DEV-0530 Analysisinfo

IOB - Indicator of Behavior (166)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en166

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Apache Tomcat6
H3C Magic R1004
swftools4
jQuery-UI4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack cryptographic issues5.34.7$0-$5k$0-$5kUnprovenWorkaroundpossible0.488400.05CVE-2015-2808
2Couchbase Server information disclosure3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.003710.00CVE-2022-32192
3OTRS Forwarder information disclosure3.53.5$0-$5k$0-$5kNot definedNot defined 0.003450.00CVE-2022-32740
4Veritas NetBackup pbx_exchange Process access control8.38.1$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.002410.00CVE-2017-6407
5Microsoft Azure RTOS USBX ux_device_class_dfu_control_request buffer overflow9.89.6$25k-$100k$0-$5kNot definedOfficial fix 0.014270.00CVE-2022-29246
6PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.009900.00CVE-2020-36326
7jQuery UI dialog cross site scripting5.24.9$0-$5k$0-$5kNot definedOfficial fix 0.013970.05CVE-2016-7103
8Intel Xeon BIOS information disclosure3.33.2$0-$5k$0-$5kNot definedOfficial fix 0.001330.00CVE-2021-33117
9HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow9.99.7$0-$5k$0-$5kNot definedOfficial fix 0.009840.00CVE-2022-31481
10Apache Tomcat HTTP Split input validation7.26.8$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.031040.03CVE-2016-6816
11Delta Controls enteliTOUCH HTTP Request privilege escalation5.55.3$0-$5k$0-$5kNot definedNot defined 0.004010.00CVE-2022-29735
12Moment.js path traversal6.96.7$0-$5k$0-$5kNot definedOfficial fix 0.005390.03CVE-2022-24785
13Laravel PendingBroadcast.php __destruct deserialization6.36.1$0-$5k$0-$5kNot definedNot defined 0.000000.00CVE-2022-31279
14Piwigo admin.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.001810.00CVE-2021-40678
15Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow8.07.6$5k-$25k$0-$5kNot definedOfficial fix 0.003700.09CVE-2022-32981
16GNU C Library mq_notify use after free5.55.5$0-$5k$0-$5kNot definedNot defined 0.001290.00CVE-2021-33574
17Vyper Contract Address control flow7.37.2$0-$5k$0-$5kNot definedOfficial fix 0.003440.00CVE-2022-29255
18Easy Blog cross-site request forgery4.34.2$0-$5k$0-$5kNot definedNot defined 0.001510.00CVE-2022-27174
19Brocade SANnav REST API log file3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.000240.00CVE-2022-28162
20Python mailcap Module os command injection7.37.3$0-$5k$0-$5kNot definedNot defined 0.012180.04CVE-2015-20107

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • H0lyGh0st

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1193.56.29.123DEV-0530H0lyGh0st07/15/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?page=batch_manager&mode=unitpredictiveHigh
2File/goform/aspFormpredictiveHigh
3File/omps/sellerpredictiveMedium
4File/php/passport/index.phppredictiveHigh
5File/replicationpredictiveMedium
6File/settingspredictiveMedium
7File/staff/tools/custom-fieldspredictiveHigh
8File/strings/ctype-latin1.cpredictiveHigh
9File/xxxxxxx/predictiveMedium
10File/xxxxxxx-xxxxxxxxxx/xxxxx/xxxxxx_xxxxxx_xxxxxxx_xxxxxxx.xxx?xxxxxxx_xx=xxpredictiveHigh
11Filexxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
13Filexxxxxxx.xxxxpredictiveMedium
14Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
15Filexxx-xxx/xxxxxxx.xxpredictiveHigh
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
18Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
19Filexxxx/xxxxx/xxx_xxxxx.xxxpredictiveHigh
20Filexxxx_xx.xxpredictiveMedium
21Filexxx_xxxxxx.xxpredictiveHigh
22Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxxx/xxxxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveHigh
26Filexxxxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveHigh
27Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveHigh
28Filexxx/xxxx/xxxx.xpredictiveHigh
29Filexxxxxx-xxx.xpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxx/xxxx_xxxxxxx.xxpredictiveHigh
35Filexxx/xxxx_xxxx.xxpredictiveHigh
36Filexxxxxxx.xpredictiveMedium
37Filexxxx_xxx_xxx.xxxpredictiveHigh
38Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
40File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
41Libraryxxxxx.xxxpredictiveMedium
42Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxpredictiveLow
45Argumentxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
46ArgumentxxxxxxxpredictiveLow
47Argumentxxxxxxxxxx_xxxxpredictiveHigh
48Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
49ArgumentxxxxxxxxxpredictiveMedium
50ArgumentxxxxxxpredictiveLow
51Argumentxxxxxx/xxxxxxxxxxpredictiveHigh
52Argumentxxxxx xxxxpredictiveMedium
53ArgumentxxpredictiveLow
54Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
55ArgumentxxxxpredictiveLow
56ArgumentxxpredictiveLow
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63Argumentxxxxxx_xxxxpredictiveMedium
64ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
65ArgumentxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxpredictiveLow
68Argumentxxxx_xxpredictiveLow
69Argumentx-xxxxxxxxx-xxxpredictiveHigh
70Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!