Gh0stRAT 解析
IOB - Indicator of Behavior (1000)
アクティビティ
関心
脆弱性
IOC - Indicator of Compromise (331)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (22)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (166)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | クラス | Indicator | タイプ | 信頼度 |
---|---|---|---|---|
1 | File | /admin.php?p=/Area/index#tab=t2 | predictive | 高 |
2 | File | /cgi-bin/nas_sharing.cgi | predictive | 高 |
3 | File | /forum/away.php | predictive | 高 |
4 | File | /gateway/services/EdgeServiceImpl | predictive | 高 |
5 | File | /install/ | predictive | 中 |
6 | File | /manage/IPSetup.php | predictive | 高 |
7 | File | /module/comment/save | predictive | 高 |
8 | File | /ndmComponents.js | predictive | 高 |
9 | File | /root | predictive | 低 |
10 | File | /scripts/unlock_tasks.php | predictive | 高 |
11 | File | /src/c-blosc2/plugins/codecs/ndlz/ndlz4x4.c | predictive | 高 |
12 | File | /staff/bookdetails.php | predictive | 高 |
13 | File | /student/bookdetails.php | predictive | 高 |
14 | File | /upload/localhost | predictive | 高 |
15 | File | /user/edit?id=2 | predictive | 高 |
16 | File | /wp-admin/admin-ajax.php | predictive | 高 |
17 | File | account/login.php | predictive | 高 |
18 | File | ActiveMQConnection.java | predictive | 高 |
19 | File | xxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | 高 |
20 | File | xxxxx.xxx | predictive | 中 |
21 | File | xxxxx/xxx/xxxxxxxxxxxx | predictive | 高 |
22 | File | xxxxx/xxxxxx.xxx | predictive | 高 |
23 | File | xxxxx/xxxxxxxx/xxxxxxxxxxxx?xx=xx | predictive | 高 |
24 | File | xxxxx/_xxxxxxx.xxx | predictive | 高 |
25 | File | xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx | predictive | 高 |
26 | File | xxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxx | predictive | 高 |
27 | File | xxxxxxxx.xxx | predictive | 中 |
28 | File | xxx.xxx/xxx/xxxxxx | predictive | 高 |
29 | File | xxx/xxxxxx/xxxxxxxxxx.xxx | predictive | 高 |
30 | File | xxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx_xxxxxxx.xxxxx.xxx | predictive | 高 |
31 | File | xxx/xxxxxxx.x | predictive | 高 |
32 | File | xxxxx/xxx_xxxx.x | predictive | 高 |
33 | File | xxxxxxx.xx | predictive | 中 |
34 | File | xxxxxxxxxxxxxxxxxx.xxxx | predictive | 高 |
35 | File | xxxxxx/xxxxxx/ | predictive | 高 |
36 | File | xxxxxxxxx-xxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxx | predictive | 高 |
37 | File | xxx_xx_xxx.xx | predictive | 高 |
38 | File | xxx_xxxxxxxxx.xxx | predictive | 高 |
39 | File | xxxxxxxxxx.x | predictive | 中 |
40 | File | xxx-xxxx.xxx | predictive | 中 |
41 | File | xxx-xxx/xxxx/xxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx | predictive | 高 |
42 | File | xxx.xxxxxxxx.xxxxxxx.xxx.xxx.xxxxxxxxxxxxx | predictive | 高 |
43 | File | xxxxxxxxxx/xxx.xx | predictive | 高 |
44 | File | xxxxxx.xxx | predictive | 中 |
45 | File | xxxxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxx | predictive | 高 |
46 | File | xxxxxx_x_x.xxx | predictive | 高 |
47 | File | xxxxxxxxx_xxx_xxxxxx_xxx/ | predictive | 高 |
48 | File | xxxxxxx.xxx | predictive | 中 |
49 | File | xxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxx/xxxx.x | predictive | 高 |
