PoshC2 Analyse
IOB - Indicator of Behavior (509)
Activités
Intérêt
Vulnérabilités
Campagnes (1)
These are the campaigns that can be associated with the actor:
- PoshC2
IOC - Indicator of Compromise (37)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (17)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (114)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Classe | Indicator | Taper | Confiance |
---|---|---|---|---|
1 | File | /admin/config/uploadicon.php | predictive | Élevé |
2 | File | /admin/del_feedback.php | predictive | Élevé |
3 | File | /cms/category/list | predictive | Élevé |
4 | File | /inquiries/view_inquiry.php | predictive | Élevé |
5 | File | /Login | predictive | Faible |
6 | File | /product/savenewproduct.php?flag=1 | predictive | Élevé |
7 | File | /search | predictive | Faible |
8 | File | /start_apply.htm | predictive | Élevé |
9 | File | /sysmanage/updatelib.php | predictive | Élevé |
10 | File | /thruk/#cgi-bin/extinfo.cgi?type=2 | predictive | Élevé |
11 | File | /var/log/nginx | predictive | Élevé |
12 | File | booking.php | predictive | Moyen |
13 | File | browse-category.php | predictive | Élevé |
14 | File | BSW_cxttongr.htm | predictive | Élevé |
15 | File | cat.asp | predictive | Faible |
16 | File | xxxxxxxx.xxx | predictive | Moyen |
17 | File | xxxxxxxxxx/xxxxxxx.xxxx | predictive | Élevé |
18 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Élevé |
19 | File | xxxxxxxx.xxx | predictive | Moyen |
20 | File | xxxxxxxxxxx.xxx | predictive | Élevé |
21 | File | xxxxxxxx.xxx | predictive | Moyen |
22 | File | xxxxx.xxx | predictive | Moyen |
23 | File | xxxxxxxxxxxx.xxx | predictive | Élevé |
24 | File | xxxx.xxx | predictive | Moyen |
25 | File | xxx_xxxxxxxxxxx.xxx | predictive | Élevé |
26 | File | xxxx.xxx | predictive | Moyen |
27 | File | xxx/xxxxxx.xxx | predictive | Élevé |
28 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | Élevé |
29 | File | xxxxx.xxx | predictive | Moyen |
30 | File | xxxxx.xxx | predictive | Moyen |
31 | File | xxxxx.xxx?xx=xxxxxxxxxx&xxxx | predictive | Élevé |
32 | File | xxxxxxx.x | predictive | Moyen |
33 | File | xxxxxxxxxxx-xxxxxxx-xxxx.xxxx.xxx | predictive | Élevé |
34 | File | xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx | predictive | Élevé |
35 | File | xxxx.xxx | predictive | Moyen |
36 | File | xxxxx.xxx | predictive | Moyen |
37 | File | xxxxxxx.xxx | predictive | Moyen |
38 | File | xxx_xxxx_xxx_xxxxxxxxxx.x | predictive | Élevé |
39 | File | xxx_xxxx.xxx | predictive | Moyen |
40 | File | xxxx_xxxxxxx.xxx | predictive | Élevé |
41 | File | xxxxx_xxx.xxx | predictive | Élevé |
42 | File | xxxxx.xxx | predictive | Moyen |
43 | File | xxxxx.xxx | predictive | Moyen |
44 | File | xxxxxxxxxx.xxx | predictive | Élevé |
45 | File | xxxxxxxx.xxxx | predictive | Élevé |
46 | File | xxxxxxxx.xxx | predictive | Moyen |
47 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | Élevé |
48 | File | xxxxxxxx_xxxxxx.xxx | predictive | Élevé |
49 | File | xxxxxxx/xxxxxxxxxx.xxx | predictive | Élevé |
50 | File | xxxxxx.xx | predictive | Moyen |
51 | File | xxxxxxx/xxxxxxxx.xxx | predictive | Élevé |
52 | File | xxxxx.xxx | predictive | Moyen |
53 | File | xxxxxx.xxx | predictive | Moyen |
54 | File | xxxxxx-xxxxxx.xxx | predictive | Élevé |
55 | File | xxxx-xxxxxxxx.xxx | predictive | Élevé |
56 | File | xxxxx_xxxxxx.xxx | predictive | Élevé |
57 | File | xxxxxx.xxx | predictive | Moyen |
58 | File | xx-xxxxx/xxxxx-xxx.xxx?xxxxxxx-xxxxxxxx | predictive | Élevé |
