Ghost Dragon Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (145)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en118
zh24
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ms144
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlackTech1
Ponystealer1
Ghost Dragon1
Winwebsec1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined72
Content Management System14
Database Administration Software6
Application Server Software4
Business Process Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Apache8
Microsoft6
Palosanto4
Montala4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
phpMyAdmin6
Car Driving School Management System6
Palosanto Elastix4
Cacti4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1vTiger CRM sql injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00228CVE-2019-11057
2Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.97319CVE-2021-34473
3WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
4Apache Solr ResourceLoader path traversal5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.52819CVE-2013-6397
5ThinkPHP input validation8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.97456CVE-2019-9082
6Mailman input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00160CVE-2018-13796
7Pivotal RabbitMQ password access control7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00343CVE-2016-9877
8phpThumb Default Configuration server-side request forgery5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00246CVE-2013-6919
9phpThumb phpThumb.demo.showpic.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00096CVE-2016-10508
10Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
11XenForo privileges management8.67.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000
12WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.00683CVE-2021-44223
13RuoYi edit sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00076CVE-2023-49371
14Apple iPhone UBS checkm8 privileges management6.45.9$5k-$25k$0-$5kFunctionalOfficial Fix0.050.00000CVE-2019-8900
15André Bräkling WP-Matomo Integration Plugin cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2023-33211
16Cacti graph_settings.php code injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01711CVE-2014-5261
17crewjam saml signature verification3.53.5$0-$5kCalculatingNot DefinedOfficial Fix0.040.01251CVE-2020-27846
18VestaCP user.conf permission4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00048CVE-2021-30463
19MobileIron Core/Connector improper authentication8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00987CVE-2020-15506
20IceWarp Mail Server css.php path traversal6.45.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.90421CVE-2015-1503

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.170.179.179Ghost Dragon12/23/2020verifiedHigh
258.64.187.22Ghost Dragon12/23/2020verifiedHigh
360.215.128.246Ghost Dragon12/23/2020verifiedHigh
464.111.220.218colt.isprime.comGhost Dragon12/23/2020verifiedHigh
5XXX.XX.X.XXXXxxxx Xxxxxx12/23/2020verifiedHigh
6XXX.XX.XXX.XXXXxxxx Xxxxxx12/23/2020verifiedHigh
7XXX.X.XXX.XXxxx-xxx-x-xxx-xx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxx Xxxxxx12/23/2020verifiedHigh
8XXX.X.XXX.XXXxxx-xxx-x-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxx Xxxxxx12/23/2020verifiedHigh
9XXX.X.XXX.XXXxxx-xxx-x-xxx-xxx.xxxxxxx.xxxx-xxxxx-xxx.xxxxxx-xxxxxxxx.xxxXxxxx Xxxxxx12/23/2020verifiedHigh
10XXX.X.XXX.XXXxxx-xxx-x-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxx Xxxxxx12/23/2020verifiedHigh
11XXX.XX.XX.XXXXxxxx Xxxxxx12/23/2020verifiedHigh
12XXX.XX.XX.XXXxxxx Xxxxxx12/23/2020verifiedHigh
13XXX.XX.XX.XXXxxxx Xxxxxx12/23/2020verifiedHigh
14XXX.XX.XX.XXXxxxx Xxxxxx12/23/2020verifiedHigh
15XXX.XX.XX.XXXxxxx Xxxxxx12/23/2020verifiedHigh
16XXX.XXX.XXX.XXxxxxx.xxxx.xxXxxxx Xxxxxx12/23/2020verifiedHigh
17XXX.XXX.XXX.XXXXxxxx Xxxxxx12/23/2020verifiedHigh
18XXX.XX.XXX.XXXXxxxx Xxxxxx12/23/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cdsms/classes/Master.php?f=delete_enrollmentpredictiveHigh
2File/mifs/c/i/reg/reg.htmlpredictiveHigh
3File/server-infopredictiveMedium
4File/system/dept/editpredictiveHigh
5File/wp-json/oembed/1.0/embed?urlpredictiveHigh
6Filea2billing/customer/iridium_threed.phppredictiveHigh
7Fileadmin.php?s=/Channel/add.htmlpredictiveHigh
8Fileadmin/class-bulk-editor-list-table.phppredictiveHigh
9Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
10Fileauth.asppredictiveMedium
11Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxx-xxx/xxxxxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxx_xxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
19Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx_xxxxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
25Filexxx.xpredictiveLow
26Filexxxxxxx.xxxpredictiveMedium
27Filexxx_xxxx.xxxpredictiveMedium
28Filexxxxx/xxxxx.xxxpredictiveHigh
29Filexxxxxxx/xxxx.xxxpredictiveHigh
30Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
31Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexxxx.xxxxpredictiveMedium
35Filexxxxxxxxx.xpredictiveMedium
36Filexxxxxxxx/xxxxxxxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictiveHigh
39Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
42Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
43Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
44Libraryxxx/xxxx/xxxxxx.xxxxx.xxxpredictiveHigh
45Libraryxxx/xxx.xxxpredictiveMedium
46Argumentxxxxxx_xxxxpredictiveMedium
47ArgumentxxxxxxxpredictiveLow
48Argumentxxxxxxx-xxxxxxpredictiveHigh
49Argumentxxxxxxx_xxpredictiveMedium
50ArgumentxxxxxxxxxxxxxxxpredictiveHigh
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxxxpredictiveLow
55ArgumentxxpredictiveLow
56ArgumentxxxxxxxxxpredictiveMedium
57Argumentxx_xxxxpredictiveLow
58Argumentx/xx/xxxpredictiveMedium
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxxpredictiveLow
61Argumentxxxx/xxxxxxxpredictiveMedium
62ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxxpredictiveLow
64Argumentxxxxxx_xxxxpredictiveMedium
65ArgumentxxxxxxxxxxxxxpredictiveHigh
66Argumentxxxxxxxx_xxxxxxxpredictiveHigh
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69Argumentxxxxxx/xxxxxpredictiveMedium
70Argumentxxxxxxxx[]predictiveMedium
71Argumentxxxxxxxx[xxxx]predictiveHigh
72ArgumentxxxpredictiveLow
73Argumentxxx_xxxx[x][]predictiveHigh
74Argumentxxxxxxxx/xxxpredictiveMedium
75ArgumentxxpredictiveLow
76ArgumentxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxxxxxxpredictiveHigh
80Argumentxxxx xxxxpredictiveMedium
81Input Value-xpredictiveLow
82Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
83Input Value…/.predictiveLow
84Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!