GandCrab v5 Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Linguaggio

en	24

Attori

Baldr	1
Nemty	1
Sload	1
GandCrab v5	1
CoinMiner	1

Interesse

Genere

Forum Software	24

Fornitore

Not Defined	20
vBulletin	2
Jelsoft	2

Prodotto

phpBB	12
PunBB	6
vBulletin	2
vBulletin Vbulletin Forum	2
Jelsoft vBulletin	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	vBulletin decodeArguments escalazione di privilegi	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.74237	0.00	CVE-2015-7808
2	vBulletin cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01146	0.00	CVE-2004-1824
3	Tapatalk Plugin XMLRPC API unsubscribe_forum.php sql injection	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00242	0.00	CVE-2014-2023
4	phpBB Perl ucp_pm_options.php message_options cross site request forgery	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00335	0.02	CVE-2015-1432
5	vBulletin sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00214	0.00	CVE-2014-5102
6	PunBB cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00199	0.00	CVE-2010-0455
7	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00122	0.16	CVE-2018-6200
8	vBulletin Vbulletin Forum Remote Code Execution	9.8	8.5	$0-$5k	$0-$5k	Unproven	Official Fix	0.00620	0.00	CVE-2012-4328
9	phpBB install.php escalazione di privilegi	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00642	0.03	CVE-2002-1707
10	PunBB register.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00543	0.00	CVE-2005-0569
11	vBulletin moderation.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00284	0.01	CVE-2016-6195
12	vBulletin XMLRPC API breadcrumbs_create.php sql injection	6.3	6.3	$0-$5k	$0-$5k	High	Unavailable	0.00102	0.02	CVE-2014-2022
13	vBulletin visitormessage.php escalazione di privilegi	7.5	7.4	$0-$5k	$0-$5k	High	Unavailable	0.03104	0.02	CVE-2014-9463
14	PunBB Password Reset moderate.php escalazione di privilegi	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02283	0.00	CVE-2008-1484
15	phpBB modcp.php rivelazione di un 'informazione	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00392	0.00	CVE-2008-7143
16	PunBB profile.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00322	0.00	CVE-2005-2193
17	phpBB links.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00221	0.00	CVE-2007-4653
18	phpBB Remote Avatar escalazione di privilegi	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00167	0.02	CVE-2017-1000419
19	phpBB rivelazione di un 'informazione	9.8	8.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00269	0.00	CVE-2008-1766
20	phpBB startup.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00287	0.02	CVE-2015-1431

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	92.63.197.48		GandCrab v5		13/10/2018	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	ajax/api/hook/decodeArguments	predictive	Alto
2	File	breadcrumbs_create.php	predictive	Alto
3	File	forumrunner/includes/moderation.php	predictive	Alto
4	File	includes/startup.php	predictive	Alto
5	File	xxxxxxxx/xxx/xxx_xx_xxxxxxx.xxx	predictive	Alto
6	File	xxxxxxx.xxx	predictive	Media
7	File	xxxxx.xxx	predictive	Media
8	File	xxxxx.xxx	predictive	Media
9	File	xxxxxxxx.xxx	predictive	Media
10	File	xxxxxxx.xxx	predictive	Media
11	File	xxxxxxxxxx.xxx	predictive	Alto
12	File	xxxxxxxx.xxx	predictive	Media
13	File	xxxxxxxxxxx_xxxxx.xxx	predictive	Alto
14	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
15	Argument	xxxxxxxxx	predictive	Media
16	Argument	xxxxxxxxx	predictive	Media
17	Argument	xxx_xxxx	predictive	Media
18	Argument	xxxxx_xxxx_xxx	predictive	Alto
19	Argument	xxx	predictive	Basso
20	Argument	xxxxxxx	predictive	Basso
21	Argument	xxxx	predictive	Basso
22	Argument	xxxxxxxxxxxxxxxx	predictive	Alto
23	Argument	xxxxx	predictive	Basso
24	Argument	xxxxxx	predictive	Basso
25	Argument	xxx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!