GreyEnergy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en100
ar98
ru96
pl96
zh88

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ar98
ru96
pl96
es86
it80

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dark Caracal1
Balada1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined56
WordPress Plugin30
Operating System6
Web Server4
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Tenda30
Not Defined26
Apache4
GOG4
ISC2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E8
MailCleaner6
Tenda AX18064
Apache HTTP Server4
Tenda i214

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.24CVE-2024-4327
2MailCleaner Email os command injection9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.29CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.15CVE-2024-4348
4MailCleaner Admin Interface cross site scripting6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.15CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.19CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
9Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.00CVE-2021-44790
10Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-41561
13Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32775
14Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32955
15Tenda i21 formQosManageDouble_auto stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-4246
16Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-28976
17Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
18ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
19AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
20Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.23.82.72GreyEnergy10/29/2018verifiedHigh
22.2.82.64GreyEnergy10/29/2018verifiedHigh
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frGreyEnergy10/29/2018verifiedHigh
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comGreyEnergy10/29/2018verifiedMedium
55.149.248.77GreyEnergy05/31/2021verifiedHigh
619.2.45.3GreyEnergy10/29/2018verifiedHigh
721.15.46.55GreyEnergy10/29/2018verifiedHigh
8XX.XXX.XXX.XXXXxxxxxxxxx05/31/2021verifiedHigh
9XX.XX.XX.XXxxxxxxxxx.xx-xx-xx-xx.xxXxxxxxxxxx05/31/2021verifiedHigh
10XX.XXX.XX.XXXXxxxxxxxxx05/31/2021verifiedHigh
11XX.XXX.XX.XXXxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
12XX.XX.XX.XXxxxxxxxxx10/29/2018verifiedHigh
13XX.XXX.XXX.XXXxxxxxxxxx05/31/2021verifiedHigh
14XX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx05/31/2021verifiedHigh
15XX.XXX.XX.XXXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
16XX.XXX.XX.XXxxxxxx.xx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
17XXX.XXX.XXX.X.Xxxxxxxxxx05/31/2021verifiedHigh
18XXX.XXX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
19XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
20XXX.XXX.X.XXXxxx-xxx-x-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
21XXX.XXX.X.XXXxxx-xxx-x-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
22XXX.XX.XXX.XXXxxxxxxxx.xx-xxx-xx-xxx.xxXxxxxxxxxx05/31/2021verifiedHigh
23XXX.XXX.XX.XXXXxxxxxxxxx05/31/2021verifiedHigh
24XXX.XXX.X.XXXxx-xxxx.xxxXxxxxxxxxx05/31/2021verifiedHigh
25XXX.XXX.XX.XXXxxxxxx.xxxxxx.xxx.xxXxxxxxxxxx05/31/2021verifiedHigh
26XXX.XXX.XX.XXXxxxxxxxxx05/31/2021verifiedHigh
27XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxx.xxxXxxxxxxxxx03/05/2022verifiedHigh
28XXX.XXX.XX.XXXxx-xxxx.xxxx.xxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
29XXX.XXX.X.XXXxxxx.xxxxxx.xxxXxxxxxxxxx05/31/2021verifiedHigh
30XXX.XXX.XXX.XXXxxxxxxxxx05/31/2021verifiedHigh
31XXX.XXX.XXX.XXXxxxxxxxxx05/31/2021verifiedHigh
32XXX.XXX.XXX.XXXxxxx.xxxxxx-xxxxxx.xxXxxxxxxxxx05/31/2021verifiedHigh
33XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxxxxxx05/31/2021verifiedHigh
34XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/all-productspredictiveHigh
2File/changePasswordpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/goform/addIpMacBindpredictiveHigh
5File/goform/DelDhcpRulepredictiveHigh
6File/goform/delIpMacBindpredictiveHigh
7File/goform/DelPortMappingpredictiveHigh
8File/goform/modifyDhcpRulepredictiveHigh
9File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
10File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
11File/xxxxxx/xxxxxxxxxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
21File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
22File/xxx/xxxxxxx/xxxpredictiveHigh
23File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
24Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
25Filexxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
28Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
34Argumentxxxxx_xxxxxpredictiveMedium
35ArgumentxxxxxxxxxxxxxpredictiveHigh
36ArgumentxxxpredictiveLow
37ArgumentxxxxxxxxxpredictiveMedium
38ArgumentxxxxxxxxxxxxpredictiveMedium
39ArgumentxxxxxxxxxxpredictiveMedium
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxpredictiveLow
42ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
43Argumentxx/xxxxpredictiveLow
44ArgumentxxxxxxxpredictiveLow
45ArgumentxxpredictiveLow
46ArgumentxxxxxxxxxxxxxxpredictiveHigh
47ArgumentxxxxxxxxxxxxxpredictiveHigh
48Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
49ArgumentxxxxpredictiveLow
50ArgumentxxxxxxxxxxpredictiveMedium
51ArgumentxxxxxxxxxxxxpredictiveMedium
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
54Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
58ArgumentxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxpredictiveMedium
60Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
61ArgumentxxxxxxxxxpredictiveMedium
62ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxpredictiveLow
64ArgumentxxxxxxxxxxpredictiveMedium
65Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!