Groundbait Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Język

en	32
de	12

Kraj

us	20
co	2

Aktorzy

Groundbait	6

Wysiłek

Rodzaj

Web Browser	12
Cloud Software	6
Not Defined	6
Packet Analyzer Software	4
Router Operating System	2

Sprzedawca

Not Defined	10
Oracle	8
Google	8
Microsoft	6
Fortinet	4

Produkt

Google Chrome	8
Oracle Communications Cloud Native Core Network Fu ...	4
Microsoft Internet Explorer	4
tcpdump	4
Fortinet FortiWLC	4

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Creme CRM Salesman Creation Page Stored cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.03	CVE-2018-14396
2	tcpdump AH Parser print-ah.c ah_print memory corruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7922
3	tcpdump GeoNetworking Parser print-geonet.c memory corruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7986
4	tcpdump PPP Parser print-ppp.c ppp_hdlc_if_print memory corruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7933
5	tcpdump ISAKMP Parser print-isakmp.c ikev2_e_print memory corruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.37758	0.00	CVE-2017-5205
6	tcpdump GRE Parser print-gre.c memory corruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7939
7	tcpdump RTCP Parser print-udp.c rtcp_print memory corruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.03	CVE-2016-7934
8	Online Pet Shop We App sql injection	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00072	0.00	CVE-2022-41377
9	Moodle Administration Page sql injection	7.2	7.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00157	0.00	CVE-2022-40315
10	SquirrelMail information disclosure	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.00
11	Oracle Communications Cloud Native Core Policy privilege escalation	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.97537	0.00	CVE-2022-22963
12	Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP denial of service	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00218	0.00	CVE-2020-36518
13	Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE directory traversal	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00255	0.00	CVE-2019-20916
14	Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE memory corruption	9.8	9.6	$100k i więcej	$25k-$100k	Not Defined	Official Fix	0.00913	0.00	CVE-2022-23219
15	Google Chrome Extensions API Privilege Escalation	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00131	0.00	CVE-2022-2164
16	Dell Command Update/Alienware Update Advanced Driver Restore privilege escalation	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-24426
17	Microsoft Internet Explorer mshtmled.dll privilege escalation	6.3	6.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.96262	0.00	CVE-2010-3329
18	AShop Deluxe salesadmin.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02
19	Cisco IOS XR CLI Permission privilege escalation	7.4	7.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2017-6728
20	Oracle MySQL Server DML privilege escalation	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00141	0.00	CVE-2017-3634

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	23.22.38.222	ec2-23-22-38-222.compute-1.amazonaws.com	Groundbait	2020-12-23	verified	Medium
2	23.22.221.237	ec2-23-22-221-237.compute-1.amazonaws.com	Groundbait	2020-12-23	verified	Medium
3	XX.XX.XXX.X	xxx-xx-xx-xxx-x.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	2020-12-23	verified	Medium
4	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	2020-12-23	verified	Medium
5	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	2020-12-23	verified	Medium
6	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	2021-05-31	verified	Medium
7	XX.XXX.XXX.XX	xx.xx.xx	Xxxxxxxxxx	2020-12-23	verified	Wysoki
8	XX.XXX.XXX.XX	xx.xx.xx	Xxxxxxxxxx	2020-12-23	verified	Wysoki
9	XX.XXX.XXX.XX		Xxxxxxxxxx	2020-12-23	verified	Wysoki
10	XXX.XX.XX.XX	xxxxxx.xxxxxxx-xxxx.xxx	Xxxxxxxxxx	2020-12-23	verified	Wysoki

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/pet_shop/admin/?page=maintenance/manage_category	predictive	Wysoki
2	File	admin/salesadmin.php	predictive	Wysoki
3	File	drivers/gpu/drm/udl/udl_fb.c	predictive	Wysoki
4	File	xxxxxx.x	predictive	Medium
5	File	xxxxx-xx.x	predictive	Medium
6	File	xxxxx-xxxxxx.x	predictive	Wysoki
7	File	xxxxx-xxx.x	predictive	Medium
8	File	xxxxx-xxxxxx.x	predictive	Wysoki
9	File	xxxxx-xxx.x	predictive	Medium
10	File	xxxxx-xxx.x	predictive	Medium
11	File	xxxxxx.x	predictive	Medium
12	File	xxx/xxxx.x	predictive	Medium
13	Library	xxxxxxxx.xxx	predictive	Medium
14	Argument	xxxxxxxxx/xxxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxx/xxxxxxx_xxxxxxx-xxxxxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxx/xxxxxxxx_xxxxxxx-xxxxxxxxxx	predictive	Wysoki
15	Argument	xx	predictive	Niski
16	Argument	xxxxxxx/xxxxxxxxxxxxx	predictive	Wysoki
17	Argument	xxxxxxxxxx	predictive	Medium
18	Argument	xxxxxxxxxx	predictive	Medium

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you know our Splunk app?

Download it now for free!