Grandoreiro Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (320)

Lang

en	270
pl	24
es	10
ru	4
it	4

Land

us	66
ru	10
es	6
pt	4
cn	2

Skådespelare

Grandoreiro	10
Wocao	1
APT34	1
BianLian	1
Responder	1

Intressera

Typ

Not Defined	38
Web Server	14
Programming Language Software	4
Content Management System	2
Forum Software	2

Säljare

Not Defined	26
Apache	12
Cisco	8
Adobe	6
Webtoffee	2

Produkt

Apache HTTP Server	10
Cisco SD-WAN vManage	6
Adobe Media Encoder	4
PHP	4
ActionApps	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	CTI	EPSS	CVE
1	SOCKS 5 Proxy Config privilegier eskalering	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Workaround	0.00	0.00000
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	DZCP deV!L`z Clanportal config.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	1.00	0.00954	CVE-2010-0966
4	nginx privilegier eskalering	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.35	0.00241	CVE-2020-12440
5	Netscape Communicator JPEG Comment minneskorruption	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.01345	CVE-2000-0655
6	DZCP deV!L`z Clanportal browser.php informationsgivning	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.57	0.02733	CVE-2007-1167
7	phpMyAdmin privilegier eskalering	7.9	7.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00180	CVE-2016-6621
8	PHP Cookie privilegier eskalering	5.0	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00130	CVE-2022-31629
9	PHP PHP-FPM förnekande av tjänsten	5.9	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00584	CVE-2015-9253
10	Campcodes Beauty Salon Management System admin-profile.php sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00064	CVE-2023-3874
11	PHP GD Extension imageloadfont minneskorruption	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00064	CVE-2022-31630
12	OrangeScrum AWS Credential cross site scripting	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2023-1783
13	ARCHIBUS Web Central login.axvw privilegier eskalering	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00115	CVE-2021-41553
14	Apache HTTP Server mod_auth_digest minneskorruption	5.6	5.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03	0.00220	CVE-2020-35452
15	Oracle HTTP Server OSSL Module privilegier eskalering	9.0	8.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.97372	CVE-2021-40438
16	Apache HTTP Server mod_proxy privilegier eskalering	7.3	7.3	$25k-$100k	$25k-$100k	Not Defined	Not Defined	0.00	0.97372	CVE-2021-40438
17	Apache HTTP Server MPM Event Worker privilegier eskalering	6.5	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.97329	CVE-2019-0211
18	Apache HTTP Server mod_proxy_uwsgi minneskorruption	8.5	8.5	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.03	0.01526	CVE-2020-11984
19	Apache HTTP Server ap_escape_quotes minneskorruption	5.6	5.6	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.04	0.00443	CVE-2021-39275
20	XMB Forum member.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00234	CVE-2003-0375

