GhostSecret Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en150
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA122
GB: Great Britain24
IN: India4
BR: Brazil2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HopLight1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Operating System18
Web Server10
Web Browser6
Programming Language Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined46
Microsoft14
Apple6
Apache4
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Apache HTTP Server4
Linux Kernel4
Google Chrome4
Apple macOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Node.js Module._load permission7.67.6$0-$5k$0-$5kNot definedNot defined 0.000360.05CVE-2023-32002
2Rarlab WinRar Recovery Volume array index6.36.0$0-$5k$0-$5kNot definedOfficial fixexpected0.935940.00CVE-2023-40477
3Cisco AnyConnect Secure Mobility Client default permission7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.254800.02CVE-2023-20178
4curl POST use after free8.28.0$0-$5k$0-$5kNot definedOfficial fix 0.005160.02CVE-2023-28322
5nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000001.15CVE-2020-12440
6Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.29CVE-2017-0055
7Atlassian JIRA Server/Data Center Access Control default permission5.35.2$0-$5k$0-$5kNot definedOfficial fix 0.003010.03CVE-2019-20106
8Microsoft Windows Advanced Local Procedure Call use after free9.28.8$100k and more$25k-$100kHighOfficial fixverified0.089630.03CVE-2023-21674
9SciPy Py_FindObjects use after free8.48.3$0-$5k$0-$5kNot definedOfficial fix 0.002760.00CVE-2023-29824
10Microsoft Windows Routing/Remote Access Service Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial fix 0.049430.00CVE-2023-35365
11RenderDoc integer overflow8.68.4$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.001490.00CVE-2023-33863
12Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial fixpossible0.668620.00CVE-2023-28231
13IBM InfoSphere DataStage access control5.95.9$25k-$100k$0-$5kNot definedNot defined 0.000550.00CVE-2015-1900
14Apache HTTP Server mod_reqtimeout resource management5.35.1$5k-$25k$0-$5kNot definedOfficial fixexpected0.888580.00CVE-2007-6750
15Atlassian Companion App Websocket Remote Code Execution9.49.3$0-$5k$0-$5kNot definedOfficial fix 0.326170.00CVE-2023-22524
16OpenVPN Connect Node.js Framework neutralization of directives6.56.5$0-$5k$0-$5kNot definedNot defined 0.000720.08CVE-2023-7245
17Apple Safari unusual condition8.07.9$25k-$100k$5k-$25kHighOfficial fixverified0.087360.00CVE-2023-41993
18texlive-bin TTF File ttfLoadHDMX:ttfdump heap-based overflow5.85.8$0-$5k$0-$5kNot definedNot defined 0.001100.00CVE-2024-25262
19Linux Kernel membarrier sys_membarrier resource consumption5.65.5$0-$5k$0-$5kNot definedOfficial fix 0.000100.04CVE-2024-26602
20libuv getaddrinfo.c uv_getaddrinfo server-side request forgery7.37.2$0-$5k$0-$5kNot definedOfficial fix 0.001230.09CVE-2024-24806

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
114.140.116.17214-140-116-172-sapient.comGhostSecret04/30/2018verifiedLow
2XXX.XXX.XXX.XXXxxxxxxxxxx04/30/2018verifiedLow
3XXX.XXX.XXX.XXXXxxxxxxxxxx04/30/2018verifiedLow

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/bookings/view_details.phppredictiveHigh
2File/modules/announcement/index.php?view=editpredictiveHigh
3File/uncpath/predictiveMedium
4Fileash.cpredictiveLow
5Filexxxx/xxxxxxx/xxxxxxxxpredictiveHigh
6Filexxxxxxxxx/xxxxxxxxx.xpredictiveHigh
7Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxx/xxx_xxxx.xpredictiveHigh
8Filexxxxxxx/xxxx/xxxxxx/xxx.xpredictiveHigh
9Filexxxxxxxxxx.xxxxxxx.xxpredictiveHigh
10Filexxxxxxx.xpredictiveMedium
11Filexxxx_xxxxx.xpredictiveMedium
12Filexxx_xxxxxxxx.xpredictiveHigh
13Filexxx/xxxxxxxxx/xx_xxxxxxxxx.xpredictiveHigh
14Filexxxxxxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
15Filexxx/xxxx/xxxxxxxxxxx.xpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxx-xxxpredictiveMedium
18Filexxx/xxxxxxx.xxxpredictiveHigh
19Libraryxxx.xxxpredictiveLow
20Libraryxxx/xxxxxxxxxxxxxxx.xxpredictiveHigh
21ArgumentxxxxxxxxxpredictiveMedium
22ArgumentxxxxxxxxxxxpredictiveMedium
23Argumentxxxxxxxx_xxx_xx_xxxxpredictiveHigh
24ArgumentxxxxxxxxxxxpredictiveMedium
25Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
26ArgumentxxpredictiveLow
27ArgumentxxxxxxxxxpredictiveMedium
28ArgumentxxxxpredictiveLow
29Argumentxxxxxxx xxxxxpredictiveHigh
30ArgumentxxxxxpredictiveLow
31Input Value[]-x.xx-xxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!