DEV-0530 Analysis

IOB - Indicator of Behavior (166)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en164
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us166

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

H0lyGh0st1
Babadeda1
Cobalt Strike1
NetWire RC1
Nanocore RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined70
Operating System18
Content Management System10
Cloud Software8
Smartphone Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined46
Microsoft24
Apache6
Google6
Samsung6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows16
Apache Tomcat4
Google Android4
LibreHealth EHR Base4
Microsoft Azure RTOS USBX2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack cryptographic issues5.34.7$0-$5k$0-$5kUnprovenWorkaround0.060.00300CVE-2015-2808
2Couchbase Server information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00094CVE-2022-32192
3OTRS Forwarder information disclosure3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00050CVE-2022-32740
4Veritas NetBackup pbx_exchange Process access control8.36.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00304CVE-2017-6407
5Microsoft Azure RTOS USBX ux_device_class_dfu_control_request buffer overflow9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.00258CVE-2022-29246
6PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00308CVE-2020-36326
7jQuery UI dialog cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00417CVE-2016-7103
8Intel Xeon BIOS information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00042CVE-2021-33117
9HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00156CVE-2022-31481
10Apache Tomcat HTTP Split input validation7.26.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00262CVE-2016-6816
11Delta Controls enteliTOUCH HTTP Request Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00088CVE-2022-29735
12Moment.js path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00353CVE-2022-24785
13Laravel PendingBroadcast.php __destruct deserialization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00000CVE-2022-31279
14Piwigo cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00051CVE-2021-40678
15Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00043CVE-2022-32981
16GNU C Library mq_notify use after free5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00284CVE-2021-33574
17Vyper Contract Address control flow7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00054CVE-2022-29255
18Easy Blog cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00053CVE-2022-27174
19Brocade SANnav REST API log file3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00043CVE-2022-28162
20Python mailcap Module os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00090CVE-2015-20107

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • H0lyGh0st

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1193.56.29.123DEV-0530H0lyGh0st07/15/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?page=batch_manager&mode=unitpredictiveHigh
2File/goform/aspFormpredictiveHigh
3File/omps/sellerpredictiveMedium
4File/php/passport/index.phppredictiveHigh
5File/replicationpredictiveMedium
6File/settingspredictiveMedium
7File/staff/tools/custom-fieldspredictiveHigh
8File/strings/ctype-latin1.cpredictiveHigh
9File/xxxxxxx/predictiveMedium
10File/xxxxxxx-xxxxxxxxxx/xxxxx/xxxxxx_xxxxxx_xxxxxxx_xxxxxxx.xxx?xxxxxxx_xx=xxpredictiveHigh
11Filexxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
13Filexxxxxxx.xxxxpredictiveMedium
14Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
15Filexxx-xxx/xxxxxxx.xxpredictiveHigh
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
18Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
19Filexxxx/xxxxx/xxx_xxxxx.xxxpredictiveHigh
20Filexxxx_xx.xxpredictiveMedium
21Filexxx_xxxxxx.xxpredictiveHigh
22Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxxx/xxxxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveHigh
26Filexxxxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveHigh
27Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveHigh
28Filexxx/xxxx/xxxx.xpredictiveHigh
29Filexxxxxx-xxx.xpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxx/xxxx_xxxxxxx.xxpredictiveHigh
35Filexxx/xxxx_xxxx.xxpredictiveHigh
36Filexxxxxxx.xpredictiveMedium
37Filexxxx_xxx_xxx.xxxpredictiveHigh
38Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
40File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
41Libraryxxxxx.xxxpredictiveMedium
42Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxpredictiveLow
45Argumentxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
46ArgumentxxxxxxxpredictiveLow
47Argumentxxxxxxxxxx_xxxxpredictiveHigh
48Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
49ArgumentxxxxxxxxxpredictiveMedium
50ArgumentxxxxxxpredictiveLow
51Argumentxxxxxx/xxxxxxxxxxpredictiveHigh
52Argumentxxxxx xxxxpredictiveMedium
53ArgumentxxpredictiveLow
54Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
55ArgumentxxxxpredictiveLow
56ArgumentxxpredictiveLow
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63Argumentxxxxxx_xxxxpredictiveMedium
64ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
65ArgumentxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxpredictiveLow
68Argumentxxxx_xxpredictiveLow
69Argumentx-xxxxxxxxx-xxxpredictiveHigh
70Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!