GhostSecret Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Chronologie

Langue

en152

De campagne

us120
gb30
in2

Acteurs

HopLight1

Activités

Intérêt

Chronologie

Taper

Not Defined48
Operating System30
Web Server6
Web Browser6
Virtualization Software4

Fournisseur

Not Defined46
Microsoft16
Linux10
Apple6
Apache4

Produit

Microsoft Windows14
Linux Kernel10
Apple macOS6
RenderDoc4
Google Chrome4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Node.js Module._load elévation de privilèges7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000910.04CVE-2023-32002
2Rarlab WinRar Recovery Volume buffer overflow6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.05CVE-2023-40477
3Cisco AnyConnect Secure Mobility Client elévation de privilèges7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000600.02CVE-2023-20178
4curl POST buffer overflow8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.03CVE-2023-28322
5nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002415.59CVE-2020-12440
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
7Atlassian JIRA Server/Data Center Access Control elévation de privilèges5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.00CVE-2019-20106
8Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.7$25k-$100k$5k-$25kFunctionalOfficial Fix0.006830.02CVE-2023-21674
9SciPy Py_FindObjects buffer overflow7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2023-29824
10Microsoft Windows Routing/Remote Access Service Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.051800.04CVE-2023-35365
11RenderDoc buffer overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002720.00CVE-2023-33863
12Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.073440.00CVE-2023-28231
13IBM InfoSphere DataStage elévation de privilèges5.95.9$25k-$100k$0-$5kNot DefinedNot Defined0.000420.00CVE-2015-1900
14Apache HTTP Server mod_reqtimeout dénie de service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.05CVE-2007-6750
15Atlassian Companion App Websocket Remote Code Execution9.49.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002120.02CVE-2023-22524
16OpenVPN Connect Node.js Framework Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-7245
17Apple Safari elévation de privilèges8.07.9$5k-$25k$5k-$25kHighOfficial Fix0.001610.00CVE-2023-41993
18texlive-bin TTF File ttfLoadHDMX:ttfdump buffer overflow3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-25262
19Linux Kernel membarrier sys_membarrier dénie de service5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2024-26602
20libuv getaddrinfo.c uv_getaddrinfo elévation de privilèges7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001110.03CVE-2024-24806

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
114.140.116.17214-140-116-172-sapient.comGhostSecret30/04/2018verifiedÉlevé
2XXX.XXX.XXX.XXXxxxxxxxxxx30/04/2018verifiedÉlevé
3XXX.XXX.XXX.XXXXxxxxxxxxxx30/04/2018verifiedÉlevé

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/bookings/view_details.phppredictiveÉlevé
2File/modules/announcement/index.php?view=editpredictiveÉlevé
3File/uncpath/predictiveMoyen
4Fileash.cpredictiveFaible
5Filexxxx/xxxxxxx/xxxxxxxxpredictiveÉlevé
6Filexxxxxxxxx/xxxxxxxxx.xpredictiveÉlevé
7Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxx/xxx_xxxx.xpredictiveÉlevé
8Filexxxxxxx/xxxx/xxxxxx/xxx.xpredictiveÉlevé
9Filexxxxxxxxxx.xxxxxxx.xxpredictiveÉlevé
10Filexxxxxxx.xpredictiveMoyen
11Filexxxx_xxxxx.xpredictiveMoyen
12Filexxx_xxxxxxxx.xpredictiveÉlevé
13Filexxx/xxxxxxxxx/xx_xxxxxxxxx.xpredictiveÉlevé
14Filexxxxxxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
15Filexxx/xxxx/xxxxxxxxxxx.xpredictiveÉlevé
16Filexxxxxxx.xxxpredictiveMoyen
17Filexxxx-xxxpredictiveMoyen
18Filexxx/xxxxxxx.xxxpredictiveÉlevé
19Libraryxxx.xxxpredictiveFaible
20Libraryxxx/xxxxxxxxxxxxxxx.xxpredictiveÉlevé
21ArgumentxxxxxxxxxpredictiveMoyen
22ArgumentxxxxxxxxxxxpredictiveMoyen
23Argumentxxxxxxxx_xxx_xx_xxxxpredictiveÉlevé
24ArgumentxxxxxxxxxxxpredictiveMoyen
25Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveÉlevé
26ArgumentxxpredictiveFaible
27ArgumentxxxxxxxxxpredictiveMoyen
28ArgumentxxxxpredictiveFaible
29Argumentxxxxxxx xxxxxpredictiveÉlevé
30ArgumentxxxxxpredictiveFaible
31Input Value[]-x.xx-xxxxxxxxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!