PoshC2 Análisis
IOB - Indicator of Behavior (728)
Ocupaciones
Interesar
Vulnerabilidad
Campañas (1)
These are the campaigns that can be associated with the actor:
- PoshC2
IOC - Indicator of Compromise (40)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (20)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (208)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Clase | Indicator | Escribe | Confianza |
---|---|---|---|---|
1 | File | /admin/config/uploadicon.php | predictive | Alto |
2 | File | /admin/del_feedback.php | predictive | Alto |
3 | File | /admin/login.php | predictive | Alto |
4 | File | /app/Http/Controllers/Admin/NEditorController.php | predictive | Alto |
5 | File | /cms/category/list | predictive | Alto |
6 | File | /inquiries/view_inquiry.php | predictive | Alto |
7 | File | /Login | predictive | Bajo |
8 | File | /mgmt/tm/util/bash | predictive | Alto |
9 | File | /mifs/c/i/reg/reg.html | predictive | Alto |
10 | File | /product/savenewproduct.php?flag=1 | predictive | Alto |
11 | File | /search | predictive | Bajo |
12 | File | /secure/ViewCollectors | predictive | Alto |
13 | File | /Session | predictive | Medio |
14 | File | /start_apply.htm | predictive | Alto |
15 | File | /sysmanage/updatelib.php | predictive | Alto |
16 | File | /thruk/#cgi-bin/extinfo.cgi?type=2 | predictive | Alto |
17 | File | /usr/bin/pkexec | predictive | Alto |
18 | File | /var/log/nginx | predictive | Alto |
19 | File | /xAdmin/html/cm_doclist_view_uc.jsp | predictive | Alto |
20 | File | adclick.php | predictive | Medio |
21 | File | add_comment.php | predictive | Alto |
22 | File | admin/content.php | predictive | Alto |
23 | File | booking.php | predictive | Medio |
24 | File | browse-category.php | predictive | Alto |
25 | File | BSW_cxttongr.htm | predictive | Alto |
26 | File | cat.asp | predictive | Bajo |
27 | File | xxxxxxxx.xxx | predictive | Medio |
28 | File | xxx-xxx/xxxxxxx.xx | predictive | Alto |
29 | File | xxxxxxxx.xxx | predictive | Medio |
30 | File | xxxxxxxxxx/xxxxxxx.xxxx | predictive | Alto |
31 | File | xxxxxx.xxx | predictive | Medio |
32 | File | xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx | predictive | Alto |
33 | File | x_xxxxxx | predictive | Medio |
34 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Alto |
35 | File | xxxxxxx_xxxxx.xxx | predictive | Alto |
36 | File | xxxxxxxx.xxx | predictive | Medio |
37 | File | xxxxxxxxxxx.xxx | predictive | Alto |
38 | File | xxxxxxxx.xxx | predictive | Medio |
39 | File | xxxxx.xxx | predictive | Medio |
40 | File | xxxxxxxxxxxx.xxx | predictive | Alto |
41 | File | xxxx_xxxxxxxx.xxx | predictive | Alto |
42 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | Alto |
43 | File | xxxx.xxx | predictive | Medio |
44 | File | xxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxx | predictive | Alto |
45 | File | xxxxxxxxxxx.x | predictive | Alto |
46 | File | xxx_xxxxxxxxxxx.xxx | predictive | Alto |
47 | File | xxxx.xxx | predictive | Medio |
48 | File | xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | Alto |
49 | File | xxxxxxxxx.xxx | predictive | Alto |
50 | File | xxx/xxxxxx.xxx | predictive | Alto |
51 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | Alto |
52 | File | xxxxx.xxx | predictive | Medio |
53 | File | xxxxx.xxx | predictive | Medio |
54 | File | xxxxx.xxx/xxxxxxx/xxxxx | predictive | Alto |
55 | File | xxxxx.xxx?xx=xxxxxxxxxx&xxxx | predictive | Alto |
56 | File | xxxxx.xx | predictive | Medio |
57 | File | xxxxxxx.x | predictive | Medio |
58 | File | xxxxxxx.xxx | predictive | Medio |
59 | File | xxxxxxxxxxx-xxxxxxx-xxxx.xxxx.xxx | predictive | Alto |
60 | File | xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx | predictive | Alto |
61 | File | xxxx.xxx | predictive | Medio |
62 | File | xxxxxxxxx/xxxxxx.xxx.xxx | predictive | Alto |
63 | File | xxxx.xxx | predictive | Medio |
64 | File | xxx.xxx | predictive | Bajo |
65 | File | xxxxx-xxxx-xxxx.xxx | predictive | Alto |
66 | File | xxxxx.xxx | predictive | Medio |
