GhostEmperor تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (348)

التسلسل الزمني

اللغة

en244
zh84
de8
ko6
es4

البلد

cn222
us114
gb10

الفاعلين

GhostEmperor5
Andariel4
Cobalt Strike1
Lazarus1
APT101

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined110
Operating System32
Content Management System16
Router Operating System14
Application Server Software14

المجهز

Not Defined80
Microsoft32
Cisco16
Oracle10
Atlassian10

منتج

Microsoft Windows24
WordPress10
Cisco IOS XE10
Cobham Explorer 7106
FasterXML jackson-databind4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1jforum User تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00289CVE-2019-7550
2ipTIME NAS-I Bulletin Manage تجاوز الصلاحيات7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00988CVE-2020-7847
3Cisco IOS XE توثيق ضعيف8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00366CVE-2018-0150
4Cisco Secure Access Control System EAP-FAST Authentication Module توثيق ضعيف9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00503CVE-2013-3466
5Codoforum New Topic سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.350.00058CVE-2020-9007
6LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.930.00000
7Zoom On-Premise Meeting Connector Controller Network Proxy Page تجاوز الصلاحيات4.74.5$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00141CVE-2021-34414
8ThinkPHP index.php حقن إس كيو إل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00173CVE-2018-10225
9KingView stgopenstorage API تلف الذاكرة6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00044CVE-2018-7471
10Zoho ManageEngine ADManager Plus Privilege Escalation5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00113CVE-2023-38743
11Palo Alto PAN-OS ثغرات غير معروفة4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.040.00069CVE-2023-0004
12Serendipity exit.php تجاوز الصلاحيات6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.130.00000
13spring-boot-actuator-logview LogViewEndpoint.view اجتياز الدليل5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00047CVE-2023-29986
14Synacor Zimbra Collaboration Memcache Command تجاوز الصلاحيات6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.09665CVE-2022-27924
15PHPMailer validateAddress تجاوز الصلاحيات5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00344CVE-2021-3603
16Dahua IPC-HX3XXX Data Packet توثيق ضعيف8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.29051CVE-2021-33044
17Dahua IPC-HX3XXX Data Packet توثيق ضعيف8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.06028CVE-2021-33045
18SoftEther VPN Server See.sys Kernel تجاوز الصلاحيات6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00044CVE-2019-11868
19Cisco IOS XE Privileges تجاوز الصلاحيات7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2020-3215
20Winmail Server PHP File netdisk.php copy_folder_file اجتياز الدليل7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00445CVE-2018-5700

