GhostSecret Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Curso de tempo

Idioma

en152

País

us132
gb16
in2

Actores

HopLight1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined48
Operating System28
Web Browser8
Web Server6
Solution Stack Software4

Fabricante

Not Defined48
Microsoft18
SAP6
Linux6
Google6

Produto

Microsoft Windows16
Linux Kernel6
Google Chrome6
RenderDoc4
Apple macOS4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Node.js Module._load direitos alargados7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000910.04CVE-2023-32002
2Rarlab WinRar Recovery Volume Excesso de tampão6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.05CVE-2023-40477
3Cisco AnyConnect Secure Mobility Client direitos alargados7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000600.02CVE-2023-20178
4curl POST Excesso de tampão8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.03CVE-2023-28322
5nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.21CVE-2020-12440
6Microsoft IIS Roteiro Cruzado de Sítios5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.13CVE-2017-0055
7Atlassian JIRA Server/Data Center Access Control direitos alargados5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.00CVE-2019-20106
8Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.7$25k-$100k$5k-$25kFunctionalOfficial Fix0.006830.02CVE-2023-21674
9SciPy Py_FindObjects Excesso de tampão7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2023-29824
10Microsoft Windows Routing/Remote Access Service Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.051800.04CVE-2023-35365
11RenderDoc Excesso de tampão8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002720.00CVE-2023-33863
12Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.073440.00CVE-2023-28231
13IBM InfoSphere DataStage direitos alargados5.95.9$25k-$100k$0-$5kNot DefinedNot Defined0.000420.00CVE-2015-1900
14Apache HTTP Server mod_reqtimeout Negação de Serviço5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.05CVE-2007-6750
15Atlassian Companion App Websocket Remote Code Execution9.49.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002120.02CVE-2023-22524
16OpenVPN Connect Node.js Framework Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-7245
17Apple Safari direitos alargados8.07.9$5k-$25k$5k-$25kHighOfficial Fix0.001610.00CVE-2023-41993
18texlive-bin TTF File ttfLoadHDMX:ttfdump Excesso de tampão3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-25262
19Linux Kernel membarrier sys_membarrier Negação de Serviço5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2024-26602
20libuv getaddrinfo.c uv_getaddrinfo direitos alargados7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001110.03CVE-2024-24806

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
114.140.116.17214-140-116-172-sapient.comGhostSecret30/04/2018verifiedAlto
2XXX.XXX.XXX.XXXxxxxxxxxxx30/04/2018verifiedAlto
3XXX.XXX.XXX.XXXXxxxxxxxxxx30/04/2018verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/admin/bookings/view_details.phppredictiveAlto
2File/modules/announcement/index.php?view=editpredictiveAlto
3File/uncpath/predictiveMédio
4Fileash.cpredictiveBaixo
5Filexxxx/xxxxxxx/xxxxxxxxpredictiveAlto
6Filexxxxxxxxx/xxxxxxxxx.xpredictiveAlto
7Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxx/xxx_xxxx.xpredictiveAlto
8Filexxxxxxx/xxxx/xxxxxx/xxx.xpredictiveAlto
9Filexxxxxxxxxx.xxxxxxx.xxpredictiveAlto
10Filexxxxxxx.xpredictiveMédio
11Filexxxx_xxxxx.xpredictiveMédio
12Filexxx_xxxxxxxx.xpredictiveAlto
13Filexxx/xxxxxxxxx/xx_xxxxxxxxx.xpredictiveAlto
14Filexxxxxxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveAlto
15Filexxx/xxxx/xxxxxxxxxxx.xpredictiveAlto
16Filexxxxxxx.xxxpredictiveMédio
17Filexxxx-xxxpredictiveMédio
18Filexxx/xxxxxxx.xxxpredictiveAlto
19Libraryxxx.xxxpredictiveBaixo
20Libraryxxx/xxxxxxxxxxxxxxx.xxpredictiveAlto
21ArgumentxxxxxxxxxpredictiveMédio
22ArgumentxxxxxxxxxxxpredictiveMédio
23Argumentxxxxxxxx_xxx_xx_xxxxpredictiveAlto
24ArgumentxxxxxxxxxxxpredictiveMédio
25Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveAlto
26ArgumentxxpredictiveBaixo
27ArgumentxxxxxxxxxpredictiveMédio
28ArgumentxxxxpredictiveBaixo
29Argumentxxxxxxx xxxxxpredictiveAlto
30ArgumentxxxxxpredictiveBaixo
31Input Value[]-x.xx-xxxxxxxxxxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!