59 | File | xxxx.xx | predictive | Faible |
60 | File | ~/xxx/xxxx-xxxxxxxxx.xxx | predictive | Élevé |
61 | File | ~/xxx-xxx-xxxx.xxx | predictive | Élevé |
62 | Library | xxxxxxxx.xxx | predictive | Moyen |
63 | Library | xxxxxx.xxxxx.xxxxxxx | predictive | Élevé |
64 | Argument | xx_xxxx_xxxx | predictive | Moyen |
65 | Argument | xxxxxxx | predictive | Faible |
66 | Argument | xxxxxxxxx | predictive | Moyen |
67 | Argument | xxxxxx | predictive | Faible |
68 | Argument | xxxxxxxx | predictive | Moyen |
69 | Argument | xxx | predictive | Faible |
70 | Argument | xxx | predictive | Faible |
71 | Argument | xxx/xxxxx_xxxx/xxxxxx_xxxx/xxxxxxx_x/xxxxxxx | predictive | Élevé |
72 | Argument | xxxxxxx_xxxxx | predictive | Élevé |
73 | Argument | xxxxxxx/xxxx/xxxxx_xxxxx_xx | predictive | Élevé |
74 | Argument | x[xxxxx] | predictive | Moyen |
75 | Argument | xxxxxxx | predictive | Faible |
76 | Argument | xxxxxxxx | predictive | Moyen |
77 | Argument | xxxxxxx=xxxxxxxx | predictive | Élevé |
78 | Argument | xx_xxxxx | predictive | Moyen |
79 | Argument | xxxx | predictive | Faible |
80 | Argument | xxxxxxxx | predictive | Moyen |
81 | Argument | xxxx_xxxxxx | predictive | Moyen |
82 | Argument | xxxxxxxxxx | predictive | Moyen |
83 | Argument | xxxx/xxxxxxx/xxxxxxx | predictive | Élevé |
84 | Argument | xxxx_xx | predictive | Faible |
85 | Argument | xxxx | predictive | Faible |
86 | Argument | xx | predictive | Faible |
87 | Argument | xx_xxxxx | predictive | Moyen |
88 | Argument | xxxxx | predictive | Faible |
89 | Argument | xxxxxxxx | predictive | Moyen |
90 | Argument | xxxxx | predictive | Faible |
91 | Argument | xxxxxxxxxxx | predictive | Moyen |
92 | Argument | xxxx-xxx-xxxxxxxxx | predictive | Élevé |
93 | Argument | xxxxx_xx | predictive | Moyen |
94 | Argument | xxxx | predictive | Faible |
95 | Argument | xxxx_xxxxx | predictive | Moyen |
96 | Argument | xxxxxxx_xxx | predictive | Moyen |
97 | Argument | xxxxxxxx | predictive | Moyen |
98 | Argument | xx_xxxx | predictive | Faible |
99 | Argument | xxxxxxx_xxxx | predictive | Moyen |
100 | Argument | xxxxxx | predictive | Faible |
101 | Argument | xxx | predictive | Faible |
102 | Argument | xxx | predictive | Faible |
103 | Argument | xxxxxxxx | predictive | Moyen |
104 | Argument | xxxxx/xxx | predictive | Moyen |
105 | Argument | xxxxxx | predictive | Faible |
106 | Argument | xxxxxxx | predictive | Faible |
107 | Argument | xxxxx | predictive | Faible |
108 | Argument | xxxxx | predictive | Faible |
109 | Argument | xxxxxx | predictive | Faible |
110 | Argument | xxx | predictive | Faible |
111 | Argument | xxx | predictive | Faible |
112 | Argument | xxxxxxxx | predictive | Moyen |
113 | Argument | xxx | predictive | Faible |
114 | Pattern | |xx| | predictive | Faible |
Références (30)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/jeFF0Falltrades/IoCs/blob/master/APT/poshc2_apt_33.md
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/PoshC2
- https://search.censys.io/hosts/3.253.77.60
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.x.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxxx?xxxxxxxx=xxxxx&xxxx=xxxxxxxxx&xxx_xxxx=xx&xxxxxxx_xxxxx=xxxxxxx&x=xxxxxxxx.xxxxxxxx.xxxxxxx%xx+xxxxxx+xxx+xxx+xxxxxx%xx+xxxxxx
- xxxxx://xxxxxxxxx.xxxxx.xx
- xxxxx://xxxxxxx.xxx/xxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxx.xxx.xx.xx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxx.xxxx
- xxxxx://xxx.xxx.xx.xx/xxxxxxxx/xxxxxx/xxxxxxxx_xxxxxx.xxxx
- xxxxx://x.xxx/xxx_xx/xxxxxx/xxxxxxxxxxxxxxxxxxx?x=xx