GandCrab v5 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

时间轴

语言

en24

国家/地区

演员

Baldr1
Nemty1
Sload1
GandCrab v51
CoinMiner1

活动

利益

时间轴

类型

Forum Software22
Not Defined2

供应商

Not Defined22
Jelsoft2

产品

phpBB8
vBulletin8
PunBB4
Jelsoft vBulletin2
Tapatalk Plugin2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1vBulletin decodeArguments 权限升级7.37.3$0-$5k$0-$5kHighNot Defined0.742370.00CVE-2015-7808
2vBulletin 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.011460.00CVE-2004-1824
3Tapatalk Plugin XMLRPC API unsubscribe_forum.php SQL注入8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002420.00CVE-2014-2023
4phpBB Perl ucp_pm_options.php message_options 跨网站请求伪造6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003350.02CVE-2015-1432
5vBulletin SQL注入7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002140.00CVE-2014-5102
6PunBB 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001990.00CVE-2010-0455
7vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.07CVE-2018-6200
8vBulletin Vbulletin Forum Remote Code Execution9.88.5$0-$5k$0-$5kUnprovenOfficial Fix0.006200.00CVE-2012-4328
9phpBB install.php 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006420.03CVE-2002-1707
10PunBB register.php SQL注入7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005430.00CVE-2005-0569
11vBulletin moderation.php SQL注入7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.01CVE-2016-6195
12vBulletin XMLRPC API breadcrumbs_create.php SQL注入6.36.3$0-$5k$0-$5kHighUnavailable0.001020.02CVE-2014-2022
13vBulletin visitormessage.php 权限升级7.57.4$0-$5k$0-$5kHighUnavailable0.031040.02CVE-2014-9463
14PunBB Password Reset moderate.php 权限升级4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.022830.00CVE-2008-1484
15phpBB modcp.php 信息公开7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.003920.00CVE-2008-7143
16PunBB profile.php SQL注入7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2005-2193
17phpBB links.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002210.00CVE-2007-4653
18phpBB Remote Avatar 权限升级7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001670.02CVE-2017-1000419
19phpBB 信息公开9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002690.00CVE-2008-1766
20phpBB startup.php 跨网站脚本4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002870.02CVE-2015-1431

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
192.63.197.48GandCrab v52018-10-13verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1CAPEC-10CWE-20, CWE-73, CWE-352, CWE-862, CWE-863, CWE-918Unknown Vulnerabilitypredictive
2T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument Injectionpredictive
3TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictive
7TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1Fileajax/api/hook/decodeArgumentspredictive
2Filebreadcrumbs_create.phppredictive
3Fileforumrunner/includes/moderation.phppredictive
4Fileincludes/startup.phppredictive
5Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictive
6Filexxxxxxx.xxxpredictive
7Filexxxxx.xxxpredictive
8Filexxxxx.xxxpredictive
9Filexxxxxxxx.xxxpredictive
10Filexxxxxxx.xxxpredictive
11Filexxxxxxxxxx.xxxpredictive
12Filexxxxxxxx.xxxpredictive
13Filexxxxxxxxxxx_xxxxx.xxxpredictive
14Filexxxxxxxxxxxxxx.xxxpredictive
15Argumentxxxxxxxxxpredictive
16Argumentxxxxxxxxxpredictive
17Argumentxxx_xxxxpredictive
18Argumentxxxxx_xxxx_xxxpredictive
19Argumentxxxpredictive
20Argumentxxxxxxxpredictive
21Argumentxxxxpredictive
22Argumentxxxxxxxxxxxxxxxxpredictive
23Argumentxxxxxpredictive
24Argumentxxxxxxpredictive
25Argumentxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!