Grandoreiro 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (320)

时间轴

语言

en286
pl18
pt6
es6
it4

国家/地区

us62
pt6
ru4
es4
it2

演员

Grandoreiro11
Wocao1
APT341
Raccoon1
Stealc1

活动

利益

时间轴

类型

Not Defined40
Web Server14
Forum Software2
Web Browser2
Hosting Control Software2

供应商

Not Defined24
Apache8
Cisco4
IBM4
Smartisoft2

产品

Apache HTTP Server8
Cisco SD-WAN vManage4
Smartisoft phpBazar2
XMB Forum2
Netscape Communicator2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1SOCKS 5 Proxy Config 权限升级7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.00
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.14CVE-2010-0966
4nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002415.36CVE-2020-12440
5Netscape Communicator JPEG Comment 内存损坏7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.013450.00CVE-2000-0655
6DZCP deV!L`z Clanportal browser.php 信息公开5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.91CVE-2007-1167
7phpMyAdmin 权限升级7.97.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001800.00CVE-2016-6621
8PHP Cookie 权限升级5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006340.00CVE-2022-31629
9PHP PHP-FPM 拒绝服务5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005840.03CVE-2015-9253
10Campcodes Beauty Salon Management System admin-profile.php SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.09CVE-2023-3874
11PHP GD Extension imageloadfont 内存损坏6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000640.04CVE-2022-31630
12OrangeScrum AWS Credential 跨网站脚本5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2023-1783
13ARCHIBUS Web Central login.axvw 权限升级5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2021-41553
14Apache HTTP Server mod_auth_digest 内存损坏5.65.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002200.03CVE-2020-35452
15Oracle HTTP Server OSSL Module 权限升级9.08.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.974060.03CVE-2021-40438
16Apache HTTP Server mod_proxy 权限升级7.37.3$25k-$100k$5k-$25kNot DefinedNot Defined0.974060.00CVE-2021-40438
17Apache HTTP Server MPM Event Worker 权限升级6.56.5$5k-$25k$0-$5kHighNot Defined0.974170.00CVE-2019-0211
18Apache HTTP Server mod_proxy_uwsgi 内存损坏8.58.5$25k-$100k$25k-$100kNot DefinedNot Defined0.015260.00CVE-2020-11984
19Apache HTTP Server ap_escape_quotes 内存损坏5.65.6$25k-$100k$25k-$100kNot DefinedNot Defined0.005790.02CVE-2021-39275
20XMB Forum member.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002700.00CVE-2003-0375

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
13.144.135.247ec2-3-144-135-247.us-east-2.compute.amazonaws.comGrandoreiro2024-02-01verified
24.229.235.160Grandoreiro2024-02-02verified
315.188.63.127ec2-15-188-63-127.eu-west-3.compute.amazonaws.comGrandoreiro2022-08-23verified
415.228.57.146ec2-15-228-57-146.sa-east-1.compute.amazonaws.comGrandoreiro2023-06-19verified
515.228.233.242ec2-15-228-233-242.sa-east-1.compute.amazonaws.comGrandoreiro2023-06-19verified
615.229.47.198ec2-15-229-47-198.sa-east-1.compute.amazonaws.comGrandoreiro2023-06-19verified
7XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxx2024-02-01verified
8XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx2023-11-04verified
9XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx2023-06-19verified
10XX.XXX.XXX.XXXxxxxxxxxxx2024-02-01verified
11XX.XXX.XX.XXXXxxxxxxxxxx2024-02-01verified
12XX.XXX.XXX.XXXXxxxxxxxxxx2024-02-01verified
13XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx2022-08-23verified
14XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx2022-08-23verified
15XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxxxxx.xxxXxxxxxxxxxx2024-02-02verified
16XX.XX.XXX.XXxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxxxx2023-01-29verified
17XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx2022-08-23verified
18XX.XXX.XXX.XXXXxxxxxxxxxx2024-02-01verified
19XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx2024-02-01verified
20XX.XXX.XX.XXxxx-xx-xxx-xx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxxxx2022-08-23verified
21XX.XX.XXX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxx2024-02-01verified
22XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxxXxxxxxxxxxx2024-02-01verified
23XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxx2024-02-01verified
24XXX.XXX.X.XXXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxxxxxxxx2024-02-01verified
25XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxxxxxx2022-08-23verified
26XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxxxxxx2024-02-01verified
27XXX.XX.XXX.XXXxx.xxxxxxx.xxxxXxxxxxxxxxx2021-04-16verified
28XXX.XXX.XXX.XXXXxxxxxxxxxx2022-11-22verified
29XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxxXxxxxxxxxxx2024-02-01verified
30XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxxxxxx2022-11-22verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (52)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/admin-profile.phppredictive
2File/archibus/login.axvwpredictive
3File/cgi-bin/wapopenpredictive
4File/downloadpredictive
5File/forum/away.phppredictive
6File/mgmt/tm/util/bashpredictive
7File/SASWebReportStudio/logonAndRender.dopredictive
8File/xxxxxxx/predictive
9Filexxxxxxx/xxxxx.xxxpredictive
10Filexxxxx/xxx/xxxxxxx/xxx/xxxx.xxxpredictive
11Filexxxxxxxxxx_xxxxx.xxxpredictive
12Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
13Filexxxxxxxxx_xxxxxxx.xxxpredictive
14Filexxxxxxxx.xxxpredictive
15Filexxxx_xxxx.xpredictive
16Filexxx/xxxxxx.xxxpredictive
17Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
18Filexxxxx.xxxpredictive
19Filexxxx.xxxxpredictive
20Filexxxxxx.xxxpredictive
21Filexxxxxxx.xxxpredictive
22Filexxxx_xxxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexxxx.xxxpredictive
25Filexxxxxxx.xxxpredictive
26Filexxxxx/xxxxxxx.xpredictive
27Filexx-xxxxx/xxxx-xxx.xxxpredictive
28Filexxxx.xxpredictive
29Argumentxxxxxxxxxxxpredictive
30Argumentxxxxxxxxxpredictive
31Argumentxxxxx_xxxxx_xxxpredictive
32Argumentxxxxxxx_xxpredictive
33Argumentxxxxxxxxpredictive
34Argumentxxxxxxpredictive
35Argumentxxx_xxxxpredictive
36Argumentxxxxpredictive
37Argumentxxxxxxxxxxpredictive
38Argumentxxxxxxx[xx_xxx_xxxx]predictive
39Argumentxxpredictive
40Argumentxxxxxxxxxxxxxxpredictive
41Argumentxxxxxxxx_xxxpredictive
42Argumentxxxxxxpredictive
43Argumentxx_xxx[xxxx_xxxxxx_xxx]predictive
44Argumentxxxpredictive
45Argumentxxxx_xxxxpredictive
46Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictive
47Argumentxxxxxxpredictive
48Argumentxxxxxxxxpredictive
49Argument\xxx\predictive
50Input Value../..predictive
51Input Valuexxxxxpredictive
52Network Portxxx/xxxxxpredictive

参考 (9)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!