Groundbait Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (43)

Lang

en	30
de	12
ja	2

Land

us	20
co	2

Skådespelare

Groundbait	6

Intressera

Typ

Web Browser	10
Packet Analyzer Software	8
Not Defined	8
Cloud Software	4
Database Software	2

Säljare

Google	10
Not Defined	10
Oracle	6
Cisco	2
marc-q	2

Produkt

Google Chrome	8
tcpdump	8
Oracle Communications Cloud Native Core Network Fu ...	4
Oracle MySQL Server	2
Cisco IOS XR	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Creme CRM Salesman Creation Page Stored cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.03	CVE-2018-14396
2	tcpdump AH Parser print-ah.c ah_print minneskorruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7922
3	tcpdump GeoNetworking Parser print-geonet.c minneskorruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7986
4	tcpdump PPP Parser print-ppp.c ppp_hdlc_if_print minneskorruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7933
5	tcpdump ISAKMP Parser print-isakmp.c ikev2_e_print minneskorruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.37758	0.00	CVE-2017-5205
6	tcpdump GRE Parser print-gre.c minneskorruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.00	CVE-2016-7939
7	tcpdump RTCP Parser print-udp.c rtcp_print minneskorruption	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02126	0.03	CVE-2016-7934
8	Online Pet Shop We App sql injektion	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00072	0.00	CVE-2022-41377
9	Moodle Administration Page sql injektion	7.2	7.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00157	0.00	CVE-2022-40315
10	SquirrelMail informationsgivning	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.00
11	Oracle Communications Cloud Native Core Policy privilegier eskalering	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.97537	0.00	CVE-2022-22963
12	Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP förnekande av tjänsten	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00218	0.00	CVE-2020-36518
13	Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE kataloggenomgång	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00255	0.00	CVE-2019-20916
14	Oracle Communications Cloud Native Core Network Function Cloud Native Environment CNE minneskorruption	9.8	9.6	$100k och mer	$25k-$100k	Not Defined	Official Fix	0.00913	0.00	CVE-2022-23219
15	Google Chrome Extensions API Privilege Escalation	5.5	5.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00131	0.00	CVE-2022-2164
16	Dell Command Update/Alienware Update Advanced Driver Restore privilegier eskalering	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-24426
17	Microsoft Internet Explorer mshtmled.dll privilegier eskalering	6.3	6.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.96262	0.00	CVE-2010-3329
18	AShop Deluxe salesadmin.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
19	Cisco IOS XR CLI Permission privilegier eskalering	7.4	7.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2017-6728
20	Oracle MySQL Server DML privilegier eskalering	6.5	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00141	0.00	CVE-2017-3634

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	23.22.38.222	ec2-23-22-38-222.compute-1.amazonaws.com	Groundbait	23/12/2020	verified	Medium
2	23.22.221.237	ec2-23-22-221-237.compute-1.amazonaws.com	Groundbait	23/12/2020	verified	Medium
3	XX.XX.XXX.X	xxx-xx-xx-xxx-x.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	23/12/2020	verified	Medium
4	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	23/12/2020	verified	Medium
5	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	23/12/2020	verified	Medium
6	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxxxxxxxx	31/05/2021	verified	Medium
7	XX.XXX.XXX.XX	xx.xx.xx	Xxxxxxxxxx	23/12/2020	verified	Hög
8	XX.XXX.XXX.XX	xx.xx.xx	Xxxxxxxxxx	23/12/2020	verified	Hög
9	XX.XXX.XXX.XX		Xxxxxxxxxx	23/12/2020	verified	Hög
10	XXX.XX.XX.XX	xxxxxx.xxxxxxx-xxxx.xxx	Xxxxxxxxxx	23/12/2020	verified	Hög

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-189, CWE-190, CWE-404, CWE-416, CWE-476, CWE-502, CWE-704	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-38	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Hög
10	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/pet_shop/admin/?page=maintenance/manage_category	predictive	Hög
2	File	admin/salesadmin.php	predictive	Hög
3	File	drivers/gpu/drm/udl/udl_fb.c	predictive	Hög
4	File	xxxxxx.x	predictive	Medium
5	File	xxxxx-xx.x	predictive	Medium
6	File	xxxxx-xxxxxx.x	predictive	Hög
7	File	xxxxx-xxx.x	predictive	Medium
8	File	xxxxx-xxxxxx.x	predictive	Hög
9	File	xxxxx-xxx.x	predictive	Medium
10	File	xxxxx-xxx.x	predictive	Medium
11	File	xxxxxx.x	predictive	Medium
12	File	xxx/xxxx.x	predictive	Medium
13	Library	xxxxxxxx.xxx	predictive	Medium
14	Argument	xxxxxxxxx/xxxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxxxxx/xxxxxxx_xxxxxxx-xxxx/xxxxxxx_xxxxxxx-xxxxxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxxxxx/xxxxxxxx_xxxxxxx-xxxx/xxxxxxxx_xxxxxxx-xxxxxxxxxx	predictive	Hög
15	Argument	xx	predictive	Låg
16	Argument	xxxxxxx/xxxxxxxxxxxxx	predictive	Hög
17	Argument	xxxxxxxxxx	predictive	Medium
18	Argument	xxxxxxxxxx	predictive	Medium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you know our Splunk app?

Download it now for free!