GhostSec 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

言語

en	30
ru	6

国・地域

ru	36

アクター

RedLine Stealer	2
GhostSec	2
Kinsing	1
GhostLocker	1
catDDoS	1

関心

タイプ

Not Defined	16
Content Management System	6
Cloud Software	4
Web Server	2
Forum Software	2

ベンダー

Not Defined	20
Nextcloud	2
212cafe	2
HashiCorp	2
Bitrix	2

製品

Grafana	4
WordPress	4
Nextcloud Server	2
Nextcloud Enterprise Server	2
TinyMCE	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	nginx 特権昇格	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	1.73	CVE-2020-12440
2	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.08	CVE-2022-27228
3	GitLab Community Edition/Enterprise Edition Runner Registration Token 情報の漏洩	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03278	0.04	CVE-2022-0735
4	212cafe 212cafeboard view.php SQLインジェクション	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00064	0.06	CVE-2008-4713
5	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.24
6	nginx Error Page 特権昇格	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00273	0.04	CVE-2019-20372
7	Nextcloud Server Workflow 特権昇格	7.8	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00147	0.05	CVE-2023-26482
8	Nextcloud Server/Enterprise Server DNS Pin Middleware 特権昇格	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2023-48306
9	NextCloud Updater Reflected クロスサイトスクリプティング	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.00	CVE-2019-15618
10	WordPress Scheduled Task wp-cron.php サービス拒否	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00096	0.04	CVE-2023-22622
11	PHP PHAR phar_dir_read メモリ破損	8.2	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00083	0.15	CVE-2023-3824
12	PHP XML External Entity	7.2	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00059	0.07	CVE-2023-3823
13	Collabora Online クロスサイトスクリプティング	4.9	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.00	CVE-2023-31145
14	uvicorn Request Logger urllib.parse.unquote 特権昇格	5.0	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00140	0.05	CVE-2020-7694
15	TinyMCE クロスサイトスクリプティング	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00210	0.04	CVE-2022-23494
16	GitLab Project Import 特権昇格	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.63436	0.04	CVE-2022-2185
17	Microsoft IIS Frontpage Server Extensions shtml.dll Username 情報の漏洩	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.15958	0.08	CVE-2000-0114
18	Telegram 特権昇格	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2023-26818
19	Adminer adminer.php 特権昇格	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02092	0.05	CVE-2021-21311
20	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.51598	0.05	CVE-2023-21707

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	88.218.61.141	host-88-218-61-141.hosted-by-vdsina.ru	GhostSec	2023年11月09日	verified	高
2	XX.XXX.XX.XXX	xxxxxxxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxxx	2023年11月09日	verified	高
3	XX.XXX.XX.XXX	xxxx-xx-xxx-xx-xxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxxx	2024年03月06日	verified	高
4	XXX.X.XX.XXX	xxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xx	Xxxxxxxx	2023年11月09日	verified	高

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/api/user/password/sent-reset-email	predictive	高
2	File	/forum/away.php	predictive	高
3	File	xxxxxxx.xxx	predictive	中
4	File	xxxx.xxx	predictive	中
5	File	xx-xxxx.xxx	predictive	中
6	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	高
7	Library	/_xxx_xxx/xxxxx.xxx	predictive	高
8	Library	xxxxxx.xxxxx.xxxxxxx	predictive	高
9	Argument	xxxx_xxxxxx_xxxxxxxxx	predictive	高
10	Argument	xxx	predictive	低

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!