OldGremlin Анализ

IOB - Indicator of Behavior (219)

Временная шкала

Язык

en200
ru6
zh6
fr4
ar2

Страна

us98
cn60
at8
ru6
ce4

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

Microsoft Windows8
WordPress4
QNAP QTS4
Microsoft Exchange Server4
Kayako SupportSuite4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00251CVE-2013-5033
2Arduino LED эскалация привилегий5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00109CVE-2019-13991
3Palo Alto PAN-OS GlobalProtect Clientless VPN повреждение памяти8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00112CVE-2021-3056
4Microsoft IIS IP/Domain Restriction эскалация привилегий6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.110.00817CVE-2014-4078
5WordPress sql-инъекция6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00467CVE-2022-21664
6VeronaLabs wp-statistics Plugin API Endpoint Blind sql-инъекция8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
7Linksys WRT54GL Web Management Interface SysInfo1.htm раскрытие информации4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00046CVE-2024-1406
8RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex межсайтовый скриптинг3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00612CVE-2020-35730
9Teclib GLPI unlock_tasks.php sql-инъекция8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.12149CVE-2019-10232
10Sophos Firewall User Portal/Webadmin слабая аутентификация8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97434CVE-2022-1040
11nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.110.00241CVE-2020-12440
12CutePHP CuteNews эскалация привилегий7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02365CVE-2019-11447
13WordPress Object эскалация привилегий5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00334CVE-2022-21663
14Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k и многое другое$0-$5kProof-of-ConceptOfficial Fix0.000.07920CVE-2022-26923
15QNAP QTS Media Library эскалация привилегий8.58.2$0-$5k$0-$5kHighOfficial Fix0.000.01394CVE-2017-13067
16Peplink Balance Cookie admin.cgi sql-инъекция8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01457CVE-2017-8835
17Cisco Internet of Things Field Network Director Web-based User Interface XML External Entity5.45.3$5k-$25kРасчетNot DefinedOfficial Fix0.000.00150CVE-2019-1698
18Mycroft AI WebSocket Server эскалация привилегий7.77.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00269CVE-2018-1000621
19RealNetworks RealServer Port 7070 Service отказ в обслуживании7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.030.02116CVE-2000-0272
20Microsoft Windows Themes раскрытие информации5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00073CVE-2024-21320

