GhostEmperor Analysis

IOB - Indicator of Behavior (294)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en200
zh84
de8
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn196
us90
gb6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Cisco IOS XE12
WordPress10
Oracle VM VirtualBox6
Linux Kernel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.04499CVE-2019-7550
2ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.010.01359CVE-2020-7847
3Cisco IOS XE hard-coded credentials8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01136CVE-2018-0150
4Cisco Secure Access Control System EAP-FAST Authentication Module improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01136CVE-2013-3466
5Codoforum New Topic cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2020-9007
6Zoom On-Premise Meeting Connector Controller Network Proxy Page os command injection4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2021-34414
7ThinkPHP index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-10225
8KingView stgopenstorage API integer overflow6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-7471
9Synacor Zimbra Collaboration Memcache Command injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05736CVE-2022-27924
10PHPMailer validateAddress injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01018CVE-2021-3603
11Dahua IPC-HX3XXX Data Packet improper authentication8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.22170CVE-2021-33044
12Dahua IPC-HX3XXX Data Packet improper authentication8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.12492CVE-2021-33045
13SoftEther VPN Server See.sys Kernel 7pk security6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.050.00890CVE-2019-11868
14Cisco IOS XE Privileges access control7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2020-3215
15Winmail Server PHP File netdisk.php copy_folder_file path traversal7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.050.01382CVE-2018-5700
16Cobham Explorer 710 insufficiently protected credentials9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-9533
17Check Point R80.30 Security Gateway Configuration exceptional condition5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2019-8462
18sudo sudoers_policy_main heap-based overflow8.38.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.58695CVE-2021-3156
19Cisco IOS/IOS XE SNMPv1/SNMPv2c/SNMPv3 memory corruption8.88.1$25k-$100k$0-$5kProof-of-ConceptWorkaround0.020.51157CVE-2017-6736
20Spamsniper Mail From stack-based overflow7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01978CVE-2020-7845

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/admin/comment.phppredictiveHigh
3File/admin/index.phppredictiveHigh
4File/etc/postfix/sender_loginpredictiveHigh
5File/login.htmlpredictiveMedium
6File/newpredictiveLow
7File/system?action=ServiceAdminpredictiveHigh
8File/tlogin.cgipredictiveMedium
9File/userRpm/popupSiteSurveyRpm.htmlpredictiveHigh
10File/var/log/nginxpredictiveHigh
11Filexxx_xxxxx.xxxpredictiveHigh
12Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxpredictiveHigh
13Filexxxxx/xxxxxx.xxx?xxxxxx=xxx_xxxxpredictiveHigh
14Filexxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxx/xxxxxx/xxxxxx_xxxpredictiveHigh
17Filexxxx_xxxxxxxxxx.xpredictiveHigh
18Filexxx_xxxxxxx.xxxpredictiveHigh
19Filexxxxxx/xx_xxx.xpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxx_xxxxxxx.xxpredictiveHigh
22Filexxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxx.xxpredictiveMedium
24Filexxxx/xxxxxxxxxxxxxxxxpredictiveHigh
25Filexx/xx_xxxxx.xpredictiveHigh
26Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxx_xxx_xxxx_xxxxx_xx_xxxxx.xpredictiveHigh
28Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxx/xxx_xxxxxxxxxx.xpredictiveHigh
33Filexxxxxx/xxxxxx.xpredictiveHigh
34Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
35Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
36Filexxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxx_xxxx.xpredictiveMedium
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxx.xxxpredictiveMedium
46Filexxxxxxx.xxpredictiveMedium
47Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
48Filexx_xxx.xxpredictiveMedium
49Filexxxx-xxxxxx.xpredictiveHigh
50Filexxxxxx/xxxxxxx.xxxpredictiveHigh
51Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
52Filexxxxxxx/xxxxxxxx_xxxx_xx_xxx.xpredictiveHigh
53Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
54Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
55Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
56Filexx-xxxxx.xxxpredictiveMedium
57File__xxxx_xxxxxxxx.xxxpredictiveHigh
58Libraryxxxxxxxxx.xxxpredictiveHigh
59Libraryxxxxxxxx.xxxpredictiveMedium
60Libraryxxx.xxxpredictiveLow
61Libraryxxxxxx.xxxxx.xxxxxxxxpredictiveHigh
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64Argumentxxxxxxxxxx_xxxxx_xxxxxxpredictiveHigh
65Argumentxxxxxxx_xxx/xxxxxpredictiveHigh
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxx xxxxpredictiveMedium
68ArgumentxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxpredictiveLow
71Argumentxx xxxxxxxpredictiveMedium
72ArgumentxxxpredictiveLow
73ArgumentxxxxxxxxxpredictiveMedium
74Argumentxxxxx_xxxxpredictiveMedium
75Argumentxxxx_xxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxxxxxxxpredictiveHigh
78Argumentxxxxxxxxx_predictiveMedium
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxpredictiveLow
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxpredictiveLow
85Argumentxxxxxxxxxxxx[xxxx]predictiveHigh
86Argumentx-xxxx-xxxxxpredictiveMedium
87Argument_x_xxxxxxxxxxpredictiveHigh
88Input Valuexxxx.xxx::$xxxxpredictiveHigh
89Input Valuexxxxx&#xx;xxxx:predictiveHigh
90Input Value\xxx\xxxpredictiveMedium
91Network Portxxx/xx & xxx/xxxpredictiveHigh
92Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!