GhostSec

Description of Etda: No description found

Description of MISP: GhostSec is a hacktivist group that emerged as an offshoot of Anonymous. They primarily focused on counterterrorism efforts and monitoring online activities associated with terrorism. They gained prominence following the 2015 Charlie Hebdo shooting in Paris and the rise of ISIS.

Also Known As:

GhostSecurity

Ghost Security


️Related CVEs

CVE-2023-46850

CVE-2023-47246

CVE-2023-34051

CVE-2023-46849

CVE-2023-46604

+11


ATT&CK IDs:

T1112

T1547

T1105

T1082

T1102

+31

Tactic Id Technique
Collection T1074 Data Staged

Sub Techniques

Detections

Mitigations

Collection T1560 Archive Collected Data

Sub Techniques

Detections

Mitigations

Collection T1056 Input Capture

Sub Techniques

Detections

Mitigations

Collection T1113 Screen Capture

Sub Techniques

Detections

Mitigations

Command And Control T1105 Ingress Tool Transfer

Sub Techniques

Detections

Mitigations

Command And Control T1102 Web Service

Sub Techniques

Detections

Mitigations

Command And Control T1104 Multi-Stage Channels

Sub Techniques

Detections

Mitigations

Command And Control T1071 Application Layer Protocol

Sub Techniques

Detections

Mitigations

Command And Control T1090 Proxy

Sub Techniques

Detections

Mitigations

Command And Control T1071 Web Protocols

Sub Techniques

Detections

Mitigations

Credential Access T1110 Brute Force

Sub Techniques

Detections

Mitigations

Credential Access T1056 Input Capture

Sub Techniques

Detections

Mitigations

Defense Evasion T1112 Modify Registry

Sub Techniques

Detections

Mitigations

Defense Evasion T1140 Deobfuscate/Decode Files or Information

Sub Techniques

Detections

Mitigations

Defense Evasion T1055 Process Injection

Sub Techniques

Detections

Mitigations

Defense Evasion T1036 Masquerading

Sub Techniques

Detections

Mitigations

Defense Evasion T1497 Virtualization/Sandbox Evasion

Sub Techniques

Detections

Mitigations

Defense Evasion T1027 Obfuscated Files or Information

Sub Techniques

Detections

Mitigations

Defense Evasion T1070 Indicator Removal

Sub Techniques

Detections

Mitigations

Discovery T1082 System Information Discovery

Sub Techniques

Detections

Mitigations

Discovery T1518 Software Discovery

Sub Techniques

Detections

Mitigations

Discovery T1087 Account Discovery

Sub Techniques

Detections

Mitigations

Discovery T1083 File and Directory Discovery

Sub Techniques

Detections

Mitigations

Discovery T1057 Process Discovery

Sub Techniques

Detections

Mitigations

Discovery T1497 Virtualization/Sandbox Evasion

Sub Techniques

Detections

Mitigations

Execution T1059 Command and Scripting Interpreter

Sub Techniques

Detections

Mitigations

Exfiltration T1030 Data Transfer Size Limits

Sub Techniques

Detections

Mitigations

Impact T1499 Endpoint Denial of Service

Sub Techniques

Detections

Mitigations

Impact T1486 Data Encrypted for Impact

Sub Techniques

Detections

Mitigations

Impact T1490 Inhibit System Recovery

Sub Techniques

Detections

Mitigations

Initial Access T1189 Drive-by Compromise

Sub Techniques

Detections

Mitigations

Initial Access T1566 Phishing

Sub Techniques

Detections

Mitigations

Initial Access T1566 Spearphishing Attachment

Sub Techniques

Detections

Mitigations

Initial Access T1190 Exploit Public-Facing Application

Sub Techniques

Detections

Mitigations

Lateral Movement T1021 Remote Services

Sub Techniques

Detections

Mitigations

Persistence T1547 Boot or Logon Autostart Execution

Sub Techniques

Detections

Mitigations

Persistence T1137 Office Application Startup

Sub Techniques

Detections

Mitigations

Persistence T1176 Browser Extensions

Sub Techniques

Detections

Mitigations

Privilege Escalation T1547 Boot or Logon Autostart Execution

Sub Techniques

Detections

Mitigations

Privilege Escalation T1055 Process Injection

Sub Techniques

Detections

Mitigations