50 | File | xxxxxxx/xx/xxxxxxxx.x | predictive | 高 |
51 | File | xxxxxxx/xxxx/xxxxxxx/xxxxxxxx.x | predictive | 高 |
52 | File | xxx.x | predictive | 低 |
53 | File | xxx_xxx.x | predictive | 中 |
54 | File | xxxxxxx/xxxxxxxx.xxx | predictive | 高 |
55 | File | xxxxxxxx_xxx.x | predictive | 高 |
56 | File | xxxxxx.xxx | predictive | 中 |
57 | File | xxxxxxxxxxxxxxxxx.xxxx | predictive | 高 |
58 | File | xxxxxxxx.xx | predictive | 中 |
59 | File | xxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | 高 |
60 | File | xxxxxxxx.xx | predictive | 中 |
61 | File | xxxxxx_xxxx_xxxxxx.xxx | predictive | 高 |
62 | File | xxxxxx/xxxx/xxxxxx.xxx | predictive | 高 |
63 | File | xxxxxxxxxxxxx.xxx | predictive | 高 |
64 | File | xxxxxxxx/xxxx.xxx | predictive | 高 |
65 | File | xxxxxxxx/xxxxx-xxx-xxxxxx.xxx | predictive | 高 |
66 | File | xxxxx.xxxx | predictive | 中 |
67 | File | xxxxx.xxx | predictive | 中 |
68 | File | xxxxxxx.xxx | predictive | 中 |
69 | File | xxxxxxxx/xxxxx_xxxxxx.xxx | predictive | 高 |
70 | File | xxxxxxxxxxx.xx | predictive | 高 |
71 | File | xxx.x | predictive | 低 |
72 | File | xxxx.x | predictive | 低 |
73 | File | xxxxxxxxxx/xxxxxxxxxxxxx.x | predictive | 高 |
74 | File | xxxxxxx/xxxxx.x | predictive | 高 |
75 | File | xxxxxxx/xxxx.x | predictive | 高 |
76 | File | xxxx.x | predictive | 低 |
77 | File | xxxxx_xxxxxx.x | predictive | 高 |
78 | File | xxxxxxxx.xxx | predictive | 中 |
79 | File | xx_xxxxxx.xxx | predictive | 高 |
80 | File | xxxxxxxxxxxxxxxx.xxx | predictive | 高 |
81 | File | xxx/xxxxxxxxxx/xxxxxx.x | predictive | 高 |
82 | File | xxxx_xxxx.xxx | predictive | 高 |
83 | File | xxxxx/xxxx-xxxxx.xxx | predictive | 高 |
84 | File | xxxxxxxx.xxx | predictive | 中 |
85 | File | xxxx.xxx | predictive | 中 |
86 | File | xxxxxxxx_xxx.xxx | predictive | 高 |
87 | File | xx-xxxxx/xxxxx.xxx?xxx=xxxx&xxx=xxxxxx | predictive | 高 |
88 | File | xxxxxxxxxx.xxx | predictive | 高 |
89 | File | x/xxxxx/xxxxxxx/xxxx/xxx | predictive | 高 |
90 | File | xxxxxxx/xxxxxxxxxx | predictive | 高 |
91 | File | xxxxxxx.xxx | predictive | 中 |
92 | File | xxxxxxxxxxxxxxxxxxx.xxxx | predictive | 高 |
93 | File | xxxxxxxxxx.x | predictive | 中 |
94 | File | xxxxxx.xx | predictive | 中 |
95 | File | xxxxxxxxxxxx/xxxxx.xx | predictive | 高 |
96 | File | xxxx-xxxxxxxx.xxx | predictive | 高 |
97 | File | xxxxx/xxxx_xxxx.x | predictive | 高 |
98 | File | xx/x.x.xx.xxxxxx/xxxxxxx/xx/xxxxx.xx.xxxxxxxxx | predictive | 高 |
99 | File | xxxx/xxxx.xxx | predictive | 高 |
100 | File | xxxxxxxx/xxxxxxxx | predictive | 高 |
101 | File | xxx_xxxxxx.x | predictive | 中 |
102 | File | xxxxxxxxxx | predictive | 中 |
103 | File | xxxxxxxxxxx.xxx | predictive | 高 |
104 | File | xx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxxx_xxxx_xxxxxxx | predictive | 高 |
105 | File | xx-xxxxxxxxxxx.xxx | predictive | 高 |
106 | Library | xxxxxxxxx.xxx | predictive | 高 |
107 | Library | xxxxxxx_xxxxx_xxxxxx | predictive | 高 |
108 | Library | xxxxx.xxx | predictive | 中 |
109 | Library | xxxxxx/xxxx/xxxxxx/xxxxx.x | predictive | 高 |
110 | Library | xxxxxxx.x | predictive | 中 |
111 | Library | xxxxx.xxx | predictive | 中 |
112 | Library | xxxxx.xxx | predictive | 中 |
113 | Argument | xxxxxxxxxxx | predictive | 中 |
