GandCrab v5 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Временная шкала

Язык

en24

Страна

Акторы

Baldr1
Nemty1
Sload1
GandCrab v51
CoinMiner1

Деятельность

Интерес

Временная шкала

Тип

Forum Software22
Not Defined2

Поставщик

Not Defined20
Jelsoft2
vBulletin2

Продукт

phpBB12
vBulletin4
Jelsoft vBulletin2
Tapatalk Plugin2
vBulletin Vbulletin Forum2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1vBulletin decodeArguments эскалация привилегий7.37.3$0-$5k$0-$5kHighNot Defined0.742370.00CVE-2015-7808
2vBulletin межсайтовый скриптинг4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.011460.00CVE-2004-1824
3Tapatalk Plugin XMLRPC API unsubscribe_forum.php sql-инъекция8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002420.00CVE-2014-2023
4phpBB Perl ucp_pm_options.php message_options неизвестная уязвимость6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003350.02CVE-2015-1432
5vBulletin sql-инъекция7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002140.00CVE-2014-5102
6PunBB межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001990.00CVE-2010-0455
7vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200
8vBulletin Vbulletin Forum Remote Code Execution9.88.5$0-$5k$0-$5kUnprovenOfficial Fix0.006200.00CVE-2012-4328
9phpBB install.php эскалация привилегий5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006420.00CVE-2002-1707
10PunBB register.php sql-инъекция7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005430.00CVE-2005-0569
11vBulletin moderation.php sql-инъекция7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.00CVE-2016-6195
12vBulletin XMLRPC API breadcrumbs_create.php sql-инъекция6.36.3$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2014-2022
13vBulletin visitormessage.php эскалация привилегий7.57.4$0-$5k$0-$5kHighUnavailable0.031040.02CVE-2014-9463
14PunBB Password Reset moderate.php эскалация привилегий4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.022830.00CVE-2008-1484
15phpBB modcp.php раскрытие информации7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.003920.00CVE-2008-7143
16PunBB profile.php sql-инъекция7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2005-2193
17phpBB links.php sql-инъекция7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002210.00CVE-2007-4653
18phpBB Remote Avatar эскалация привилегий7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001880.02CVE-2017-1000419
19phpBB раскрытие информации9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002690.00CVE-2008-1766
20phpBB startup.php межсайтовый скриптинг4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
192.63.197.48GandCrab v513.10.2018verifiedВысокий

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveВысокий
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1Fileajax/api/hook/decodeArgumentspredictiveВысокий
2Filebreadcrumbs_create.phppredictiveВысокий
3Fileforumrunner/includes/moderation.phppredictiveВысокий
4Fileincludes/startup.phppredictiveВысокий
5Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveВысокий
6Filexxxxxxx.xxxpredictiveСредний
7Filexxxxx.xxxpredictiveСредний
8Filexxxxx.xxxpredictiveСредний
9Filexxxxxxxx.xxxpredictiveСредний
10Filexxxxxxx.xxxpredictiveСредний
11Filexxxxxxxxxx.xxxpredictiveВысокий
12Filexxxxxxxx.xxxpredictiveСредний
13Filexxxxxxxxxxx_xxxxx.xxxpredictiveВысокий
14Filexxxxxxxxxxxxxx.xxxpredictiveВысокий
15ArgumentxxxxxxxxxpredictiveСредний
16ArgumentxxxxxxxxxpredictiveСредний
17Argumentxxx_xxxxpredictiveСредний
18Argumentxxxxx_xxxx_xxxpredictiveВысокий
19ArgumentxxxpredictiveНизкий
20ArgumentxxxxxxxpredictiveНизкий
21ArgumentxxxxpredictiveНизкий
22ArgumentxxxxxxxxxxxxxxxxpredictiveВысокий
23ArgumentxxxxxpredictiveНизкий
24ArgumentxxxxxxpredictiveНизкий
25ArgumentxxxpredictiveНизкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!