Grayling Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (100)

Tidslinje

Lang

en92
it4
de2
ru2

Land

us90
gb2
ru2
cn2
cf2

Skådespelare

Grayling3
Cobalt Strike2
PlugX1
Sliver1
TrickBot1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined8
Content Management System6
Mail Server Software2
Operating System2
Forum Software2

Säljare

Not Defined8
DZCP2
WordPress2
Woltlab2
Alt-N2

Produkt

DZCP deV!L`z Clanportal2
WordPress AdServe2
Woltlab Burning Board2
Alt-N MDaemon2
Linux Kernel2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.34CVE-2010-0966
3MGB OpenSource Guestbook email.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.013021.68CVE-2007-0354
4PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002540.05CVE-2015-4135
5Google Android Qualcomm minneskorruption9.89.6$100k och mer$5k-$25kNot DefinedOfficial Fix0.003210.02CVE-2016-5344
6Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.011920.02CVE-2023-21529
7Apple macOS privilegier eskalering8.07.9$5k-$25k$0-$5kHighOfficial Fix0.001610.04CVE-2023-41993
8Google Android StorageManagerService.java informationsgivning4.44.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-20219
9Spring Framework Incomplete Fix CVE-2018-1270 privilegier eskalering8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.375250.03CVE-2018-1275
10Alt-N MDaemon Worldclient privilegier eskalering4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
11Fortinet FortiGate HTTP Header okänd sårbarhet6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2020-15938
12D-Link DIR-655 C apply_sec.cgi Blank privilegier eskalering8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014220.00CVE-2019-13560
13DrayTek Vigor2960/Vigor3900/Vigor300B mainfunction.cgi privilegier eskalering9.89.8$25k-$100k$25k-$100kHighNot Defined0.970790.04CVE-2020-8515
14Woltlab Burning Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.009570.00CVE-2007-1443
15Wheatblog add_comment.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2006-7002
16TeamCal register.php kataloggenomgång3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
17Public Warehouse Light Blog add_comment.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.010620.00CVE-2007-3131
18Drupal comment_form_add_preview privilegier eskalering10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.033910.00CVE-2007-0626
19Mail Masta Plugin campaign_save.php sql injektion6.76.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.003160.03CVE-2017-6098
20MantisBT Gravatar Plugin Content Security Policy cross site scripting4.54.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001730.00CVE-2016-7111

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
13.0.93.185ec2-3-0-93-185.ap-southeast-1.compute.amazonaws.comGrayling29/10/2023verifiedMedium
2XX.XXX.XXX.XXXxxxxxxx29/10/2023verifiedHög
3XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxx29/10/2023verifiedHög

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-189, CWE-190, CWE-754Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
4TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-0CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
11TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
12TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/inc/campaign_save.phppredictiveHög
2Fileadclick.phppredictiveMedium
3Fileadd_comment.phppredictiveHög
4Fileapply_sec.cgipredictiveHög
5Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHög
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
7Filexxxxx.xxxpredictiveMedium
8Filexxxx.xxxpredictiveMedium
9Filexxx/xxxxxx.xxxpredictiveHög
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
12Argumentxxx::xxxxxxx::xxxxxx/xxx::xxxxxxx::xxxxxxxxxxpredictiveHög
13ArgumentxxxxxxxxpredictiveMedium
14Argumentxxxxxxx=xxxxxxxxpredictiveHög
15ArgumentxxpredictiveLåg
16ArgumentxxxxpredictiveLåg
17Argumentxxxx_xxpredictiveLåg
18Argumentxxxxx_xxxxxxpredictiveMedium
19ArgumentxxxpredictiveLåg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Might our Artificial Intelligence support you?

Check our Alexa App!