DEV-0530 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (166)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en162
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us166

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

H0lyGh0st1
Remcos1
Cobalt Strike1
NetWire RC1
Nanocore RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined80
Operating System10
Content Management System8
Programming Language Software8
Cloud Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined44
Microsoft20
Google8
Samsung6
Dell EMC4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Google Go4
swftools4
Gogs2
Samsung Settings2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TLS Protocol/SSL Protocol RC4 Encryption Bar Mitzvah Attack cryptographic issues5.34.7$0-$5k$0-$5kUnprovenWorkaround0.003000.00CVE-2015-2808
2Couchbase Server information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2022-32192
3OTRS Forwarder information disclosure3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000720.03CVE-2022-32740
4Veritas NetBackup pbx_exchange Process access control8.36.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.003560.05CVE-2017-6407
5Microsoft Azure RTOS USBX ux_device_class_dfu_control_request buffer overflow9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.012350.00CVE-2022-29246
6PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
7jQuery UI dialog cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004690.04CVE-2016-7103
8Intel Xeon BIOS information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-33117
9HID Mercury LP1501/LP1502/LP2500/LP4502/EP4502 Update buffer overflow9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.002610.02CVE-2022-31481
10Apache Tomcat HTTP Split input validation7.26.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002620.03CVE-2016-6816
11Delta Controls enteliTOUCH HTTP Request Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.001880.00CVE-2022-29735
12Moment.js path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.09CVE-2022-24785
13Laravel PendingBroadcast.php __destruct deserialization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2022-31279
14Piwigo cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2021-40678
15Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.00CVE-2022-32981
16GNU C Library mq_notify use after free5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.013860.00CVE-2021-33574
17Vyper Contract Address control flow7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2022-29255
18Easy Blog cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-27174
19Brocade SANnav REST API log file3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-28162
20Python mailcap Module os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.03CVE-2015-20107

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • H0lyGh0st

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1193.56.29.123DEV-0530H0lyGh0st07/15/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?page=batch_manager&mode=unitpredictiveHigh
2File/goform/aspFormpredictiveHigh
3File/omps/sellerpredictiveMedium
4File/php/passport/index.phppredictiveHigh
5File/replicationpredictiveMedium
6File/settingspredictiveMedium
7File/staff/tools/custom-fieldspredictiveHigh
8File/strings/ctype-latin1.cpredictiveHigh
9File/xxxxxxx/predictiveMedium
10File/xxxxxxx-xxxxxxxxxx/xxxxx/xxxxxx_xxxxxx_xxxxxxx_xxxxxxx.xxx?xxxxxxx_xx=xxpredictiveHigh
11Filexxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
13Filexxxxxxx.xxxxpredictiveMedium
14Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
15Filexxx-xxx/xxxxxxx.xxpredictiveHigh
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
18Filexxxxxxxxxxxxxxxxxxxxxxx.xpredictiveHigh
19Filexxxx/xxxxx/xxx_xxxxx.xxxpredictiveHigh
20Filexxxx_xx.xxpredictiveMedium
21Filexxx_xxxxxx.xxpredictiveHigh
22Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxxxx/xxxx/xxxxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveHigh
26Filexxxxxxxxxx/xxxxxx_xxxxxxxx.xpredictiveHigh
27Filexx/xxxxx/xxxxxxx/xxxx.xxpredictiveHigh
28Filexxx/xxxx/xxxx.xpredictiveHigh
29Filexxxxxx-xxx.xpredictiveMedium
30Filexxxxxx.xpredictiveMedium
31Filexxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxx/xxxx_xxxxxxx.xxpredictiveHigh
35Filexxx/xxxx_xxxx.xxpredictiveHigh
36Filexxxxxxx.xpredictiveMedium
37Filexxxx_xxx_xxx.xxxpredictiveHigh
38Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
40File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
41Libraryxxxxx.xxxpredictiveMedium
42Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxpredictiveLow
45Argumentxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
46ArgumentxxxxxxxpredictiveLow
47Argumentxxxxxxxxxx_xxxxpredictiveHigh
48Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
49ArgumentxxxxxxxxxpredictiveMedium
50ArgumentxxxxxxpredictiveLow
51Argumentxxxxxx/xxxxxxxxxxpredictiveHigh
52Argumentxxxxx xxxxpredictiveMedium
53ArgumentxxpredictiveLow
54Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
55ArgumentxxxxpredictiveLow
56ArgumentxxpredictiveLow
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63Argumentxxxxxx_xxxxpredictiveMedium
64ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
65ArgumentxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxpredictiveLow
68Argumentxxxx_xxpredictiveLow
69Argumentx-xxxxxxxxx-xxxpredictiveHigh
70Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!