Grobios Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (20)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en18
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us10
cn6
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TA5052
APT282
APT291
Ammyy (SettingContent-MS)1
IcedID1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System8
Not Defined6
Programming Language Software2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Joomla6
Ametys2
Wargaming2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Joomla CMS6
Ametys CMS2
PHP2
Wargaming World of Warships2
NotificationX Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Adobe Dreamweaver untrusted search path5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.04CVE-2021-21055
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3WSO2 API Manager File Upload unrestricted upload9.89.8$0-$5k$0-$5kHighNot Defined0.973110.09CVE-2022-29464
4Keysight IXIA Hawkeye licenses cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.16CVE-2023-1860
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.12CVE-2017-0055
6PHP PHAR phar.c phar_parse_pharfile out-of-bounds6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.005760.05CVE-2018-20783
7NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.05CVE-2022-0349
8Ametys CMS auto-completion Plugin en.xml information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005050.05CVE-2022-26159
9Joomla CMS Password Reset access control7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001530.04CVE-2012-1598
10Joomla CMS Password Reset cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016990.00CVE-2011-4321
11Joomla CMS Web Server Configuration cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2019-7742
12Microweber controller.php information disclosure6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010020.00CVE-2020-13405
13Fengoffice Feng Office cross site scripting4.34.3$0-$5k$0-$5kHighUnavailable0.001920.00CVE-2014-5343
14Wargaming World of Warships Replay Remote Code Execution6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.004570.05CVE-2022-31265
15WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.05CVE-2022-21661
16ISPConfig sql injection6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.00CVE-2021-3021
17Kentico CMS File Upload unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002490.04CVE-2018-19453
18Kentico File Upload unrestricted upload5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001380.02CVE-2019-19493

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1169.239.129.17rns.za.zappiehost.comGrobios05/17/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2T1068CWE-264Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/licensespredictiveMedium
2File/uncpath/predictiveMedium
3Filexxx/xxxx/xxxx.xpredictiveHigh
4Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
5Filexxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
6Argumentxx_xxpredictiveLow
7ArgumentxxxxpredictiveLow
8Input Valuexxxxx"><xxxxxx>xxxxx(%xxxxxxxxxxxx%xx)</xxxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!