GandCrab 2.1 Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (193)

Oś czasu

Język

en188
fr2
it2
de2

Kraj

us112
bg54
ro4
ru4
nl2

Aktorzy

GandCrab 2.13

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined62
Content Management System16
Web Server14
Operating System12
Programming Language Software6

Sprzedawca

Not Defined68
Microsoft22
Oracle8
Apache6
Adobe4

Produkt

Microsoft Windows8
Moodle4
Adobe Experience Manager4
Microsoft IIS4
PHP4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.72CVE-2020-12440
2Apache HTTP Server HTTP Digest Authentication Challenge weak authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.016860.03CVE-2018-1312
3TVT Dvr Firmware directory traversal7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.152040.04CVE-2013-6023
4FreeBSD Ping pr_pack memory corruption7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2022-23093
5Acme Mini HTTPd Terminal privilege escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003030.04CVE-2009-4490
6Apache HTTP Server mod_rewrite Redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.03CVE-2020-1927
7WordPress Press This class-wp-press-this.php information disclosure6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005270.05CVE-2017-5610
8profanity weak encryption5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.001140.00CVE-2022-40769
9Photocrati ecomm-sizes.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.00CVE-2015-2216
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
11Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kObliczenieHighWorkaround0.020160.00CVE-2007-1192
12TP-LINK WR740N Wireless N Router HTTP Request denial of service7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
13Joomla CMS File Upload media.php privilege escalation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.798640.04CVE-2013-5576
14Copadata zenon zenAdminSrv.exe memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.008690.00CVE-2011-4533
15D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000520.00CVE-2024-0717
16Project Worlds Online Food Ordering System add-item.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-45324
17SourceCodester Online Student Management System edit-class-detail.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.10CVE-2023-1099
18Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget privilege escalation5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.04CVE-2021-24914
19WordPress Wp Downloads Manager File Upload upload.php privilege escalation10.09.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.028750.00CVE-2008-3362
20VSFTPD Connection denial of service5.55.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002810.00CVE-2021-30047

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
137.143.160.70net1-customer70.adrana.roGandCrab 2.12018-04-26verifiedWysoki
266.171.248.178api1.whatismyipaddress.comGandCrab 2.12018-04-26verifiedWysoki
3XX.XXX.XX.XXXxxxxxxx X.x2018-04-26verifiedWysoki
4XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx.xxXxxxxxxx X.x2018-04-26verifiedWysoki
5XXX.XX.XXX.XXXxxxxxxx X.x2018-04-26verifiedWysoki
6XXX.XXX.XX.XXXxxxxxxx.xxxxxxxx.xxxXxxxxxxx X.x2018-04-26verifiedWysoki
7XXX.XXX.XX.XXXXxxxxxxx X.x2018-04-26verifiedWysoki
8XXX.XXX.XX.XXXXxxxxxxx X.x2018-04-26verifiedWysoki

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-22Path TraversalpredictiveWysoki
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveWysoki
9TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
12TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
15TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki

IOA - Indicator of Attack (75)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/devinfopredictiveMedium
2File/etc/tomcat8/Catalina/attackpredictiveWysoki
3File/ext/phar/phar_object.cpredictiveWysoki
4File/inc/campaign/count_of_send.phppredictiveWysoki
5File/rdms/admin/?page=user/manage_userpredictiveWysoki
6File/TeleoptiWFM/Administration/GetOneTenantpredictiveWysoki
7File/transmission/rpcpredictiveWysoki
8File/uncpath/predictiveMedium
9Fileadmin/config/confmgr.phppredictiveWysoki
10Filexxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx.xxpredictiveWysoki
11Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveWysoki
12Filexxxxxxx.xxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filex:\xxxxxxpredictiveMedium
15Filexxxxxx.xxxpredictiveMedium
16Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictiveWysoki
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxpredictiveWysoki
20Filexxxxx-xxxxx.xxxpredictiveWysoki
21Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveWysoki
22Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveWysoki
23Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveWysoki
24Filexxxx.xpredictiveNiski
25Filexxxx/xxxxxxxxxxxxxpredictiveWysoki
26Filexx/xxxxx_xxx.xpredictiveWysoki
27Filexxxx_xxx_xxxxxx_xxxxxxx.xpredictiveWysoki
28Filexxxxx.xxxpredictiveMedium
29Filexx/xxxxxxx.xpredictiveMedium
30Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveWysoki
31Filexxxxx\xxxxxx_xxxx.xxxpredictiveWysoki
32Filexxxxxx_xxxxxx.xxpredictiveWysoki
33Filexxxxxxx/xxx-xxxx.xxxpredictiveWysoki
34Filexxxxxxxxxxx.xxxpredictiveWysoki
35Filexxxxxxxxx/xxxxxxxxxxpredictiveWysoki
36Filexxxxx.xpredictiveNiski
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveWysoki
39Filexxxxx/xxxxx.xxpredictiveWysoki
40Filexxx-xxx/xxxx/xxxxxxxxxx.xxxpredictiveWysoki
41Filexxxxxxx.xxxpredictiveMedium
42Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveWysoki
43Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveWysoki
44Filexx-xxxxxx.xxxpredictiveWysoki
45Filexx-xxxx.xxxpredictiveMedium
46Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveWysoki
47Filexxxxx-xxxxxx.xxxpredictiveWysoki
48Filexxxxxxxxxxx.xxxpredictiveWysoki
49Libraryxxxxxxxxx/xxxx/xxxxxx/xxxxxx.xxxx.xxx.xxxpredictiveWysoki
50Libraryxxxxx.xxxpredictiveMedium
51Argument${xxx}predictiveNiski
52Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveWysoki
53ArgumentxxxxpredictiveNiski
54ArgumentxxxxxxpredictiveNiski
55Argumentxxxx_xxpredictiveNiski
56ArgumentxxxxxxpredictiveNiski
57ArgumentxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxpredictiveNiski
59ArgumentxxxxxxxxxxxxpredictiveMedium
60Argumentxxxxxx_xxxxx_xxxpredictiveWysoki
61ArgumentxxxxpredictiveNiski
62ArgumentxxpredictiveNiski
63ArgumentxxxxxxxxxpredictiveMedium
64ArgumentxxxxxpredictiveNiski
65ArgumentxxxxxpredictiveNiski
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxxpredictiveNiski
69Argumentxxxx_xxpredictiveNiski
70ArgumentxxxxxxpredictiveNiski
71ArgumentxxxxxxpredictiveNiski
72ArgumentxxxxxxxxxxxxxxxpredictiveWysoki
73ArgumentxxxxxxpredictiveNiski
74Argumentxxxxxxxx/xxxxpredictiveWysoki
75Input Valuexxxxxx|xxx|xxxxxxxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you know our Splunk app?

Download it now for free!