Ghost Dragon Analysis

IOB - Indicator of Behavior (145)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en114
zh24
de6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin6
WordPress6
Car Driving School Management System4
Palosanto Elastix4
Apache HTTP Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1vTiger CRM sql injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002600.00CVE-2019-11057
2Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973030.07CVE-2021-34473
3WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.05CVE-2017-5611
4Apache Solr ResourceLoader path traversal5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.528190.03CVE-2013-6397
5ThinkPHP input validation8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.03CVE-2019-9082
6Mailman input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
7Pivotal RabbitMQ password access control7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.05CVE-2016-9877
8phpThumb Default Configuration server-side request forgery5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002460.00CVE-2013-6919
9phpThumb phpThumb.demo.showpic.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.04CVE-2016-10508
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
11XenForo privileges management8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
12WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.008160.00CVE-2021-44223
13RuoYi edit sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000760.08CVE-2023-49371
14Apple iPhone UBS checkm8 privileges management6.45.9$5k-$25k$0-$5kFunctionalOfficial Fix0.000000.03CVE-2019-8900
15André Bräkling WP-Matomo Integration Plugin cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000470.00CVE-2023-33211
16Cacti graph_settings.php code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.012800.03CVE-2014-5261
17crewjam saml signature verification3.53.5$0-$5k$0-$5kNot DefinedOfficial Fix0.012510.05CVE-2020-27846
18VestaCP user.conf permission4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000480.05CVE-2021-30463
19MobileIron Core/Connector improper authentication8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.009870.04CVE-2020-15506
20IceWarp Mail Server css.php path traversal6.45.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.904210.05CVE-2015-1503

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cdsms/classes/Master.php?f=delete_enrollmentpredictiveHigh
2File/mifs/c/i/reg/reg.htmlpredictiveHigh
3File/server-infopredictiveMedium
4File/system/dept/editpredictiveHigh
5File/wp-json/oembed/1.0/embed?urlpredictiveHigh
6Filea2billing/customer/iridium_threed.phppredictiveHigh
7Fileadmin.php?s=/Channel/add.htmlpredictiveHigh
8Fileadmin/class-bulk-editor-list-table.phppredictiveHigh
9Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
10Fileauth.asppredictiveMedium
11Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxx-xxx/xxxxxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxx_xxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
19Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx_xxxxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
25Filexxx.xpredictiveLow
26Filexxxxxxx.xxxpredictiveMedium
27Filexxx_xxxx.xxxpredictiveMedium
28Filexxxxx/xxxxx.xxxpredictiveHigh
29Filexxxxxxx/xxxx.xxxpredictiveHigh
30Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
31Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexxxx.xxxxpredictiveMedium
35Filexxxxxxxxx.xpredictiveMedium
36Filexxxxxxxx/xxxxxxxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictiveHigh
39Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
42Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
43Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
44Libraryxxx/xxxx/xxxxxx.xxxxx.xxxpredictiveHigh
45Libraryxxx/xxx.xxxpredictiveMedium
46Argumentxxxxxx_xxxxpredictiveMedium
47ArgumentxxxxxxxpredictiveLow
48Argumentxxxxxxx-xxxxxxpredictiveHigh
49Argumentxxxxxxx_xxpredictiveMedium
50ArgumentxxxxxxxxxxxxxxxpredictiveHigh
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxxxpredictiveLow
55ArgumentxxpredictiveLow
56ArgumentxxxxxxxxxpredictiveMedium
57Argumentxx_xxxxpredictiveLow
58Argumentx/xx/xxxpredictiveMedium
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxxpredictiveLow
61Argumentxxxx/xxxxxxxpredictiveMedium
62ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxxpredictiveLow
64Argumentxxxxxx_xxxxpredictiveMedium
65ArgumentxxxxxxxxxxxxxpredictiveHigh
66Argumentxxxxxxxx_xxxxxxxpredictiveHigh
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69Argumentxxxxxx/xxxxxpredictiveMedium
70Argumentxxxxxxxx[]predictiveMedium
71Argumentxxxxxxxx[xxxx]predictiveHigh
72ArgumentxxxpredictiveLow
73Argumentxxx_xxxx[x][]predictiveHigh
74Argumentxxxxxxxx/xxxpredictiveMedium
75ArgumentxxpredictiveLow
76ArgumentxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxxxxxxpredictiveHigh
80Argumentxxxx xxxxpredictiveMedium
81Input Value-xpredictiveLow
82Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
83Input Value…/.predictiveLow
84Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!