DEV-0530 Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (166)

Cronología

Idioma

en164
pl2

País

us166

Actores

H0lyGh0st1
Remcos1
Cobalt Strike1
NetWire RC1
Nanocore RAT1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined68
Operating System16
Programming Language Software8
Application Server Software8
Content Management System6

Proveedor

Not Defined58
Microsoft18
Google8
Apache6
Atlassian4

Producto

Microsoft Windows14
Apache Tomcat6
Atlassian Data Center4
OpenSSH4
Google Go4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack cifrado débil5.34.7$0-$5k$0-$5kUnprovenWorkaround0.003000.02CVE-2015-2808
2Couchbase Server divulgación de información3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2022-32192
3OTRS Forwarder divulgación de información3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000720.03CVE-2022-32740
4Veritas NetBackup pbx_exchange Process escalada de privilegios8.36.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003560.04CVE-2017-6407
5Microsoft Azure RTOS USBX ux_device_class_dfu_control_request desbordamiento de búfer9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.012350.00CVE-2022-29246
6PHPMailer Phar Deserialization addAttachment escalada de privilegios5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
7jQuery UI dialog cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004690.07CVE-2016-7103
8Intel Xeon BIOS divulgación de información3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-33117
9HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update desbordamiento de búfer9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.002610.02CVE-2022-31481
10Apache Tomcat HTTP Split escalada de privilegios7.26.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002620.04CVE-2016-6816
11Delta Controls enteliTOUCH HTTP Request Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.001880.00CVE-2022-29735
12Moment.js directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.03CVE-2022-24785
13Laravel PendingBroadcast.php __destruct escalada de privilegios6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-31279
14Piwigo cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2021-40678
15Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr desbordamiento de búfer8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2022-32981
16GNU C Library mq_notify desbordamiento de búfer5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.013860.00CVE-2021-33574
17Vyper Contract Address escalada de privilegios7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2022-29255
18Easy Blog cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.02CVE-2022-27174
19Brocade SANnav REST API divulgación de información3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-28162
20Python mailcap Module escalada de privilegios7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.04CVE-2015-20107

Campañas (1)

These are the campaigns that can be associated with the actor:

  • H0lyGh0st

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1193.56.29.123DEV-0530H0lyGh0st2022-07-15verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveAlto
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin.php?page=batch_manager&mode=unitpredictiveAlto
2File/goform/aspFormpredictiveAlto
3File/omps/sellerpredictiveMedio
4File/php/passport/index.phppredictiveAlto
5File/replicationpredictiveMedio
6File/settingspredictiveMedio
7File/staff/tools/custom-fieldspredictiveAlto
8File/strings/ctype-latin1.cpredictiveAlto
9File/xxxxxxx/predictiveMedio
10File/xxxxxxx-xxxxxxxxxx/xxxxx/xxxxxx_xxxxxx_xxxxxxx_xxxxxxx.xxx?xxxxxxx_xx=xxpredictiveAlto
11Filexxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
12Filexxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
13Filexxxxxxx.xxxxpredictiveMedio
14Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveAlto
15Filexxx-xxx/xxxxxxx.xxpredictiveAlto
16Filexxxxxxxxx.xxxpredictiveAlto
17Filexxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveAlto
18Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveAlto
19Filexxxx/xxxxx/xxx_xxxxx.xxxpredictiveAlto
20Filexxxx_xx.xxpredictiveMedio
21Filexxx_xxxxxx.xxpredictiveAlto
22Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveAlto
23Filexxxxx.xxxpredictiveMedio
24Filexxxxxxxxx/xxxx/xxxxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveAlto
25Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveAlto
26Filexxxxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveAlto
27Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveAlto
28Filexxx/xxxx/xxxx.xpredictiveAlto
29Filexxxxxx-xxx.xpredictiveMedio
30Filexxxxxx.xpredictiveMedio
31Filexxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveAlto
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
33Filexxxxx.xxxpredictiveMedio
34Filexxx/xxxx_xxxxxxx.xxpredictiveAlto
35Filexxx/xxxx_xxxx.xxpredictiveAlto
36Filexxxxxxx.xpredictiveMedio
37Filexxxx_xxx_xxx.xxxpredictiveAlto
38Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
40File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveAlto
41Libraryxxxxx.xxxpredictiveMedio
42Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveAlto
43ArgumentxxxxxxxxpredictiveMedio
44ArgumentxxpredictiveBajo
45Argumentxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
46ArgumentxxxxxxxpredictiveBajo
47Argumentxxxxxxxxxx_xxxxpredictiveAlto
48Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveAlto
49ArgumentxxxxxxxxxpredictiveMedio
50ArgumentxxxxxxpredictiveBajo
51Argumentxxxxxx/xxxxxxxxxxpredictiveAlto
52Argumentxxxxx xxxxpredictiveMedio
53ArgumentxxpredictiveBajo
54Argumentxxxxxxxxx/xxxxxxxxxpredictiveAlto
55ArgumentxxxxpredictiveBajo
56ArgumentxxpredictiveBajo
57ArgumentxxxxpredictiveBajo
58ArgumentxxxxxxpredictiveBajo
59ArgumentxxxxxxxxpredictiveMedio
60ArgumentxxxxxxxxpredictiveMedio
61ArgumentxxxxxxxpredictiveBajo
62ArgumentxxxxxpredictiveBajo
63Argumentxxxxxx_xxxxpredictiveMedio
64ArgumentxxxxxxxxxxxxxxxxxxxpredictiveAlto
65ArgumentxxxpredictiveBajo
66ArgumentxxxxxxxxpredictiveMedio
67ArgumentxxxxxpredictiveBajo
68Argumentxxxx_xxpredictiveBajo
69Argumentx-xxxxxxxxx-xxxpredictiveAlto
70Network Portxxx/xxxxxpredictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!