Groundbait 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

タイムライン

言語

en32
de12

国・地域

us22

アクター

Groundbait5

アクティビティ

関心

タイムライン

タイプ

Not Defined8
Cloud Software6
Web Browser4
Packet Analyzer Software4
Network Management Software2

ベンダー

Oracle10
Not Defined8
Google4
Fortinet4
Paessler2

製品

Oracle Communications Cloud Native Core Network Fu ...4
tcpdump4
Paessler PRTG Network Monitor2
Google Chrome2
Artifex MuJS2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Creme CRM Salesman Creation Page Stored クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2018-14396
2tcpdump AH Parser print-ah.c ah_print メモリ破損8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.021260.00CVE-2016-7922
3tcpdump GeoNetworking Parser print-geonet.c メモリ破損8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.021260.00CVE-2016-7986
4tcpdump PPP Parser print-ppp.c ppp_hdlc_if_print メモリ破損8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.021260.00CVE-2016-7933
5tcpdump ISAKMP Parser print-isakmp.c ikev2_e_print メモリ破損8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.377580.00CVE-2017-5205
6tcpdump GRE Parser print-gre.c メモリ破損8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.021260.00CVE-2016-7939
7tcpdump RTCP Parser print-udp.c rtcp_print メモリ破損8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.021260.03CVE-2016-7934
8Online Pet Shop We App SQLインジェクション6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2022-41377
9Moodle Administration Page SQLインジェクション7.27.2$5k-$25k$5k-$25kNot DefinedNot Defined0.001570.00CVE-2022-40315
10SquirrelMail 情報の漏洩3.33.3$0-$5k$0-$5kNot DefinedWorkaround0.000000.00
11Oracle Communications Cloud Native Core Policy 特権昇格9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.975370.00CVE-2022-22963
12Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP サービス拒否7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002180.00CVE-2020-36518
13Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE ディレクトリトラバーサル7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002550.00CVE-2019-20916
14Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE メモリ破損9.89.6$100k 以上$25k-$100kNot DefinedOfficial Fix0.009130.00CVE-2022-23219
15Google Chrome Extensions API Privilege Escalation5.55.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001310.00CVE-2022-2164
16Dell Command Update/Alienware Update Advanced Driver Restore 特権昇格7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-24426
17Microsoft Internet Explorer mshtmled.dll 特権昇格6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.962620.00CVE-2010-3329
18AShop Deluxe salesadmin.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
19Cisco IOS XR CLI Permission 特権昇格7.47.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2017-6728
20Oracle MySQL Server DML 特権昇格6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001410.00CVE-2017-3634

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
123.22.38.222ec2-23-22-38-222.compute-1.amazonaws.comGroundbait2020年12月23日verified
223.22.221.237ec2-23-22-221-237.compute-1.amazonaws.comGroundbait2020年12月23日verified
3XX.XX.XXX.Xxxx-xx-xx-xxx-x.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx2020年12月23日verified
4XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx2020年12月23日verified
5XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx2020年12月23日verified
6XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxx2021年05月31日verified
7XX.XXX.XXX.XXxx.xx.xxXxxxxxxxxx2020年12月23日verified
8XX.XXX.XXX.XXxx.xx.xxXxxxxxxxxx2020年12月23日verified
9XX.XXX.XXX.XXXxxxxxxxxx2020年12月23日verified
10XXX.XX.XX.XXxxxxxx.xxxxxxx-xxxx.xxxXxxxxxxxxx2020年12月23日verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/pet_shop/admin/?page=maintenance/manage_categorypredictive
2Fileadmin/salesadmin.phppredictive
3Filedrivers/gpu/drm/udl/udl_fb.cpredictive
4Filexxxxxx.xpredictive
5Filexxxxx-xx.xpredictive
6Filexxxxx-xxxxxx.xpredictive
7Filexxxxx-xxx.xpredictive
8Filexxxxx-xxxxxx.xpredictive
9Filexxxxx-xxx.xpredictive
10Filexxxxx-xxx.xpredictive
11Filexxxxxx.xpredictive
12Filexxx/xxxx.xpredictive
13Libraryxxxxxxxx.xxxpredictive
14Argumentxxxxxxxxx/xxxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxx/xxxxxxx_xxxxxxx-xxxxxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxx/xxxxxxxx_xxxxxxx-xxxxxxxxxxpredictive
15Argumentxxpredictive
16Argumentxxxxxxx/xxxxxxxxxxxxxpredictive
17Argumentxxxxxxxxxxpredictive
18Argumentxxxxxxxxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!