GroundPeony Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (190)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en156
zh24
de6
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us140
cn42
bg6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

GroundPeony3
Ave Maria2
Cobalt Strike2
SideWinder2
Lazarus1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined36
Router Operating System12
Content Management System8
Database Administration Software4
Photo Gallery Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
D-Link10
TP-LINK6
Tenda2
LogicBoard2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin4
PHPWind4
Tenda AC12062
D-Link DIR-860L2
D-Link DIR-865L2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.71CVE-2010-0966
3MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.65CVE-2007-0354
4FineCMS Redirector Weixin.php redirect6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.001210.07CVE-2017-11586
5D-Link DIR-846 HNAP1 Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.006670.00CVE-2023-33735
6PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.05CVE-2015-4134
7D-Link DIR-860L/DIR-865L/DIR-868L soap.cgi os command injection8.58.5$5k-$25k$5k-$25kHighNot Defined0.936440.00CVE-2018-6530
8Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.12
9Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.09CVE-2009-4935
10Softnext SPAM SQR code injection7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.05CVE-2023-24835
11D-Link DIR-850L category_view.php improper authentication8.58.1$5k-$25k$0-$5kProof-of-ConceptNot Defined0.925780.03CVE-2018-9032
12Ubiquiti EdgeOS access control8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.001040.02CVE-2017-0932
13FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.12CVE-2008-5928
14Coppermine Photo Gallery showdoc.php path traversal5.54.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013120.00CVE-2007-4976
15Samsung Galaxy Store cross site scripting5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.00CVE-2023-21434
16BESDER IP Camera VideoPlayTool access control7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001060.08CVE-2023-33443
17ZhongBangKeJi CRMEB UploadService.php Getshell unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003090.05CVE-2020-21787
18Jumpserver cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2022-42225
19Netgear R6260 SOAP Request setupwizard.cgi stack-based overflow8.88.8$25k-$100k$5k-$25kNot DefinedNot Defined0.000800.00CVE-2021-34978
20D-Link DIR-823 HNAP Login memory corruption8.58.5$5k-$25k$0-$5kHighNot Defined0.968630.00CVE-2016-6563

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2022-30190

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1103.199.17.184GroundPeonyCVE-2022-3019008/29/2023verifiedHigh
2XXX.XX.XXX.XXXxxx.xxx.xx.xxxXxxxxxxxxxxXxx-xxxx-xxxxx08/29/2023verifiedHigh
3XXX.XX.XXX.XXXXxxxxxxxxxxXxx-xxxx-xxxxx08/29/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/category_view.phppredictiveHigh
3File/crmeb/crmeb/services/UploadService.phppredictiveHigh
4File/etc/passwdpredictiveMedium
5File/forum/away.phppredictiveHigh
6File/getcfg.phppredictiveMedium
7File/HNAP1predictiveLow
8File/SetTriggerWPS/PINpredictiveHigh
9Fileadclick.phppredictiveMedium
10Filexxx_xxxxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxxx_xx.xxpredictiveMedium
14FilexxxxxxxxxxxxxpredictiveHigh
15Filexxxxxxxxxxx/xxxxxx.xxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxx/x_xxx.xpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxx.xxxpredictiveHigh
23Filexxxx.xxxpredictiveMedium
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxxxxxxxxxxx.xx?xxxxxxxxxxxxpredictiveHigh
26Filex_xxxxxxxx_xxxxxpredictiveHigh
27Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexxx_xxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxx-xxxx\xxxxx\xxxxxx_xxxx\xxxxx.xxxpredictiveHigh
32Filexxxxxx/xxx/xxxxxxxx/xxxxx/xxxxx_xxxx.xxpredictiveHigh
33Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxx.xxxpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxx_xxxxx.xpredictiveMedium
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveHigh
45Filexxx/xxx-xxxxxxxxxx/xxxx-xxxxxx/xxxxxx.xxxpredictiveHigh
46Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
47Libraryxxxxxxxx.xxxpredictiveMedium
48Libraryxxxxxxxx.xxxpredictiveMedium
49Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxxxxxxxxxxxpredictiveHigh
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxpredictiveLow
58ArgumentxxxpredictiveLow
59Argumentx_xxxxxxxxpredictiveMedium
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxxpredictiveLow
62ArgumentxxxxxxxpredictiveLow
63Argumentxxxx_xxxxxpredictiveMedium
64ArgumentxxxpredictiveLow
65Argumentxxxxx/xxxpredictiveMedium
66Argumentxxxxxxxxxx_xxxx_xxxxxxxpredictiveHigh
67ArgumentxxxpredictiveLow
68Input Valuexxxxxxxxxxxxx/xxxxxxx_xxxxx.xxxx_xxxxxxpredictiveHigh
69Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!