Gwmndy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us10
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Gwmndy2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Programming Language Software4
Application Server Software2
Smartphone Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
Apache4
Gempar2
Maran2
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Gempar Script Toko Online2
portable SDK for UPnP2
Apache Commons FileUpload2
Maran PHP Shop2
Apache Tomcat2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1myPHPNuke print.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.009620.00CVE-2008-4088
2Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001370.05CVE-2008-4879
3ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
4Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
5MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
6Cisco Linksys EA2700 URL information disclosure4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00
7Sumeffect digiSHOP cart.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2010-4633
8Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889
9Cisco IOS NTP Interface Queue input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005630.00CVE-2016-1478
10phpMyAdmin code injection6.86.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.051280.00CVE-2016-6633
11Apache Commons FileUpload access control9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.058660.04CVE-2016-1000031
12portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.974140.05CVE-2012-5958
13Apache Tomcat StatusManagerServlet information disclosure5.95.4$5k-$25k$0-$5kUnprovenOfficial Fix0.002720.00CVE-2016-0706
14Google Android GPS GpsXtraDownloader.java Hang resource management5.95.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017310.02CVE-2016-5348

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.125.125.5Gwmndy08/02/2019verifiedHigh
2XX.XXX.XXX.XXXXxxxxx08/02/2019verifiedHigh
3XX.XX.X.XXXxxxxx08/02/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2TXXXX.XXXCAPEC-18CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebooks.phppredictiveMedium
2Filecart.phppredictiveMedium
3FileGpsXtraDownloader.javapredictiveHigh
4Filexxxx_xxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxx.xxxpredictiveMedium
7Filexxxxxxxxxx.xxxpredictiveHigh
8Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
9ArgumentxxxxxxpredictiveLow
10ArgumentxxxpredictiveLow
11Argumentxxx_xxpredictiveLow
12Argumentxxxx_xxpredictiveLow
13ArgumentxxpredictiveLow
14ArgumentxxxpredictiveLow
15Network Portxxx/xxx (xxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!