Ghost Dragon Analysisinfo

IOB - Indicator of Behavior (148)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en124
zh20
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Joomla4
phpThumb4
Joomla CMS4
phpMyAdmin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1vTiger CRM sql injection7.57.2$0-$5k$0-$5kNot definedOfficial fix 0.007510.03CVE-2019-11057
2Microsoft Exchange Server ProxyShell server-side request forgery9.59.1$25k-$100k$5k-$25kAttackedOfficial fixverified0.942550.06CVE-2021-34473
3WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.088390.09CVE-2017-5611
4Apache Solr ResourceLoader path traversal5.35.1$5k-$25k$0-$5kNot definedOfficial fixexpected0.933460.02CVE-2013-6397
5ThinkPHP invokefunction code injection8.07.9$0-$5kCalculatingAttackedOfficial fixverified0.941490.05CVE-2019-9082
6Mailman input validation6.56.3$0-$5k$0-$5kNot definedOfficial fix 0.001920.00CVE-2018-13796
7Pivotal RabbitMQ password access control7.77.6$0-$5k$0-$5kNot definedOfficial fix 0.003990.03CVE-2016-9877
8phpThumb Default Configuration server-side request forgery5.35.1$0-$5k$0-$5kNot definedOfficial fix 0.002340.05CVE-2013-6919
9phpThumb phpThumb.demo.showpic.php cross site scripting5.24.9$0-$5k$0-$5kNot definedOfficial fix 0.001900.04CVE-2016-10508
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
11XenForo privileges management8.67.9$0-$5k$0-$5kNot definedOfficial fix 0.000000.00
12PrestaShop information disclosure5.35.2$0-$5k$0-$5kNot definedOfficial fix 0.003870.02CVE-2024-34717
13Python urllib.parse input validation6.56.4$0-$5k$0-$5kNot definedOfficial fix 0.010500.00CVE-2023-24329
14Oracle MySQL Server Optimizer5.55.3$5k-$25k$0-$5kNot definedOfficial fix 0.002060.00CVE-2020-14760
15WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot definedOfficial fixpossible0.398710.07CVE-2021-44223
16RuoYi edit sql injection7.67.5$0-$5k$0-$5kNot definedNot definedexpected0.828150.00CVE-2023-49371
17Apple iPhone UBS checkm8 privileges management6.45.9$5k-$25k$0-$5kFunctionalOfficial fix 0.001910.02CVE-2019-8900
18André Bräkling WP-Matomo Integration Plugin cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.000580.00CVE-2023-33211
19Cacti graph_settings.php code injection7.37.3$0-$5k$0-$5kNot definedNot defined 0.013370.00CVE-2014-5261
20crewjam saml signature verification3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.153450.03CVE-2020-27846

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (85)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cdsms/classes/Master.php?f=delete_enrollmentpredictiveHigh
2File/mifs/c/i/reg/reg.htmlpredictiveHigh
3File/server-infopredictiveMedium
4File/system/dept/editpredictiveHigh
5File/wp-json/oembed/1.0/embed?urlpredictiveHigh
6Filea2billing/customer/iridium_threed.phppredictiveHigh
7Fileadmin.php?s=/Channel/add.htmlpredictiveHigh
8Fileadmin/class-bulk-editor-list-table.phppredictiveHigh
9Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
10Fileauth.asppredictiveMedium
11Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxx-xxx/xxxxxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxx_xxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
19Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx_xxxxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
25Filexxx.xpredictiveLow
26Filexxxxxxx.xxxpredictiveMedium
27Filexxx_xxxx.xxxpredictiveMedium
28Filexxxxx/xxxxx.xxxpredictiveHigh
29Filexxxxxxx/xxxx.xxxpredictiveHigh
30Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
31Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexxxx.xxxxpredictiveMedium
35Filexxxxxxxxx.xpredictiveMedium
36Filexxxxxxxx/xxxxxxxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictiveHigh
39Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
42Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
43Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
44Libraryxxx/xxxx/xxxxxx.xxxxx.xxxpredictiveHigh
45Libraryxxx/xxx.xxxpredictiveMedium
46Argumentxxxxxx_xxxxpredictiveMedium
47ArgumentxxxxxxxpredictiveLow
48Argumentxxxxxxx-xxxxxxpredictiveHigh
49Argumentxxxxxxx_xxpredictiveMedium
50ArgumentxxxxxxxxxxxxxxxpredictiveHigh
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxxxpredictiveLow
55ArgumentxxpredictiveLow
56ArgumentxxxxxxxxxpredictiveMedium
57Argumentxx_xxxxpredictiveLow
58Argumentx/xx/xxxpredictiveMedium
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxxpredictiveLow
61Argumentxxxx/xxxxxxxpredictiveMedium
62ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxxpredictiveLow
64Argumentxxxxxx_xxxxpredictiveMedium
65ArgumentxxxxxxxxxxxxxpredictiveHigh
66Argumentxxxxxxxx_xxxxxxxpredictiveHigh
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69Argumentxxxxxx/xxxxxpredictiveMedium
70Argumentxxxxxx_xxxpredictiveMedium
71Argumentxxxxxxxx[]predictiveMedium
72Argumentxxxxxxxx[xxxx]predictiveHigh
73ArgumentxxxpredictiveLow
74Argumentxxx_xxxx[x][]predictiveHigh
75Argumentxxxxxxxx/xxxpredictiveMedium
76ArgumentxxpredictiveLow
77ArgumentxxxxxxxxxxxxxpredictiveHigh
78ArgumentxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxxxxxxxpredictiveHigh
81Argumentxxxx xxxxpredictiveMedium
82Input Value-xpredictiveLow
83Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
84Input Value…/.predictiveLow
85Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!