OldGremlin Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (220)

Lang

en	198
zh	10
fr	6
es	2
de	2

Land

us	90
cn	70
at	12
ru	8
ce	4

Skådespelare

Cobalt Strike	13
NetSupportManager RAT	11
Raccoon	10
SideWinder	8
RecordBreaker	7

Intressera

Typ

Not Defined	84
Content Management System	14
WordPress Plugin	12
Firewall Software	8
Operating System	8

Säljare

Not Defined	78
Microsoft	6
Intel	4
IBM	4
Adobe	4

Produkt

WordPress	8
Cacti	4
IBM Cognos Analytics	4
OpenSSH	4
Microsoft Windows	4

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	CTI	EPSS	CVE
1	Atmail Remote Code Execution	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00251	CVE-2013-5033
2	Arduino LED privilegier eskalering	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00109	CVE-2019-13991
3	Palo Alto PAN-OS GlobalProtect Clientless VPN minneskorruption	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00112	CVE-2021-3056
4	Microsoft IIS IP/Domain Restriction privilegier eskalering	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.07	0.00817	CVE-2014-4078
5	WordPress sql injektion	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00467	CVE-2022-21664
6	VeronaLabs wp-statistics Plugin API Endpoint Blind sql injektion	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00250	CVE-2019-13275
7	Mikrotik RouterOS SNMP informationsgivning	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.08	0.00307	CVE-2022-45315
8	Linksys WRT54GL Web Management Interface SysInfo1.htm informationsgivning	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.10	0.00046	CVE-2024-1406
9	RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00612	CVE-2020-35730
10	Teclib GLPI unlock_tasks.php sql injektion	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.12149	CVE-2019-10232
11	Sophos Firewall User Portal/Webadmin svag autentisering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.97434	CVE-2022-1040
12	nginx privilegier eskalering	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.26	0.00241	CVE-2020-12440
13	CutePHP CuteNews privilegier eskalering	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.02086	CVE-2019-11447
14	WordPress Object privilegier eskalering	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00432	CVE-2022-21663
15	Microsoft Windows Active Directory Domain Services Privilege Escalation	8.8	8.1	$100k och mer	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.07920	CVE-2022-26923
16	QNAP QTS Media Library privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	High	Official Fix	0.03	0.01394	CVE-2017-13067
17	Peplink Balance Cookie admin.cgi sql injektion	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.01457	CVE-2017-8835
18	Cisco Internet of Things Field Network Director Web-based User Interface XML External Entity	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00150	CVE-2019-1698
19	Mycroft AI WebSocket Server privilegier eskalering	7.7	7.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00269	CVE-2018-1000621
20	RealNetworks RealServer Port 7070 Service förnekande av tjänsten	7.5	7.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.03	0.02116	CVE-2000-0272

