GCleaner Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Lang

en	10

Land

ro	10

Skådespelare

GCleaner	1

Intressera

Typ

Not Defined	8
Content Management System	2

Säljare

Sencha	2
tynx	2
Not Defined	2
Joomla	2
SWIFT	2

Produkt

Sencha Ext JS	2
tynx wuersch	2
GnuPG	2
Joomla CMS	2
SWIFT Alliance Web Platform	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	tynx wuersch Store.class.php getByCustomQuery sql injektion	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.29	CVE-2015-10066
2	SWIFT Alliance Web Platform Log privilegier eskalering	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.02	CVE-2018-16386
3	Joomla CMS LDAP Authentication svag autentisering	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00999	0.00	CVE-2014-6632
4	OpenSSL 64-bit Block Cipher SWEET32 informationsgivning	6.5	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00528	0.02	CVE-2016-2183
5	TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack svag kryptering	5.3	4.7	$0-$5k	$0-$5k	Unproven	Workaround	0.00300	0.05	CVE-2015-2808
6	Ron Rivest RC4 Algorithm Pseudo-Random Character Generation svag kryptering	6.2	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00536	0.02	CVE-2013-2566
7	Sencha Ext JS XSS Protection getTip cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.02	CVE-2018-8046
8	GnuPG Secret Key Import privilegier eskalering	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00226	0.00	CVE-2001-0072
9	SAP NetWeaver Portal/WebDynpro Java cross site scripting	5.2	5.2	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00116	0.00	CVE-2018-2365
10	SAP Network Interface Router svag autentisering	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00642	0.00	CVE-2013-7093

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	5.12.253.98	5-12-253-98.residential.rdsnet.ro	GCleaner	22/05/2023	verified	Hög
2	45.12.253.51		GCleaner	01/03/2023	verified	Hög
3	XX.XX.XXX.XX		Xxxxxxxx	01/03/2023	verified	Hög
4	XX.XX.XXX.XX		Xxxxxxxx	01/03/2023	verified	Hög
5	XX.XX.XXX.XX		Xxxxxxxx	01/03/2023	verified	Hög
6	XX.XX.XXX.XX		Xxxxxxxx	01/03/2023	verified	Hög
7	XX.XX.XXX.XX		Xxxxxxxx	30/06/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-114	CWE-287	Unknown Vulnerability	predictive	Hög
2	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
3	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	backend/base/Store.class.php	predictive	Hög
2	File	xxx/xxxxx/xxxxxxxxxxxxxxxx/	predictive	Hög
3	Argument	xxxx_xxxx	predictive	Medium

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Might our Artificial Intelligence support you?

Check our Alexa App!