67 | File | xxxxxxx.xxx | predictive | Medio |
68 | File | xxx_xxxxx_xxxx.x | predictive | Alto |
69 | File | xxx_xxxx_xxx_xxxxxxxxxx.x | predictive | Alto |
70 | File | xxx_xxxx.xxx | predictive | Medio |
71 | File | xxxx_xxxxxxx.xxx | predictive | Alto |
72 | File | xxxxxxx.xxx | predictive | Medio |
73 | File | xxxxx_xxx.xxx | predictive | Alto |
74 | File | xxxxx.xxx | predictive | Medio |
75 | File | xxxxxxx_xxxxxxx_xxxx.xxx | predictive | Alto |
76 | File | xxx_xxxxxx.xxxx | predictive | Alto |
77 | File | xxxxx.xxx | predictive | Medio |
78 | File | xxxxxxxx.xxx | predictive | Medio |
79 | File | xxxxxxxxxx.xxx | predictive | Alto |
80 | File | xxxxxxxx.xxxx | predictive | Alto |
81 | File | xxxxxxxx.xxx | predictive | Medio |
82 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | Alto |
83 | File | xxxxxxxx_xxxxxx.xxx | predictive | Alto |
84 | File | xxxxxxx.xxx | predictive | Medio |
85 | File | xxxxxxx/xxxxxxxxxx.xxx | predictive | Alto |
86 | File | xxxxxxx/xxxxxxxxxxxxx.xxxx | predictive | Alto |
87 | File | xxxxxxxxxxxxxxx.xxx | predictive | Alto |
88 | File | xxxxxx.xx | predictive | Medio |
89 | File | xxxxxx.xx | predictive | Medio |
90 | File | xxxxxx_xxxxxxx.xxx | predictive | Alto |
91 | File | xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx | predictive | Alto |
92 | File | xxxx.xxx | predictive | Medio |
93 | File | xxxx.xx | predictive | Bajo |
94 | File | xxxxxxxx_xxxx.xxx | predictive | Alto |
95 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | Alto |
96 | File | xxxxxxx/xxxxxxxx.xxx | predictive | Alto |
97 | File | xxxxx.xxx | predictive | Medio |
98 | File | xxxxx.xxx | predictive | Medio |
99 | File | xxxxxx.xxx | predictive | Medio |
100 | File | xxxxxxxx.xxxxx.xxx | predictive | Alto |
101 | File | xxxxxx-xxxxxx.xxx | predictive | Alto |
102 | File | xxxx-xxxxxxxx.xxx | predictive | Alto |
103 | File | xxxxx_xxxxxx.xxx | predictive | Alto |
104 | File | xxxxx.x | predictive | Bajo |
105 | File | xxx-xxx/ | predictive | Medio |
106 | File | xxxxxxx/xxx/xxxxxxx | predictive | Alto |
107 | File | xxxxxx.xxx | predictive | Medio |
108 | File | xx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxx | predictive | Alto |
109 | File | xx-xxxx.xxx | predictive | Medio |
110 | File | xx-xxxxxxxxx.xxx | predictive | Alto |
111 | File | xxxx.xx | predictive | Bajo |
112 | File | ~/xxx/xxxx-xxxxxxxxx.xxx | predictive | Alto |
113 | File | ~/xxx-xxx-xxxx.xxx | predictive | Alto |
114 | Library | xxxxxxxx.xxx | predictive | Medio |
115 | Library | xxxxxx.xxxxx.xxxxxxx | predictive | Alto |
116 | Argument | *xxxx | predictive | Bajo |
117 | Argument | xx_xxxx_xxxx | predictive | Medio |
118 | Argument | xxxxxxx | predictive | Bajo |
119 | Argument | xx | predictive | Bajo |
120 | Argument | xxxxxxxxx | predictive | Medio |
121 | Argument | xxxxxxxxxxxx | predictive | Medio |
122 | Argument | xxxxxx | predictive | Bajo |
123 | Argument | xxxxxx | predictive | Bajo |
124 | Argument | xxxxxxxx | predictive | Medio |
125 | Argument | xxxxxxxx | predictive | Medio |
126 | Argument | xxxxxxxx | predictive | Medio |
127 | Argument | xxx | predictive | Bajo |
128 | Argument | xxx_xx | predictive | Bajo |
129 | Argument | xxx | predictive | Bajo |
130 | Argument | xxx/xxxxx_xxxx/xxxxxx_xxxx/xxxxxxx_x/xxxxxxx | predictive | Alto |
131 | Argument | xxxxxx_xx | predictive | Medio |
132 | Argument | xxxxxx | predictive | Bajo |
133 | Argument | xxxxxxx_xxxxx | predictive | Alto |
134 | Argument | xxxxxxx/xxxx/xxxxx_xxxxx_xx | predictive | Alto |
135 | Argument | x[xxxxx] | predictive | Medio |
136 | Argument | xxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxx | predictive | Alto |
137 | Argument | xxxx | predictive | Bajo |
138 | Argument | xxx | predictive | Bajo |
139 | Argument | xxxxxxx | predictive | Bajo |
140 | Argument | xxxxxxxxxx | predictive | Medio |
141 | Argument | xxxxxxx | predictive | Bajo |
142 | Argument | xx_xxxx/xxxxx/xxx | predictive | Alto |
143 | Argument | xxxxxxxxx->xxxxxxxxx | predictive | Alto |
144 | Argument | xxxxxxxx | predictive | Medio |