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	5.181.156.84	no-rdns.mivocloud.com	OldGremlin	02/06/2022	verified	Hög
2	45.61.138.170		OldGremlin	02/06/2022	verified	Hög
3	XX.XXX.XXX.XXX		Xxxxxxxxxx	18/04/2022	verified	Hög
4	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	02/06/2022	verified	Hög
5	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	02/06/2022	verified	Hög
6	XXX.XX.XX.X		Xxxxxxxxxx	18/04/2022	verified	Hög
7	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	18/04/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	Hög
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
3	T1059	CWE-94	Argument Injection	predictive	Hög
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Hög
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	Hög
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Hög
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
13	TXXXX	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	Hög
14	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Hög
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Hög
16	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
17	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
18	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/api/RecordingList/DownloadRecord?file=	predictive	Hög
2	File	/apply.cgi	predictive	Medium
3	File	/php/ping.php	predictive	Hög
4	File	/rapi/read_url	predictive	Hög
5	File	/scripts/unlock_tasks.php	predictive	Hög
6	File	/SysInfo1.htm	predictive	Hög
7	File	/sysinfo_json.cgi	predictive	Hög
8	File	/system/user/modules/mod_users/controller.php	predictive	Hög
9	File	/uncpath/	predictive	Medium
10	File	/wp-admin/admin-post.php?es_skip=1&option_name	predictive	Hög
11	File	AppCompatCache.exe	predictive	Hög
12	File	xxxxxxx/xxxx.xxx	predictive	Hög
13	File	xxxxxxxx.xxx	predictive	Medium
14	File	xxx-xxx/xxxxxxx.xx	predictive	Hög
15	File	xxx-xxx/xxxxx/xxxxx.xxx	predictive	Hög
16	File	xxxxxx/xxx.x	predictive	Medium
17	File	xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx	predictive	Hög
18	File	xxxxxxxxx.xxx.xxx	predictive	Hög
19	File	xxxxx/xxxxx.xxx	predictive	Hög
20	File	xxxx_xxxxx.xxx	predictive	Hög
21	File	xxxxx.xxx	predictive	Medium
22	File	xxxxxx.xxx	predictive	Medium
23	File	xxxxxxx/xxxx-xxxxx-xxxxxx.xxx	predictive	Hög
24	File	xxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=x	predictive	Hög
25	File	xx/xx-xx.x	predictive	Medium
26	File	xxx/xxxx_xxxx.x	predictive	Hög
27	File	xxxxxx/xxxxxxxxxxx	predictive	Hög
28	File	xxxx_xxxxxx.x	predictive	Hög
29	File	xxxx/xxxxxxx.x	predictive	Hög
30	File	xxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxx	predictive	Hög
31	File	xxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxx	predictive	Hög
32	File	xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx	predictive	Hög
33	File	xxxxxxxxxx.xxx	predictive	Hög
34	File	xxxxxxx_xxxxxxx/xxxx.xxx	predictive	Hög
35	File	xxxxx.xxx	predictive	Medium
36	File	xxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx	predictive	Hög
37	File	xxx/xxx.xxx	predictive	Medium
38	File	xxxxxx.x	predictive	Medium
39	File	xxxx.xxx	predictive	Medium
40	File	xxxxx.xxx	predictive	Medium
41	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	Hög
42	File	xxxxx_xxxxxx_xxxxxxxx.xxx	predictive	Hög
43	File	xxxxxxxx.xxx	predictive	Medium
44	File	xxxxxxx/xxxxxxxxxx	predictive	Hög
45	File	xxxxxxx-xxxxxxxxxx/xxx/xxxxx.xxx	predictive	Hög
46	File	xxxx.xxx	predictive	Medium
47	File	xxxxx/xxxxx.xxx	predictive	Hög
48	File	xxxxxxxx.xxx	predictive	Medium
49	File	xxxxxxxxx.xxx	predictive	Hög
50	File	xxxx.xxx	predictive	Medium
51	File	xxxxxxxxxx	predictive	Medium
52	File	xxxxxxx/xxxxx.xxx	predictive	Hög
53	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	Hög
54	Argument	xxxxxx	predictive	Låg
55	Argument	xxxxxxx_xxxx	predictive	Medium
56	Argument	xxxxxx_xxxx	predictive	Medium
57	Argument	xxxxx	predictive	Låg
58	Argument	xxx	predictive	Låg
59	Argument	xxxxxxxx	predictive	Medium
60	Argument	xxxxxx	predictive	Låg
61	Argument	xxxxxxxxxxxxxxxxx	predictive	Hög
62	Argument	xxxxx	predictive	Låg
63	Argument	xxxxxxxxxxx/xxxxxxxx/xxx/xxxxx	predictive	Hög
64	Argument	xxxxxx_xx	predictive	Medium
65	Argument	xxxxx	predictive	Låg
66	Argument	xxxxxx	predictive	Låg
67	Argument	xxxxxxxxxxxx	predictive	Medium
68	Argument	xxxxxx	predictive	Låg
69	Argument	xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xx_xxxx [xx][x]/xxxxx	predictive	Hög
70	Argument	xxxx	predictive	Låg
71	Argument	xxxx	predictive	Låg
72	Argument	xx	predictive	Låg
73	Argument	xxxxxxxxx	predictive	Medium
74	Argument	xxxxxxxx[xx]	predictive	Medium
75	Argument	xxxxxxx	predictive	Låg
76	Argument	xxx_xxxx	predictive	Medium
77	Argument	xxxxx_xx	predictive	Medium
78	Argument	xxxxxxxx	predictive	Medium
79	Argument	x_x_x	predictive	Låg
80	Argument	xxxxxxx/xxxxx	predictive	Hög
81	Argument	xxxxxx_xxx	predictive	Medium
82	Argument	xxxxxx	predictive	Låg
83	Argument	xxxx_xx	predictive	Låg
84	Argument	xxxxxxxx_xxxxxxxx	predictive	Hög
85	Argument	xxxxxxxxxxxxxxxxxxxxx	predictive	Hög
86	Argument	xxxx_xx	predictive	Låg
87	Argument	xxx	predictive	Låg
88	Argument	xxxx	predictive	Låg
89	Argument	xxxxxxxx	predictive	Medium
90	Argument	xxxx/xx/xxxx/xxx	predictive	Hög
91	Argument	xxxxxxxx	predictive	Medium
92	Input Value	.%xx.../.%xx.../	predictive	Hög
93	Input Value	../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxx	predictive	Hög
94	Input Value	xxxxxxx -xxx	predictive	Medium
95	Input Value	xxxxxxxxxx	predictive	Medium
96	Network Port	xxxx	predictive	Låg
97	Network Port	xxxx	predictive	Låg
98	Network Port	xxxx xxxx	predictive	Medium
99	Network Port	xxx/xxx	predictive	Låg
100	Network Port	xxx/xxxx	predictive	Medium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!