GenInjector Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Idioma

en	28

País

ru	4
us	2

Actores

Nanocore	3
GenInjector	2
LokiBot	1
Emotet	1
QBot	1

Interesse

Tipo

Not Defined	6
Web Browser	6
Router Operating System	4
Virtualization Software	2
Office Suite Software	2

Fabricante

Microsoft	10
Cisco	4
Not Defined	2
HP	2
D-Link	2

Produto

Microsoft Edge	4
Docker Moby	2
HP Support Assistant	2
Microsoft Office	2
Microsoft Windows	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	cgminer/bfgminer Remote Management Interface Excesso de tampão	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00235	0.02	CVE-2018-10058
2	Microsoft Windows LDAP Privilege Escalation	7.5	6.8	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00854	0.03	CVE-2022-30139
3	Cisco Linksys Router tmUnblock.cgi direitos alargados	9.8	9.2	$25k-$100k	$0-$5k	High	Workaround	0.00000	0.00
4	Docker Moby defaults.go DefaultLinuxSpec Data Loss Divulgação de Informação	4.8	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00283	0.00	CVE-2017-16539
5	HP Support Assistant Fraca autenticação	9.8	9.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00956	0.03	CVE-2016-2245
6	Microsoft Edge Javascript Engine Excesso de tampão	5.6	5.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04149	0.00	CVE-2017-8603
7	Microsoft Visual Studio XML Data Divulgação de Informação	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01917	0.00	CVE-2019-1079
8	nodewebkit Download Encriptação fraca	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.00	CVE-2016-10580
9	SAP Crystal Reports ActiveX Control CrystalReports12.CrystalPrintControl.1 Excesso de tampão	10.0	10.0	$25k-$100k	$0-$5k	High	Not Defined	0.90761	0.09	CVE-2010-2590
10	AT&T U-verse IP Passthrough Mode sbdc.ha Divulgação de Informação	7.7	7.5	$0-$5k	$0-$5k	Not Defined	Workaround	0.01409	0.00	CVE-2017-10793
11	NetApp OnCommand Unified Manager Core Package Injecção SQL	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.00	CVE-2017-7236
12	Cisco Webex Meetings Desktop App Update Service direitos alargados	7.0	6.9	$0-$5k	$0-$5k	High	Official Fix	0.31223	0.00	CVE-2018-15442
13	Microsoft Edge Javascript Engine Excesso de tampão	6.0	5.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04149	0.00	CVE-2017-8609
14	Microsoft Windows SMB Server direitos alargados	7.6	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00543	0.00	CVE-2019-0786
15	Microsoft Edge Javascript Engine PreVisitCatch Excesso de tampão	6.0	5.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.92218	0.00	CVE-2017-8656
16	ImageMagick PNG Decoder Negação de Serviço	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01570	0.00	CVE-2014-9849
17	Microsoft Office Graphics Component Excesso de tampão	7.0	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.15926	0.00	CVE-2017-0108
18	Samsung Smart Viewer Web View direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00503	0.02	CVE-2013-3585
19	Microsoft Internet Explorer Scripting Engine DarkHotel Excesso de tampão	7.1	6.8	$25k-$100k	$5k-$25k	High	Official Fix	0.87214	0.03	CVE-2019-1367
20	Omron CX-One CX-Programmer Password Storage Divulgação de Informação	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2015-0988

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	31.31.196.236	scp64.hosting.reg.ru	GenInjector	08/04/2022	verified	Alto
2	37.187.116.23	ns329149.ip-37-187-116.eu	GenInjector	08/04/2022	verified	Alto
3	XX.XXX.XXX.XXX	xxxx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	08/04/2022	verified	Alto
4	XXX.XXX.X.XXX		Xxxxxxxxxxx	08/04/2022	verified	Alto
5	XXX.XX.XXX.XXX	xxx.xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	08/04/2022	verified	Alto
6	XXX.XX.XXX.XXX	xxx.xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	08/04/2022	verified	Alto
7	XXX.XX.XXX.XXX	xxx.xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	08/04/2022	verified	Alto
8	XXX.XX.XXX.XXX	xxx.xxxxxxxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	08/04/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
2	T1068	CWE-264, CWE-269	Execution with Unnecessary Privileges	predictive	Alto
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	CrystalReports12.CrystalPrintControl.1	predictive	Alto
2	File	DevInfo.txt	predictive	Médio
3	File	goto.php	predictive	Médio
4	File	xxx/xxxxxxxx.xx	predictive	Alto
5	File	xxxx.xx	predictive	Baixo
6	File	xxxxxx_xxxxxxx.xxx	predictive	Alto
7	File	xxxxxxxxx.xxx	predictive	Alto
8	Library	xxxx.xxx	predictive	Médio
9	Library	xxxxxxxxxxxx.xxx	predictive	Alto
10	Argument	xxxxxxx	predictive	Baixo
11	Argument	xxxx_xx	predictive	Baixo
12	Argument	xxx	predictive	Baixo
13	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
14	Input Value	xxxxxxx	predictive	Baixo
15	Network Port	xxx/xxxx	predictive	Médio
16	Network Port	xxx/xxxxx	predictive	Médio

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!