Filexxxx.xxxpredictiveMoyen
51FilexxxxxxxxxxpredictiveMoyen
52Filexxxxxxx/xxxxx.xxxpredictiveÉlevé
53Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveÉlevé
54ArgumentxxxxxxpredictiveFaible
55Argumentxxxxxxx_xxxxpredictiveMoyen
56Argumentxxxxxx_xxxxpredictiveMoyen
57ArgumentxxxxxpredictiveFaible
58ArgumentxxxpredictiveFaible
59ArgumentxxxxxxxxpredictiveMoyen
60ArgumentxxxxxxpredictiveFaible
61ArgumentxxxxxxxxxxxxxxxxxpredictiveÉlevé
62ArgumentxxxxxpredictiveFaible
63Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveÉlevé
64Argumentxxxxxx_xxpredictiveMoyen
65ArgumentxxxxxpredictiveFaible
66ArgumentxxxxxxpredictiveFaible
67ArgumentxxxxxxxxxxxxpredictiveMoyen
68ArgumentxxxxxxpredictiveFaible
69Argumentxx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxxpredictiveÉlevé
70ArgumentxxxxpredictiveFaible
71ArgumentxxxxpredictiveFaible
72ArgumentxxpredictiveFaible
73ArgumentxxxxxxxxxpredictiveMoyen
74Argumentxxxxxxxx[xx]predictiveMoyen
75ArgumentxxxxxxxpredictiveFaible
76Argumentxxx_xxxxpredictiveMoyen
77Argumentxxxxx_xxpredictiveMoyen
78ArgumentxxxxxxxxpredictiveMoyen
79Argumentx_x_xpredictiveFaible
80Argumentxxxxxxx/xxxxxpredictiveÉlevé
81Argumentxxxxxx_xxxpredictiveMoyen
82ArgumentxxxxxxpredictiveFaible
83Argumentxxxx_xxpredictiveFaible
84Argumentxxxxxxxx_xxxxxxxxpredictiveÉlevé
85ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
86Argumentxxxx_xxpredictiveFaible
87ArgumentxxxpredictiveFaible
88ArgumentxxxxpredictiveFaible
89ArgumentxxxxxxxxpredictiveMoyen
90Argumentxxxx/xx/xxxx/xxxpredictiveÉlevé
91ArgumentxxxxxxxxpredictiveMoyen
92Input Value.%xx.../.%xx.../predictiveÉlevé
93Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveÉlevé
94Input Valuexxxxxxx -xxxpredictiveMoyen
95Input ValuexxxxxxxxxxpredictiveMoyen
96Network PortxxxxpredictiveFaible
97Network PortxxxxpredictiveFaible
98Network Portxxxx xxxxpredictiveMoyen
99Network Portxxx/xxxpredictiveFaible
100Network Portxxx/xxxxpredictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!