GandCrab 2.1 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (193)

Curso de tempo

Idioma

en182
de4
ru4
fr2
it2

País

us102
bg56
ro10
gb4
de2

Actores

GandCrab 2.15

Actividades

Interesse

Curso de tempo

Tipo

Not Defined68
Content Management System14
Web Server12
Operating System10
Programming Language Software8

Fabricante

Not Defined80
Microsoft14
Oracle6
Apache4
Linux4

Produto

WordPress6
PHP6
Microsoft Windows6
Apache HTTP Server4
Linux Kernel4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.75CVE-2020-12440
2Apache HTTP Server HTTP Digest Authentication Challenge Fraca autenticação8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.04CVE-2018-1312
3TVT Dvr Firmware Directório Traversal7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.153910.05CVE-2013-6023
4FreeBSD Ping pr_pack Excesso de tampão7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-23093
5Acme Mini HTTPd Terminal direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003030.04CVE-2009-4490
6Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
7WordPress Press This class-wp-press-this.php Divulgação de Informação6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005270.02CVE-2017-5610
8profanity Encriptação fraca5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.001140.00CVE-2022-40769
9Photocrati ecomm-sizes.php Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001200.00CVE-2015-2216
10Microsoft IIS Roteiro Cruzado de Sítios5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.31CVE-2017-0055
11Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
12TP-LINK WR740N Wireless N Router HTTP Request Negação de Serviço7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
13Joomla CMS File Upload media.php direitos alargados6.36.0$5k-$25k$0-$5kHighOfficial Fix0.784710.04CVE-2013-5576
14Copadata zenon zenAdminSrv.exe Excesso de tampão7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.005820.00CVE-2011-4533
15D-Link Good Line Router v2 HTTP GET Request devinfo Divulgação de Informação5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000520.39CVE-2024-0717
16Project Worlds Online Food Ordering System add-item.php Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-45324
17SourceCodester Online Student Management System edit-class-detail.php Injecção SQL7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.09CVE-2023-1099
18Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget direitos alargados5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.08CVE-2021-24914
19WordPress Wp Downloads Manager File Upload upload.php direitos alargados10.09.4$0-$5kCalculadoProof-of-ConceptUnavailable0.028750.04CVE-2008-3362
20VSFTPD Connection Negação de Serviço5.55.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002810.00CVE-2021-30047

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
137.143.160.70net1-customer70.adrana.roGandCrab 2.126/04/2018verifiedAlto
266.171.248.178api1.whatismyipaddress.comGandCrab 2.126/04/2018verifiedAlto
3XX.XXX.XX.XXXxxxxxxx X.x26/04/2018verifiedAlto
4XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx.xxXxxxxxxx X.x26/04/2018verifiedAlto
5XXX.XX.XXX.XXXxxxxxxx X.x26/04/2018verifiedAlto
6XXX.XXX.XX.XXXxxxxxxx.xxxxxxxx.xxxXxxxxxxx X.x26/04/2018verifiedAlto
7XXX.XXX.XX.XXXXxxxxxxx X.x26/04/2018verifiedAlto
8XXX.XXX.XX.XXXXxxxxxxx X.x26/04/2018verifiedAlto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (75)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/devinfopredictiveMédio
2File/etc/tomcat8/Catalina/attackpredictiveAlto
3File/ext/phar/phar_object.cpredictiveAlto
4File/inc/campaign/count_of_send.phppredictiveAlto
5File/rdms/admin/?page=user/manage_userpredictiveAlto
6File/TeleoptiWFM/Administration/GetOneTenantpredictiveAlto
7File/transmission/rpcpredictiveAlto
8File/uncpath/predictiveMédio
9Fileadmin/config/confmgr.phppredictiveAlto
10Filexxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx.xxpredictiveAlto
11Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
12Filexxxxxxx.xxpredictiveMédio
13Filexxxxx.xxxpredictiveMédio
14Filex:\xxxxxxpredictiveMédio
15Filexxxxxx.xxxpredictiveMédio
16Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictiveAlto
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
18Filexxxxxx.xxxpredictiveMédio
19Filexxxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxpredictiveAlto
20Filexxxxx-xxxxx.xxxpredictiveAlto
21Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveAlto
22Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveAlto
23Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveAlto
24Filexxxx.xpredictiveBaixo
25Filexxxx/xxxxxxxxxxxxxpredictiveAlto
26Filexx/xxxxx_xxx.xpredictiveAlto
27Filexxxx_xxx_xxxxxx_xxxxxxx.xpredictiveAlto
28Filexxxxx.xxxpredictiveMédio
29Filexx/xxxxxxx.xpredictiveMédio
30Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveAlto
31Filexxxxx\xxxxxx_xxxx.xxxpredictiveAlto
32Filexxxxxx_xxxxxx.xxpredictiveAlto
33Filexxxxxxx/xxx-xxxx.xxxpredictiveAlto
34Filexxxxxxxxxxx.xxxpredictiveAlto
35Filexxxxxxxxx/xxxxxxxxxxpredictiveAlto
36Filexxxxx.xpredictiveBaixo
37Filexxxxxx.xxxpredictiveMédio
38Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveAlto
39Filexxxxx/xxxxx.xxpredictiveAlto
40Filexxx-xxx/xxxx/xxxxxxxxxx.xxxpredictiveAlto
41Filexxxxxxx.xxxpredictiveMédio
42Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveAlto
43Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
44Filexx-xxxxxx.xxxpredictiveAlto
45Filexx-xxxx.xxxpredictiveMédio
46Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
47Filexxxxx-xxxxxx.xxxpredictiveAlto
48Filexxxxxxxxxxx.xxxpredictiveAlto
49Libraryxxxxxxxxx/xxxx/xxxxxx/xxxxxx.xxxx.xxx.xxxpredictiveAlto
50Libraryxxxxx.xxxpredictiveMédio
51Argument${xxx}predictiveBaixo
52Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveAlto
53ArgumentxxxxpredictiveBaixo
54ArgumentxxxxxxpredictiveBaixo
55Argumentxxxx_xxpredictiveBaixo
56ArgumentxxxxxxpredictiveBaixo
57ArgumentxxxxxxxxxpredictiveMédio
58ArgumentxxxxxxpredictiveBaixo
59ArgumentxxxxxxxxxxxxpredictiveMédio
60Argumentxxxxxx_xxxxx_xxxpredictiveAlto
61ArgumentxxxxpredictiveBaixo
62ArgumentxxpredictiveBaixo
63ArgumentxxxxxxxxxpredictiveMédio
64ArgumentxxxxxpredictiveBaixo
65ArgumentxxxxxpredictiveBaixo
66ArgumentxxxxxxxxpredictiveMédio
67ArgumentxxxxxxxxpredictiveMédio
68ArgumentxxxxxpredictiveBaixo
69Argumentxxxx_xxpredictiveBaixo
70ArgumentxxxxxxpredictiveBaixo
71ArgumentxxxxxxpredictiveBaixo
72ArgumentxxxxxxxxxxxxxxxpredictiveAlto
73ArgumentxxxxxxpredictiveBaixo
74Argumentxxxxxxxx/xxxxpredictiveAlto
75Input Valuexxxxxx|xxx|xxxxxxxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!