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	3.144.135.247	ec2-3-144-135-247.us-east-2.compute.amazonaws.com	Grandoreiro	01/02/2024	verified	Medium
2	4.229.235.160		Grandoreiro	02/02/2024	verified	Hög
3	15.188.63.127	ec2-15-188-63-127.eu-west-3.compute.amazonaws.com	Grandoreiro	23/08/2022	verified	Medium
4	15.228.57.146	ec2-15-228-57-146.sa-east-1.compute.amazonaws.com	Grandoreiro	19/06/2023	verified	Medium
5	15.228.233.242	ec2-15-228-233-242.sa-east-1.compute.amazonaws.com	Grandoreiro	19/06/2023	verified	Medium
6	15.229.47.198	ec2-15-229-47-198.sa-east-1.compute.amazonaws.com	Grandoreiro	19/06/2023	verified	Medium
7	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Medium
8	XX.XXX.XX.XX	xxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	04/11/2023	verified	Medium
9	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	19/06/2023	verified	Medium
10	XX.XXX.XXX.XX		Xxxxxxxxxxx	01/02/2024	verified	Hög
11	XX.XXX.XX.XXX		Xxxxxxxxxxx	01/02/2024	verified	Hög
12	XX.XXX.XXX.XXX		Xxxxxxxxxxx	01/02/2024	verified	Hög
13	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Medium
14	XX.XXX.XX.XXX	xxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Medium
15	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	02/02/2024	verified	Hög
16	XX.XX.XXX.XX	xxx-xxxxxxxx.xxx.xxx.xxx	Xxxxxxxxxxx	29/01/2023	verified	Hög
17	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Medium
18	XX.XXX.XXX.XXX		Xxxxxxxxxxx	01/02/2024	verified	Hög
19	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Medium
20	XX.XXX.XX.XX	xxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Medium
21	XX.XX.XXX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxxxxxx	01/02/2024	verified	Hög
22	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Hög
23	XX.XXX.XX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxxxxxx	01/02/2024	verified	Hög
24	XXX.XXX.X.XXX	xxxxxxxx.xxxxxxxxxxx.xxx.xx	Xxxxxxxxxxx	01/02/2024	verified	Hög
25	XXX.XXX.XXX.XXX	xxxxx.xx-xxx-xxx-xxx.xxx	Xxxxxxxxxxx	23/08/2022	verified	Hög
26	XXX.XXX.XXX.XXX	xxxxx.xx-xxx-xxx-xxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Hög
27	XXX.XX.XXX.XXX	xx.xxxxxxx.xxxx	Xxxxxxxxxxx	16/04/2021	verified	Hög
28	XXX.XXX.XXX.XXX		Xxxxxxxxxxx	22/11/2022	verified	Hög
29	XXX.XXX.XX.XX	xxx-xxx-xx-xx.xxxxxxxxxxx.xxx	Xxxxxxxxxxx	01/02/2024	verified	Hög
30	XXX.XX.X.XXX	xxxxx.xx-xxx-xx-x.xxx	Xxxxxxxxxxx	22/11/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	T1055	CWE-74	Injection	predictive	Hög
3	T1059	CWE-94	Argument Injection	predictive	Hög
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (52)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/admin/admin-profile.php	predictive	Hög
2	File	/archibus/login.axvw	predictive	Hög
3	File	/cgi-bin/wapopen	predictive	Hög
4	File	/download	predictive	Medium
5	File	/forum/away.php	predictive	Hög
6	File	/mgmt/tm/util/bash	predictive	Hög
7	File	/SASWebReportStudio/logonAndRender.do	predictive	Hög
8	File	/xxxxxxx/	predictive	Medium
9	File	xxxxxxx/xxxxx.xxx	predictive	Hög
10	File	xxxxx/xxx/xxxxxxx/xxx/xxxx.xxx	predictive	Hög
11	File	xxxxxxxxxx_xxxxx.xxx	predictive	Hög
12	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
13	File	xxxxxxxxx_xxxxxxx.xxx	predictive	Hög
14	File	xxxxxxxx.xxx	predictive	Medium
15	File	xxxx_xxxx.x	predictive	Medium
16	File	xxx/xxxxxx.xxx	predictive	Hög
17	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Hög
18	File	xxxxx.xxx	predictive	Medium
19	File	xxxx.xxxx	predictive	Medium
20	File	xxxxxx.xxx	predictive	Medium
21	File	xxxxxxx.xxx	predictive	Medium
22	File	xxxx_xxxxxx.xxx	predictive	Hög
23	File	xxxxxxx.xxx	predictive	Medium
24	File	xxxx.xxx	predictive	Medium
25	File	xxxxxxx.xxx	predictive	Medium
26	File	xxxxx/xxxxxxx.x	predictive	Hög
27	File	xx-xxxxx/xxxx-xxx.xxx	predictive	Hög
28	File	xxxx.xx	predictive	Låg
29	Argument	xxxxxxxxxxx	predictive	Medium
30	Argument	xxxxxxxxx	predictive	Medium
31	Argument	xxxxx_xxxxx_xxx	predictive	Hög
32	Argument	xxxxxxx_xx	predictive	Medium
33	Argument	xxxxxxxx	predictive	Medium
34	Argument	xxxxxx	predictive	Låg
35	Argument	xxx_xxxx	predictive	Medium
36	Argument	xxxx	predictive	Låg
37	Argument	xxxxxxxxxx	predictive	Medium
38	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	Hög
39	Argument	xx	predictive	Låg
40	Argument	xxxxxxxxxxxxxx	predictive	Hög
41	Argument	xxxxxxxx_xxx	predictive	Medium
42	Argument	xxxxxx	predictive	Låg
43	Argument	xx_xxx[xxxx_xxxxxx_xxx]	predictive	Hög
44	Argument	xxx	predictive	Låg
45	Argument	xxxx_xxxx	predictive	Medium
46	Argument	xxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxx	predictive	Hög
47	Argument	xxxxxx	predictive	Låg
48	Argument	xxxxxxxx	predictive	Medium
49	Argument	\xxx\	predictive	Låg
50	Input Value	../..	predictive	Låg
51	Input Value	xxxxx	predictive	Låg
52	Network Port	xxx/xxxxx	predictive	Medium

Referenser (9)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!