GhostLocker 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

时间轴

语言

en24
ru4
it2
es2
de2

国家/地区

ru4
it2
es2
de2
us2

演员

Cobalt Strike1
AsyncRAT1
RedLine Stealer1
Remcos1
Nanocore RAT1

活动

利益

时间轴

类型

Not Defined24
Banking Software2
Automation Software2
WordPress Plugin2

供应商

SourceCodester8
Not Defined4
Campcodes2
lakernote2
OpenRapid2

产品

SourceCodester Inventory Management System2
Campcodes Retro Basketball Shoes Online Store2
SourceCodester Bank Management System2
lakernote EasyAdmin2
OpenRapid RapidCMS2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1SourceCodester Simple and Beautiful Shopping Cart System delete_user_query.php SQL注入7.27.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.06CVE-2023-1940
2SourceCodester Loan Management System Users Page deleteUser.php delete_user SQL注入5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.06CVE-2023-6312
3SourceCodester Clinics Patient Management System update_user.php SQL注入7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001130.00CVE-2023-1035
4Microsoft Windows cmd.exe 权限升级7.36.6$25k-$100k$0-$5kProof-of-ConceptNot Defined0.000000.05
5MantisBT Private Project wiki.php 信息公开4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.04CVE-2023-44394
6SourceCodester Purchase Order Management System GET Parameter view_details.php SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.035270.00CVE-2023-2130
7Surya2Developer Online Shopping System POST Parameter login.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-1971
8openBI Setting.php dlfile 权限升级8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000550.25CVE-2024-1115
9WordPress Press This class-wp-press-this.php 信息公开6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005270.02CVE-2017-5610
10AFFcommerce ItemReview.php SQL注入6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
11WooFramework Branding Plugin wooframework-branding.php admin_screen_logic Redirect4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.13CVE-2015-10112
12boyiddha Automated-Mess-Management-System Chat Book chat.php 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.06CVE-2024-2284
13OpenRapid RapidCMS article-chat.php SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000680.06CVE-2023-4447
14iGeneric Ig Shop page.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002130.02CVE-2007-2717
15yiwent Vip Video Analysis admincore.php 跨网站脚本4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.06CVE-2023-3016
16Tim Campus Confession Wall share.php SQL注入6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.003160.06CVE-2022-3789
17SourceCodester Online Reviewer System GET Parameter user-update.php SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.19CVE-2023-2596
18SourceCodester Inventory Management System Password edit_update.php 权限升级6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001430.16CVE-2023-4183
19Campcodes Retro Basketball Shoes Online Store faqs.php SQL注入6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.06CVE-2023-2204
20built2go News Manager Blog news.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.005990.00CVE-2007-1248

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
141.216.183.31GhostLocker2024-01-30verified

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/suppliers/view_details.phppredictive
2File/admin/users.phppredictive
3File/application/websocket/controller/Setting.phppredictive
4File/member/chat.phppredictive
5File/reviewer/system/system/admins/manage/users/user-update.phppredictive
6Fileadmin/admincore.phppredictive
7Fileadmin/article-chat.phppredictive
8Filexxx.xxxpredictive
9Filexxx.xxxpredictive
10Filexxxxxx.xxxpredictive
11Filexxxxxxxxxx.xxxpredictive
12Filexxxxxx_xxxx_xxxxx.xxxpredictive
13Filexxxx_xxxxxx.xxxpredictive
14Filexxxx.xxxpredictive
15Filexxxxxxxxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxx.xxxpredictive
18Filexxxxxxx/xxxxxx%xxxxxxx/xxxxxx_xxx.xxx&xxxx=xxxxxxxxxxxxxxxxxx&xxxx=xpredictive
19Filexxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxxx/xxxx.xxxpredictive
22Filexxx/xxxx/xxxx/xxx/xxxxx/xxxxx/xxxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictive
23Filexxxxxx_xxxx.xxxpredictive
24Filexxxx.xxxpredictive
25Filexxxxxxxxxxxx-xxxxxxxx.xxxpredictive
26Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
27File{xxxxxxx}/xxx/xxxxxxx.xxxpredictive
28File~/xxxxxxxx/xxxxxxxxx/xxxxxxx-xxxx.xxxpredictive
29Argumentxxxxxxxxxxxpredictive
30Argumentxxxxpredictive
31Argumentx_xxxx_xxxxxxpredictive
32Argumentxxpredictive
33Argumentxxxx_xxpredictive
34Argumentxxxxxx_xxxxpredictive
35Argumentxxxpredictive
36Argumentxxxx_xxxxxxxxxxpredictive
37Argumentxxxpredictive
38Argumentxxxxxxxxpredictive
39Argumentxxxxxxxpredictive
40Argumentxxxx_xxpredictive
41Argumentxxxx_xx[]predictive
42Argumentxxxpredictive
43Argumentxxxx_xxpredictive
44Input Valuex'xxx x=x xxxxx xxxxxx x,xxxxx(xx),x,x,x --+predictive
45Input Valuexxxxxxxxx'+xx+x%xxx+xxxxx+x%xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!