114 | Argument | xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxx/xxxxx/xxxxx_xxxxxxx | predictive | 高 |
115 | Argument | xxxxx | predictive | 低 |
116 | Argument | xxxx | predictive | 低 |
117 | Argument | xxxxxxx/xxxxxxxx | predictive | 高 |
118 | Argument | xxxxxx | predictive | 低 |
119 | Argument | xxxxxxx/xxxx | predictive | 中 |
120 | Argument | xxxxxxxx | predictive | 中 |
121 | Argument | xxxxx | predictive | 低 |
122 | Argument | xxxxxx | predictive | 低 |
123 | Argument | xxxxx | predictive | 低 |
124 | Argument | xxxxx_xxxx | predictive | 中 |
125 | Argument | xxxxxx[xxxxxxxxxxxxxx] | predictive | 高 |
126 | Argument | xx | predictive | 低 |
127 | Argument | xx | predictive | 低 |
128 | Argument | xxxxxx | predictive | 低 |
129 | Argument | xxxxxxxxx/xxxxx | predictive | 高 |
130 | Argument | xxxx | predictive | 低 |
131 | Argument | xxxx | predictive | 低 |
132 | Argument | xxxxxxx | predictive | 低 |
133 | Argument | xxx | predictive | 低 |
134 | Argument | xxxx | predictive | 低 |
135 | Argument | xxxx_xx | predictive | 低 |
136 | Argument | xxxxxxxx | predictive | 中 |
137 | Argument | xxx | predictive | 低 |
138 | Argument | xxxxxxxxxx/xxxxxxxxxxxx | predictive | 高 |
139 | Argument | xxxxx | predictive | 低 |
140 | Argument | xxxxxxxx | predictive | 中 |
141 | Argument | xxxxxxxx | predictive | 中 |
142 | Argument | xxx_xxxxxxxx | predictive | 中 |
143 | Argument | xxxx_xx | predictive | 低 |
144 | Argument | xxxxxxxxxxxxxxxx | predictive | 高 |
145 | Argument | xxxxxxxx_xx | predictive | 中 |
146 | Argument | xxxxxxxxxxxxxxxxxxx | predictive | 高 |
147 | Argument | xxxxxxxxxxxxxxx | predictive | 高 |
148 | Argument | xxxxxxxx/xxxxxxxxxxxxx | predictive | 高 |
149 | Argument | xxx | predictive | 低 |
150 | Argument | xxxx | predictive | 低 |
151 | Argument | xxxxxx-xxx | predictive | 中 |
152 | Argument | xxxxxx | predictive | 低 |
153 | Argument | xxxxxx xxxxx/xxxxxx xxxx | predictive | 高 |
154 | Argument | xxxxxxxxx | predictive | 中 |
155 | Argument | xxxxxxxxxx | predictive | 中 |
156 | Argument | xxx | predictive | 低 |
157 | Input Value | x%xx"()%xx%xx<xxx><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx> | predictive | 高 |
158 | Input Value | <?xxx | predictive | 低 |
159 | Input Value | <xxxxxx>xxxxx('xxx')</xxxxxx> | predictive | 高 |
160 | Input Value | xxxx@xx | predictive | 低 |
161 | Input Value | xxxxxxxxxx&#x;:xxxxx | predictive | 高 |
162 | Input Value | xxxx=xxx-xxxxxxxx-xxxxxxx | predictive | 高 |
163 | Network Port | xxxx | predictive | 低 |
164 | Network Port | xxx/xx (xxx) | predictive | 中 |
165 | Network Port | xxx/xxx | predictive | 低 |
166 | Network Port | xxx/xxxxx | predictive | 中 |
参考 (46)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
- https://blog.talosintelligence.com/2019/06/threat-roundup-0621-0628.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxx/xx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxx
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxx.xxxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxxxx-xxxx-xxxx/
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxxxxx
- xxxxx://xxx.xxxxxxxxxx.xxx/xxxxx/xxxx-xxxxxxxx/xxx-xxx-xxxx-xx-x-xxxxxxxx-xxxxxxx