145 | Argument | xxxxxxx=xxxxxxxx | predictive | Alto |
146 | Argument | xx_xxxxx | predictive | Medio |
147 | Argument | xxxx | predictive | Bajo |
148 | Argument | xxxxxxxx | predictive | Medio |
149 | Argument | xxxxxxxx | predictive | Medio |
150 | Argument | xxxx_xxxxxx | predictive | Medio |
151 | Argument | xxxxxx_xxxxx_xxx | predictive | Alto |
152 | Argument | xxxxxxxxxx | predictive | Medio |
153 | Argument | xxxx | predictive | Bajo |
154 | Argument | xxxx/xxxxxxx/xxxxxxx | predictive | Alto |
155 | Argument | xxxx_xx | predictive | Bajo |
156 | Argument | xxxx_xxxxx | predictive | Medio |
157 | Argument | xxxx | predictive | Bajo |
158 | Argument | xx | predictive | Bajo |
159 | Argument | xx_xxxxx | predictive | Medio |
160 | Argument | xxxxxx | predictive | Bajo |
161 | Argument | xxxxxxx | predictive | Bajo |
162 | Argument | xxxxx | predictive | Bajo |
163 | Argument | xxxxxxxx | predictive | Medio |
164 | Argument | xxxxx | predictive | Bajo |
165 | Argument | xxxxxxxxxxx | predictive | Medio |
166 | Argument | xxxx-xxx-xxxxxxxxx | predictive | Alto |
167 | Argument | xxxxxxx/xxxxxxxxx | predictive | Alto |
168 | Argument | xxxxx_xx | predictive | Medio |
169 | Argument | xxxx | predictive | Bajo |
170 | Argument | xxxx_xxxxx | predictive | Medio |
171 | Argument | xxxxxxx_xxx | predictive | Medio |
172 | Argument | xxxxxxxx | predictive | Medio |
173 | Argument | xx_xxxx | predictive | Bajo |
174 | Argument | xxxxxxxxxxxxxxxxxxx | predictive | Alto |
175 | Argument | xxxxxxxxx | predictive | Medio |
176 | Argument | xxxxxxxx_xx | predictive | Medio |
177 | Argument | xxxxxxx_xxxx | predictive | Medio |
178 | Argument | xxxxxxx xxxxx | predictive | Alto |
179 | Argument | xxxxxxxxxxxxxxxx | predictive | Alto |
180 | Argument | xxxxxx | predictive | Bajo |
181 | Argument | xxxxxx | predictive | Bajo |
182 | Argument | xxxxxx | predictive | Bajo |
183 | Argument | xxxxxx_xxx | predictive | Medio |
184 | Argument | xxx | predictive | Bajo |
185 | Argument | xxxxxx | predictive | Bajo |
186 | Argument | xxx | predictive | Bajo |
187 | Argument | xxxxxxxx | predictive | Medio |
188 | Argument | xxxxx/xxx | predictive | Medio |
189 | Argument | xxxxxx | predictive | Bajo |
190 | Argument | xxxxxxx | predictive | Bajo |
191 | Argument | xx_xx | predictive | Bajo |
192 | Argument | xxxxx | predictive | Bajo |
193 | Argument | xxxxxxxxxxx/xxxxxxxxxxx | predictive | Alto |
194 | Argument | xxxxx | predictive | Bajo |
195 | Argument | xxxxxx | predictive | Bajo |
196 | Argument | xxx | predictive | Bajo |
197 | Argument | xxx | predictive | Bajo |
198 | Argument | xxxxxxxx | predictive | Medio |
199 | Argument | xx | predictive | Bajo |
200 | Argument | xxx | predictive | Bajo |
201 | Argument | xxxxxx | predictive | Bajo |
202 | Argument | _xxxxxx[xxxxxxxx_xxxx] | predictive | Alto |
203 | Input Value | /xxxxxx/..%xx | predictive | Alto |
204 | Input Value | xxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx] | predictive | Alto |
205 | Pattern | __xxxxxxxxx= | predictive | Medio |
206 | Pattern | |xx| | predictive | Bajo |
207 | Network Port | xxxx | predictive | Bajo |
208 | Network Port | xxx xxxxxx xxxx | predictive | Alto |
Referencias (32)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/jeFF0Falltrades/IoCs/blob/master/APT/poshc2_apt_33.md
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/PoshC2
- https://search.censys.io/hosts/3.253.77.60
- https://search.censys.io/hosts/13.48.77.144
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.x.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxxx?xxxxxxxx=xxxxx&xxxx=xxxxxxxxx&xxx_xxxx=xx&xxxxxxx_xxxxx=xxxxxxx&x=xxxxxxxx.xxxxxxxx.xxxxxxx%xx+xxxxxx+xxx+xxx+xxxxxx%xx+xxxxxx
- xxxxx://xxxxxxxxx.xxxxx.xx
- xxxxx://xxxxxxx.xxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxx.xxx.xx.xx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxx.xxxx
- xxxxx://xxx.xxx.xx.xx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxx.xxxx
- xxxxx://x.xxx/xxx_xx/xxxxxx/xxxxxxxxxxxxxxxxxxx?x=xx