Genkryptik 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

语言

en	84
de	16
es	4
pl	2
it	2

国家/地区

us	78
me	16
fr	4
ir	4
pl	2

演员

Ave Maria	3
AsyncRAT	3
Remcos	3
Nanocore RAT	3
Genkryptik	3

利益

类型

Not Defined	30
Operating System	6
Programming Language Software	4
Web Server	4
Content Management System	4

供应商

Not Defined	30
Microsoft	8
IBM	6
NAVER	4
Buffalo	2

产品

FreeBSD	4
PostgreSQL	2
Buffalo BHR-4GRV	2
Buffalo DWR-HP-G300NH	2
Buffalo HW-450HP-ZWE	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php SQL注入	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00501	0.00	CVE-2004-2175
2	NAVER Cloud Explorer 权限升级	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00222	0.00	CVE-2020-9752
3	NAVER Vaccine nsz Archive nsGreen.dll 目录遍历	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00184	0.04	CVE-2019-13157
4	GNU GRUB ext2.c grub_ext2_read_block 内存损坏	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00504	0.03	CVE-2017-9763
5	PhotoPost PHP Pro showproduct.php SQL注入	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00276	0.04	CVE-2004-0250
6	OpenSSH Authentication Username 信息公开	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.18	CVE-2016-6210
7	BitTorrent uTorrent Bencoding Parser 权限升级	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00867	0.04	CVE-2020-8437
8	MDaemon Webmail 跨网站脚本	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.02	CVE-2019-8983
9	WIKINDX PAGING.php getPagingStart 跨网站脚本	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00201	0.02	CVE-2019-13588
10	Synology DiskStation Manager Change Password 权限升级	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.03	CVE-2018-8916
11	Microsoft IIS 跨网站脚本	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.09	CVE-2017-0055
12	gtk-vnc Framebuffer 内存损坏	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00268	0.00	CVE-2017-1000044
13	Oracle MySQL Enterprise Monitor Apache Struts 2 内存损坏	9.8	9.4	$100k 以及更多	$0-$5k	Proof-of-Concept	Official Fix	0.02365	0.00	CVE-2016-4436
14	Tiki Admin Password tiki-login.php 弱身份验证	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	3.77	CVE-2020-15906
15	SharpZipLib 目录遍历	6.8	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00611	0.06	CVE-2021-32840
16	Apache HTTP Server mod_proxy_ajp 权限升级	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00903	0.00	CVE-2022-26377
17	Vinchin Backup and Recovery 弱身份验证	9.0	9.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00688	0.04	CVE-2022-35866
18	Microsoft Exchange Server Privilege Escalation	8.3	7.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00064	0.02	CVE-2023-35388
19	Chengdu Flash Flood Disaster Monitoring and Warning System Ajaxfileupload.ashx 权限升级	6.9	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.09	CVE-2023-3802
20	TikiWiki tiki-register.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	2.04	CVE-2006-6168

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	13.107.21.200		Genkryptik	2022-04-08	verified	高
2	79.134.225.5		Genkryptik	2022-05-04	verified	高
3	79.134.225.125		Genkryptik	2022-05-04	verified	高
4	XX.XX.XXX.XX	xx-xxx-xx.xxxxxxxx.xxxx	Xxxxxxxxxx	2022-04-12	verified	高
5	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xx	Xxxxxxxxxx	2022-05-04	verified	高
6	XXX.XXX.X.X	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高
7	XXX.XXX.X.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高
8	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高
9	XXX.XXX.XX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高
10	XXX.XXX.XX.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高
11	XXX.XXX.XXX.XXX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高
12	XXX.XX.XXX.XX	xxxxxx.xxxxxxxxx-xxxxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高
13	XXX.XXX.XX.XX		Xxxxxxxxxx	2022-05-04	verified	高
14	XXX.XXX.XX.XX	xxxxxxx.xxxxxxxx.xxx	Xxxxxxxxxx	2022-05-04	verified	高

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
11	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/Controller/Ajaxfileupload.ashx	predictive	高
2	File	/etc/sudoers	predictive	中
3	File	/uncpath/	predictive	中
4	File	admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser	predictive	高
5	File	cat.php	predictive	低
6	File	category.cfm	predictive	中
7	File	core/lists/PAGING.php	predictive	高
8	File	xxxxxx.xxx	predictive	中
9	File	xxxx/xxxxx.xxx	predictive	高
10	File	xxxxxxxxxxx/xxxxx.xxx	predictive	高
11	File	xx/xxxx.x	predictive	中
12	File	xxxxxxx.xxx	predictive	中
13	File	xxxxx.xxx	predictive	中
14	File	xxxxxxxxx/xx/xxx/xxxxxxx.xx	predictive	高
15	File	xxxxx/xxxxxxxx.x	predictive	高
16	File	xxxxxxx/xxxx.xxx	predictive	高
17	File	xxxxxxx/xx.x	predictive	中
18	File	xxx.xx	predictive	低
19	File	xxxxxxxx.xxx	predictive	中
20	File	xxxxxxx_xxxxxxx_xxxx.xxx	predictive	高
21	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	高
22	File	xxxx_xxxxxxxxx.xxx	predictive	高
23	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	高
24	File	xxxxxxx.xxx	predictive	中
25	File	xxxxxxxxxxx.xxx	predictive	高
26	File	xxxx-xxxxx.xxx	predictive	高
27	File	xxxx-xxxxxxxx.xxx	predictive	高
28	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	高
29	Library	xxxxxxxxxxxx_xxx.xxx	predictive	高
30	Library	xxxxxxx.xxx	predictive	中
31	Library	xxxxxxx.xxx.xx.xxx	predictive	高
32	Argument	xxx	predictive	低
33	Argument	xxxxx	predictive	低
34	Argument	xxx_xx	predictive	低
35	Argument	xxx	predictive	低
36	Argument	xxxxxxxxxx	predictive	中
37	Argument	xxxx	predictive	低
38	Argument	xxxxxxxx	predictive	中
39	Argument	xx	predictive	低
40	Argument	xxxx_xx	predictive	低
41	Argument	xxxxxxxx	predictive	中
42	Argument	xxxxx	predictive	低
43	Argument	xxxxx	predictive	低
44	Argument	xxxxxxxxxxx	predictive	中
45	Argument	xxxxxxxx	predictive	中
46	Argument	xx	predictive	低
47	Argument	xxxxxxxx_xx	predictive	中
48	Argument	xxxxxxxxxxxxxxx	predictive	高
49	Argument	xxxx	predictive	低
50	Input Value	xxxxxxxx.+xxx	predictive	高

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!