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
127.102.113.57yukonpick.netGhostEmperor22/03/2022verifiedعالي
227.102.113.240power.playtimeins.netGhostEmperor22/03/2022verifiedعالي
3XX.XXX.XXX.XXXxxxxxxxxxxx22/03/2022verifiedعالي
4XX.XXX.XXX.XXXxxxxxxxxxxx22/03/2022verifiedعالي
5XX.XXX.XXX.XXXXxxxxxxxxxxx22/03/2022verifiedعالي
6XXX.XXX.XXX.XXXxxxxx.xxxxxxx.xxxXxxxxxxxxxxx22/03/2022verifiedعالي
7XXX.XXX.XXX.XXXXxxxxxxxxxxx22/03/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictiveعالي
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
13TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (112)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/.envpredictiveواطئ
2File/admin/comment.phppredictiveعالي
3File/admin/index.phppredictiveعالي
4File/api/v1/terminal/sessions/?limit=1predictiveعالي
5File/blogpredictiveواطئ
6File/cgi-bin/login.cgipredictiveعالي
7File/etc/postfix/sender_loginpredictiveعالي
8File/forum/away.phppredictiveعالي
9File/lists/index.phppredictiveعالي
10File/login.htmlpredictiveمتوسط
11File/mobilebroker/ServiceToBroker.svc/Json/Connectpredictiveعالي
12File/newpredictiveواطئ
13File/secure/QueryComponent!Default.jspapredictiveعالي
14File/xxxxxx?xxxxxx=xxxxxxxxxxxxpredictiveعالي
15File/xxxxxx.xxxpredictiveمتوسط
16File/xxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
17File/xxx/xxx/xxxxxpredictiveعالي
18File/xx-xxxxpredictiveمتوسط
19Filexxxxxxx.xxxpredictiveمتوسط
20Filexxx_xxxxx.xxxpredictiveعالي
21Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxpredictiveعالي
22Filexxxxx/xxxxxx.xxx?xxxxxx=xxx_xxxxpredictiveعالي
23Filexxxxx/xxxxxxx/xxxxxxxxxxpredictiveعالي
24Filexxxxxxxx.xxxpredictiveمتوسط
25Filexxxx/xxxxxx/xxxxxx_xxxpredictiveعالي
26Filexxxx_xxxxxxxxxx.xpredictiveعالي
27Filexxx_xxxxxxx.xxxpredictiveعالي
28Filexxxxxx/xx_xxx.xpredictiveعالي
29Filexxxxx.xxxpredictiveمتوسط
30Filexxxxxxx_xxxxxxx.xxpredictiveعالي
31Filexxxx.xxxpredictiveمتوسط
32Filexxxxxxxxxxxx.xxxpredictiveعالي
33Filexxxxxxxx.xxpredictiveمتوسط
34Filexxxx/xxxxxxxxxxxxxxxxpredictiveعالي
35Filexx/xx_xxxxx.xpredictiveعالي
36Filexxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
37Filexxxxxx_xxx_xxxx_xxxxx_xx_xxxxx.xpredictiveعالي
38Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
39Filexxx/xxxxxx.xxxpredictiveعالي
40Filexxxxx.xxxpredictiveمتوسط
41Filexxxxxxxxxxxxx.xxxpredictiveعالي
42Filexxx/xxx_xxxxxxxxxx.xpredictiveعالي
43Filexxxxxx/xxxxxx.xpredictiveعالي
44Filexxxxxxxxxxx/xxxxx.xpredictiveعالي
45Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveعالي
46Filexxxxxxxxx.xxxpredictiveعالي
47Filexxxxxxx.xxxpredictiveمتوسط
48Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveعالي
49Filexxxxxxx.xxxpredictiveمتوسط
50Filexxxxxxx.xxxpredictiveمتوسط
51Filexxxxxxx.xxxpredictiveمتوسط
52Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveعالي
53Filexxxxxxxxxxxxx.xxxpredictiveعالي
54Filexxxxx_xxxx.xpredictiveمتوسط
55Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveعالي
56Filexxxxxxxx.xxxpredictiveمتوسط
57Filexxxx.xxxpredictiveمتوسط
58Filexxxxxxx.xxpredictiveمتوسط
59Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
60Filexx_xxx.xxpredictiveمتوسط
61Filexxxx-xxxxxx.xpredictiveعالي
62Filexxxxxx/xxxxxxx.xxxpredictiveعالي
63Filexxxx.xxpredictiveواطئ
64Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
65Filexxxxxxx/xxxxxxxx_xxxx_xx_xxx.xpredictiveعالي
66Filexx-xxxx.xxxpredictiveمتوسط
67Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
68Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
69Filexx-xxxxxxxx/xxxx.xxxpredictiveعالي
70Filexx-xxxxx.xxxpredictiveمتوسط
71File__xxxx_xxxxxxxx.xxxpredictiveعالي
72Libraryxxxxxxxxx.xxxpredictiveعالي
73Libraryxxx/xxxxxxxx.xxpredictiveعالي
74Libraryxxxxxxxx.xxxpredictiveمتوسط
75Libraryxxx.xxxpredictiveواطئ
76Libraryxxxxxx.xxxxx.xxxxxxxxpredictiveعالي
77Argumentxxxxxxxxpredictiveمتوسط
78Argumentxxxpredictiveواطئ
79Argumentxxxxxxxxxx_xxxxx_xxxxxxpredictiveعالي
80Argumentxxxxxxx_xxx/xxxxxpredictiveعالي
81Argumentxxxxxpredictiveواطئ
82Argumentxxxx/xxxxxxxxxxpredictiveعالي
83Argumentxxxxxxxxpredictiveمتوسط
84Argumentxxxx xxxxpredictiveمتوسط
85Argumentxxxxpredictiveواطئ
86Argumentxxxxpredictiveواطئ
87Argumentxxpredictiveواطئ
88Argumentxx xxxxxxxpredictiveمتوسط
89Argumentxxxpredictiveواطئ
90Argumentxxxxxxxxxpredictiveمتوسط
91Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveعالي
92Argumentxxxxx_xxxxpredictiveمتوسط
93Argumentxxxx_xxpredictiveواطئ
94Argumentxxxxxxxxpredictiveمتوسط
95Argumentxxxxxxxxxxxxxpredictiveعالي
96Argumentxxxxxxxxx_predictiveمتوسط
97Argumentxxxxxxpredictiveواطئ
98Argumentxxxpredictiveواطئ
99Argumentxxxxpredictiveواطئ
100Argumentxxxxxxxxpredictiveمتوسط
101Argumentxxxpredictiveواطئ
102Argumentxxxpredictiveواطئ
103Argumentxxxxxxxxxxxx[xxxx]predictiveعالي
104Argumentx-xxxx-xxxxxpredictiveمتوسط
105Argument_x_xxxxxxxxxxpredictiveعالي
106Input Value@xxxxxxx.xxx.xxxxxxx.xxxpredictiveعالي
107Input Valuexxxx.xxx::$xxxxpredictiveعالي
108Input Valuexxxxx&#xx;xxxx:predictiveعالي
109Input Value\xxx\xxxpredictiveمتوسط
110Network Portxxx/xx & xxx/xxxpredictiveعالي
111Network Portxxx/xxxxpredictiveمتوسط
112Network Portxxx/xxxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!