GitHub Actions exploitation: self hosted runners
Tags
attack-pattern: | Credentials - T1589.001 Hardware - T1592.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Sudo - T1169 |
Common Information
Type | Value |
---|---|
UUID | 5ccfcc21-99e8-4808-b4dc-7b8301de13f3 |
Fingerprint | 1d64751d4d325aea |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | July 17, 2024, midnight |
Added to db | Aug. 31, 2024, 10:48 a.m. |
Last updated | Nov. 18, 2024, 11:24 a.m. |
Headline | GitHub Actions exploitation: self hosted runners |
Title | GitHub Actions exploitation: self hosted runners |
Detected Hints/Tags/Attributes | 45/1/23 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 414 | ✔ | Last Blog Article | https://www.synacktiv.com/en/feed/lastblog.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1 | exfil.sh |
|
Details | Domain | 39 | run.sh |
|
Details | Domain | 1 | run-helper.sh |
|
Details | Domain | 1 | c146c643-e8b1-4247-95f6-da15630cfa23.sh |
|
Details | Domain | 1 | rssysstat.sh |
|
Details | Domain | 2 | docker.pid |
|
Details | Domain | 5 | npmjs.org |
|
Details | Domain | 4131 | github.com |
|
Details | Domain | 1 | adnanthekhan.com |
|
Details | Domain | 10 | www.praetorian.com |
|
Details | File | 34 | next.js |
|
Details | File | 1 | exfil.txt |
|
Details | File | 5 | token.txt |
|
Details | File | 674 | node.js |
|
Details | Github username | 7 | praetorian-inc |
|
Details | Github username | 5 | synacktiv |
|
Details | Url | 1 | https://ip.ip.ip.ip/static/exfil.sh |
|
Details | Url | 1 | https://ip.ip.ip.ip/upload |
|
Details | Url | 2 | https://github.com/praetorian-inc/gato |
|
Details | Url | 3 | https://github.com/synacktiv/octoscan |
|
Details | Url | 1 | https://adnanthekhan.com/2023/12/20/one-supply-chain-attack-to-rule-the |
|
Details | Url | 1 | https://www.praetorian.com/blog/tensorflow-supply-chain-compromise-via-self-hosted-runner-attack |
|
Details | Url | 1 | https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch |