GhostSecret تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

التسلسل الزمني

اللغة

en150
it2

البلد

us126
gb20
in4

الفاعلين

HopLight1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined58
Operating System20
Web Browser8
Network Utility Software4
Virtualization Software4

المجهز

Not Defined46
Microsoft14
Apple8
Atlassian6
Google4

منتج

Microsoft Windows12
Apple macOS4
Google Chrome4
Linux Kernel4
Wireshark2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Node.js Module._load تجاوز الصلاحيات7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000910.03CVE-2023-32002
2Rarlab WinRar Recovery Volume تلف الذاكرة6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2023-40477
3Cisco AnyConnect Secure Mobility Client تجاوز الصلاحيات7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000600.04CVE-2023-20178
4curl POST تلف الذاكرة8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.03CVE-2023-28322
5nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.85CVE-2020-12440
6Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.06CVE-2017-0055
7Atlassian JIRA Server/Data Center Access Control تجاوز الصلاحيات5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.00CVE-2019-20106
8Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.8$25k-$100k$5k-$25kHighOfficial Fix0.007270.00CVE-2023-21674
9SciPy Py_FindObjects تلف الذاكرة7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.04CVE-2023-29824
10Microsoft Windows Routing/Remote Access Service Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.059370.00CVE-2023-35365
11RenderDoc تلف الذاكرة8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003230.00CVE-2023-33863
12Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.076150.00CVE-2023-28231
13IBM InfoSphere DataStage تجاوز الصلاحيات5.95.9$25k-$100k$5k-$25kNot DefinedNot Defined0.000420.00CVE-2015-1900
14Apache HTTP Server mod_reqtimeout الحرمان من الخدمة5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.06CVE-2007-6750
15Atlassian Companion App Websocket Remote Code Execution9.49.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002120.04CVE-2023-22524
16OpenVPN Connect Node.js Framework Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2023-7245
17Apple Safari تجاوز الصلاحيات8.07.9$5k-$25k$5k-$25kHighOfficial Fix0.000870.00CVE-2023-41993
18texlive-bin TTF File ttfLoadHDMX:ttfdump تلف الذاكرة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-25262
19Linux Kernel membarrier sys_membarrier الحرمان من الخدمة5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2024-26602
20libuv getaddrinfo.c uv_getaddrinfo تجاوز الصلاحيات7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001110.05CVE-2024-24806

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
114.140.116.17214-140-116-172-sapient.comGhostSecret30/04/2018verifiedعالي
2XXX.XXX.XXX.XXXxxxxxxxxxx30/04/2018verifiedعالي
3XXX.XXX.XXX.XXXXxxxxxxxxxx30/04/2018verifiedعالي

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-22Path Traversalpredictiveعالي
2T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
13TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/bookings/view_details.phppredictiveعالي
2File/modules/announcement/index.php?view=editpredictiveعالي
3File/uncpath/predictiveمتوسط
4Fileash.cpredictiveواطئ
5Filexxxx/xxxxxxx/xxxxxxxxpredictiveعالي
6Filexxxxxxxxx/xxxxxxxxx.xpredictiveعالي
7Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxx/xxx_xxxx.xpredictiveعالي
8Filexxxxxxx/xxxx/xxxxxx/xxx.xpredictiveعالي
9Filexxxxxxxxxx.xxxxxxx.xxpredictiveعالي
10Filexxxxxxx.xpredictiveمتوسط
11Filexxxx_xxxxx.xpredictiveمتوسط
12Filexxx_xxxxxxxx.xpredictiveعالي
13Filexxx/xxxxxxxxx/xx_xxxxxxxxx.xpredictiveعالي
14Filexxxxxxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveعالي
15Filexxx/xxxx/xxxxxxxxxxx.xpredictiveعالي
16Filexxxxxxx.xxxpredictiveمتوسط
17Filexxxx-xxxpredictiveمتوسط
18Filexxx/xxxxxxx.xxxpredictiveعالي
19Libraryxxx.xxxpredictiveواطئ
20Libraryxxx/xxxxxxxxxxxxxxx.xxpredictiveعالي
21Argumentxxxxxxxxxpredictiveمتوسط
22Argumentxxxxxxxxxxxpredictiveمتوسط
23Argumentxxxxxxxx_xxx_xx_xxxxpredictiveعالي
24Argumentxxxxxxxxxxxpredictiveمتوسط
25Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveعالي
26Argumentxxpredictiveواطئ
27Argumentxxxxxxxxxpredictiveمتوسط
28Argumentxxxxpredictiveواطئ
29Argumentxxxxxxx xxxxxpredictiveعالي
30Argumentxxxxxpredictiveواطئ
31Input Value[]-x.xx-xxxxxxxxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!