GhostSecret Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (151)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en150
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us130
gb20
br2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HopLight1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Operating System24
Web Browser8
Web Server6
Document Reader Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Microsoft20
Linux6
Atlassian4
Mozilla4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows18
Linux Kernel6
Google Chrome4
Adobe Acrobat Reader4
OpenSSH4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Node.js Module._load permission7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000910.06CVE-2023-32002
2Rarlab WinRar Recovery Volume array index6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2023-40477
3Cisco AnyConnect Secure Mobility Client default permission7.87.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000600.04CVE-2023-20178
4curl POST use after free8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.00CVE-2023-28322
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.68CVE-2020-12440
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.04CVE-2017-0055
7Atlassian JIRA Server/Data Center Access Control default permission5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000820.36CVE-2019-20106
8Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.8$25k-$100k$5k-$25kHighOfficial Fix0.007270.04CVE-2023-21674
9SciPy Py_FindObjects use after free7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.04CVE-2023-29824
10Microsoft Windows Routing/Remote Access Service Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.042800.04CVE-2023-35365
11RenderDoc integer overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003230.00CVE-2023-33863
12Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.085100.00CVE-2023-28231
13IBM InfoSphere DataStage access control5.95.9$25k-$100k$5k-$25kNot DefinedNot Defined0.000420.00CVE-2015-1900
14Apache HTTP Server mod_reqtimeout resource management5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.00CVE-2007-6750
15Atlassian Companion App Websocket Remote Code Execution9.49.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002120.04CVE-2023-22524
16OpenVPN Connect Node.js Framework neutralization of directives5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-7245
17Apple Safari unusual condition8.07.9$5k-$25k$5k-$25kHighOfficial Fix0.000800.08CVE-2023-41993
18texlive-bin TTF File ttfLoadHDMX:ttfdump heap-based overflow3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-25262
19Linux Kernel membarrier sys_membarrier resource consumption5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.09CVE-2024-26602
20libuv getaddrinfo.c uv_getaddrinfo server-side request forgery7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001110.04CVE-2024-24806

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
114.140.116.17214-140-116-172-sapient.comGhostSecret04/30/2018verifiedHigh
2XXX.XXX.XXX.XXXxxxxxxxxxx04/30/2018verifiedHigh
3XXX.XXX.XXX.XXXXxxxxxxxxxx04/30/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/bookings/view_details.phppredictiveHigh
2File/modules/announcement/index.php?view=editpredictiveHigh
3File/uncpath/predictiveMedium
4Fileash.cpredictiveLow
5Filexxxx/xxxxxxx/xxxxxxxxpredictiveHigh
6Filexxxxxxxxx/xxxxxxxxx.xpredictiveHigh
7Filexxxxxxx/xxx/xxxxxxxx/xxxxx/xxx/xxx_xxxx.xpredictiveHigh
8Filexxxxxxx/xxxx/xxxxxx/xxx.xpredictiveHigh
9Filexxxxxxxxxx.xxxxxxx.xxpredictiveHigh
10Filexxxxxxx.xpredictiveMedium
11Filexxxx_xxxxx.xpredictiveMedium
12Filexxx_xxxxxxxx.xpredictiveHigh
13Filexxx/xxxxxxxxx/xx_xxxxxxxxx.xpredictiveHigh
14Filexxxxxxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
15Filexxx/xxxx/xxxxxxxxxxx.xpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxx-xxxpredictiveMedium
18Filexxx/xxxxxxx.xxxpredictiveHigh
19Libraryxxx.xxxpredictiveLow
20Libraryxxx/xxxxxxxxxxxxxxx.xxpredictiveHigh
21ArgumentxxxxxxxxxpredictiveMedium
22ArgumentxxxxxxxxxxxpredictiveMedium
23Argumentxxxxxxxx_xxx_xx_xxxxpredictiveHigh
24ArgumentxxxxxxxxxxxpredictiveMedium
25Argumentxxxxxxxx/xxxxxxx/xxxxxpredictiveHigh
26ArgumentxxpredictiveLow
27ArgumentxxxxxxxxxpredictiveMedium
28ArgumentxxxxpredictiveLow
29Argumentxxxxxxx xxxxxpredictiveHigh
30ArgumentxxxxxpredictiveLow
31Input Value[]-x.xx-xxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!