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
15.181.156.84no-rdns.mivocloud.comOldGremlin02.06.2022verifiedВысокий
245.61.138.170OldGremlin02.06.2022verifiedВысокий
3XX.XXX.XXX.XXXXxxxxxxxxx18.04.2022verifiedВысокий
4XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02.06.2022verifiedВысокий
5XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02.06.2022verifiedВысокий
6XXX.XX.XX.XXxxxxxxxxx18.04.2022verifiedВысокий
7XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx18.04.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CWE-94Argument InjectionpredictiveВысокий
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveВысокий
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
13TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveВысокий
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveВысокий
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
17TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/api/RecordingList/DownloadRecord?file=predictiveВысокий
2File/apply.cgipredictiveСредний
3File/php/ping.phppredictiveВысокий
4File/rapi/read_urlpredictiveВысокий
5File/scripts/unlock_tasks.phppredictiveВысокий
6File/SysInfo1.htmpredictiveВысокий
7File/sysinfo_json.cgipredictiveВысокий
8File/system/user/modules/mod_users/controller.phppredictiveВысокий
9File/uncpath/predictiveСредний
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveВысокий
11FileAppCompatCache.exepredictiveВысокий
12Filexxxxxxx/xxxx.xxxpredictiveВысокий
13Filexxxxxxxx.xxxpredictiveСредний
14Filexxx-xxx/xxxxxxx.xxpredictiveВысокий
15Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveВысокий
16Filexxxxxx/xxx.xpredictiveСредний
17Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
18Filexxxxxxxxx.xxx.xxxpredictiveВысокий
19Filexxxxx/xxxxx.xxxpredictiveВысокий
20Filexxxx_xxxxx.xxxpredictiveВысокий
21Filexxxxx.xxxpredictiveСредний
22Filexxxxxx.xxxpredictiveСредний
23Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveВысокий
24Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveВысокий
25Filexx/xx-xx.xpredictiveСредний
26Filexxx/xxxx_xxxx.xpredictiveВысокий
27Filexxxxxx/xxxxxxxxxxxpredictiveВысокий
28Filexxxx_xxxxxx.xpredictiveВысокий
29Filexxxx/xxxxxxx.xpredictiveВысокий
30Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveВысокий
31Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveВысокий
32Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveВысокий
33Filexxxxxxxxxx.xxxpredictiveВысокий
34Filexxxxxxx_xxxxxxx/xxxx.xxxpredictiveВысокий
35Filexxxxx.xxxpredictiveСредний
36Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
37Filexxx/xxx.xxxpredictiveСредний
38Filexxxxxx.xpredictiveСредний
39Filexxxx.xxxpredictiveСредний
40Filexxxxx.xxxpredictiveСредний
41Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveВысокий
42Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveВысокий
43Filexxxxxxxx.xxxpredictiveСредний
44Filexxxxxxx/xxxxxxxxxxpredictiveВысокий
45Filexxxxxxx-xxxxxxxxxx/xxx/xxxxx.xxxpredictiveВысокий
46Filexxxx.xxxpredictiveСредний
47Filexxxxx/xxxxx.xxxpredictiveВысокий
48Filexxxxxxxx.xxxpredictiveСредний
49Filexxxxxxxxx.xxxpredictiveВысокий
50Filexxxx.xxxpredictiveСредний
51FilexxxxxxxxxxpredictiveСредний
52Filexxxxxxx/xxxxx.xxxpredictiveВысокий
53Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveВысокий
54ArgumentxxxxxxpredictiveНизкий
55Argumentxxxxxxx_xxxxpredictiveСредний
56Argumentxxxxxx_xxxxpredictiveСредний
57ArgumentxxxxxpredictiveНизкий
58ArgumentxxxpredictiveНизкий
59ArgumentxxxxxxxxpredictiveСредний
60ArgumentxxxxxxpredictiveНизкий
61ArgumentxxxxxxxxxxxxxxxxxpredictiveВысокий
62ArgumentxxxxxpredictiveНизкий
63Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveВысокий
64Argumentxxxxxx_xxpredictiveСредний
65ArgumentxxxxxpredictiveНизкий
66ArgumentxxxxxxpredictiveНизкий
67ArgumentxxxxxxxxxxxxpredictiveСредний
68ArgumentxxxxxxpredictiveНизкий
69Argumentxx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxxpredictiveВысокий
70ArgumentxxxxpredictiveНизкий
71ArgumentxxxxpredictiveНизкий
72ArgumentxxpredictiveНизкий
73ArgumentxxxxxxxxxpredictiveСредний
74Argumentxxxxxxxx[xx]predictiveСредний
75ArgumentxxxxxxxpredictiveНизкий
76Argumentxxx_xxxxpredictiveСредний
77Argumentxxxxx_xxpredictiveСредний
78ArgumentxxxxxxxxpredictiveСредний
79Argumentx_x_xpredictiveНизкий
80Argumentxxxxxxx/xxxxxpredictiveВысокий
81Argumentxxxxxx_xxxpredictiveСредний
82ArgumentxxxxxxpredictiveНизкий
83Argumentxxxx_xxpredictiveНизкий
84Argumentxxxxxxxx_xxxxxxxxpredictiveВысокий
85ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveВысокий
86Argumentxxxx_xxpredictiveНизкий
87ArgumentxxxpredictiveНизкий
88ArgumentxxxxpredictiveНизкий
89ArgumentxxxxxxxxpredictiveСредний
90Argumentxxxx/xx/xxxx/xxxpredictiveВысокий
91ArgumentxxxxxxxxpredictiveСредний
92Input Value.%xx.../.%xx.../predictiveВысокий
93Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveВысокий
94Input Valuexxxxxxx -xxxpredictiveСредний
95Input ValuexxxxxxxxxxpredictiveСредний
96Network PortxxxxpredictiveНизкий
97Network PortxxxxpredictiveНизкий
98Network Portxxxx xxxxpredictiveСредний
99Network Portxxx/xxxpredictiveНизкий
100Network Portxxx/xxxxpredictiveСредний

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!