GandCrab 2.1 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (193)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en188
de2
fr2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us100
bg60
ro8
ru4
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

GandCrab 2.13

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined74
Operating System14
Content Management System14
Web Server10
Programming Language Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined76
Microsoft18
Joomla6
Apache4
D-Link2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Joomla CMS6
WordPress6
PHP6
D-Link DVG-5402G4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.82CVE-2020-12440
2Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.03CVE-2018-1312
3TVT Dvr Firmware path traversal7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.153910.05CVE-2013-6023
4FreeBSD Ping pr_pack stack-based overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-23093
5Acme Mini HTTPd Terminal input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003030.04CVE-2009-4490
6Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.05CVE-2020-1927
7WordPress Press This class-wp-press-this.php information disclosure6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005270.05CVE-2017-5610
8profanity weak prng5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.001140.00CVE-2022-40769
9Photocrati ecomm-sizes.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001200.00CVE-2015-2216
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.18CVE-2017-0055
11Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
12TP-LINK WR740N Wireless N Router HTTP Request denial of service7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
13Joomla CMS File Upload media.php input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.798640.05CVE-2013-5576
14Copadata zenon zenAdminSrv.exe memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.006180.00CVE-2011-4533
15D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000520.32CVE-2024-0717
16Project Worlds Online Food Ordering System add-item.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-45324
17SourceCodester Online Student Management System edit-class-detail.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.03CVE-2023-1099
18Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget authorization5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.04CVE-2021-24914
19WordPress Wp Downloads Manager File Upload upload.php input validation10.09.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.028750.04CVE-2008-3362
20VSFTPD Connection denial of service5.55.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002810.05CVE-2021-30047

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.143.160.70net1-customer70.adrana.roGandCrab 2.104/26/2018verifiedHigh
266.171.248.178api1.whatismyipaddress.comGandCrab 2.104/26/2018verifiedHigh
3XX.XXX.XX.XXXxxxxxxx X.x04/26/2018verifiedHigh
4XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx.xxXxxxxxxx X.x04/26/2018verifiedHigh
5XXX.XX.XXX.XXXxxxxxxx X.x04/26/2018verifiedHigh
6XXX.XXX.XX.XXXxxxxxxx.xxxxxxxx.xxxXxxxxxxx X.x04/26/2018verifiedHigh
7XXX.XXX.XX.XXXXxxxxxxx X.x04/26/2018verifiedHigh
8XXX.XXX.XX.XXXXxxxxxxx X.x04/26/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (75)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/devinfopredictiveMedium
2File/etc/tomcat8/Catalina/attackpredictiveHigh
3File/ext/phar/phar_object.cpredictiveHigh
4File/inc/campaign/count_of_send.phppredictiveHigh
5File/rdms/admin/?page=user/manage_userpredictiveHigh
6File/TeleoptiWFM/Administration/GetOneTenantpredictiveHigh
7File/transmission/rpcpredictiveHigh
8File/uncpath/predictiveMedium
9Fileadmin/config/confmgr.phppredictiveHigh
10Filexxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx.xxpredictiveHigh
11Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filex:\xxxxxxpredictiveMedium
15Filexxxxxx.xxxpredictiveMedium
16Filexxx.xxx?xxxxxx=xxxxxxxxxxxxx&xxx=xxpredictiveHigh
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxpredictiveHigh
20Filexxxxx-xxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
22Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
23Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
24Filexxxx.xpredictiveLow
25Filexxxx/xxxxxxxxxxxxxpredictiveHigh
26Filexx/xxxxx_xxx.xpredictiveHigh
27Filexxxx_xxx_xxxxxx_xxxxxxx.xpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexx/xxxxxxx.xpredictiveMedium
30Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
31Filexxxxx\xxxxxx_xxxx.xxxpredictiveHigh
32Filexxxxxx_xxxxxx.xxpredictiveHigh
33Filexxxxxxx/xxx-xxxx.xxxpredictiveHigh
34Filexxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
36Filexxxxx.xpredictiveLow
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxx/xxxxx.xxpredictiveHigh
40Filexxx-xxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
43Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
44Filexx-xxxxxx.xxxpredictiveHigh
45Filexx-xxxx.xxxpredictiveMedium
46Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
47Filexxxxx-xxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxx.xxxpredictiveHigh
49Libraryxxxxxxxxx/xxxx/xxxxxx/xxxxxx.xxxx.xxx.xxxpredictiveHigh
50Libraryxxxxx.xxxpredictiveMedium
51Argument${xxx}predictiveLow
52Argument.xxx.x.x.x.x.x.xx.x.x.x.x.x.x.x.x.x.x.xpredictiveHigh
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxpredictiveLow
55Argumentxxxx_xxpredictiveLow
56ArgumentxxxxxxpredictiveLow
57ArgumentxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxxxxxxxpredictiveMedium
60Argumentxxxxxx_xxxxx_xxxpredictiveHigh
61ArgumentxxxxpredictiveLow
62ArgumentxxpredictiveLow
63ArgumentxxxxxxxxxpredictiveMedium
64ArgumentxxxxxpredictiveLow
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxxpredictiveLow
69Argumentxxxx_xxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxxxpredictiveLow
72ArgumentxxxxxxxxxxxxxxxpredictiveHigh
73ArgumentxxxxxxpredictiveLow
74Argumentxxxxxxxx/xxxxpredictiveHigh
75Input Valuexxxxxx|xxx|xxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!