GitHub Actions exploitation: repo jacking and environment manipulation
Tags
| attack-pattern: | Data Javascript - T1059.007 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 982455ba-a162-43a6-a816-11d846dacc89 |
| Fingerprint | 9c461599cc235a8b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 10, 2024, midnight |
| Added to db | Aug. 31, 2024, 10:48 a.m. |
| Last updated | Nov. 19, 2024, 7:53 p.m. |
| Headline | GitHub Actions exploitation: repo jacking and environment manipulation |
| Title | GitHub Actions exploitation: repo jacking and environment manipulation |
| Detected Hints/Tags/Attributes | 43/1/45 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 414 | ✔ | Last Blog Article | https://www.synacktiv.com/en/feed/lastblog.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4136 | github.com |
|
| Details | Domain | 2 | github.rest |
|
| Details | Domain | 1 | allartifacts.data |
|
| Details | Domain | 1 | artifact.name |
|
| Details | Domain | 1 | matchartifact.id |
|
| Details | Domain | 1 | released-version.zip |
|
| Details | Domain | 1 | download.data |
|
| Details | Domain | 4 | inject.so |
|
| Details | Domain | 1 | firebase-android.zip |
|
| Details | Domain | 1 | downloadpreview.data |
|
| Details | Domain | 2 | pr.zip |
|
| Details | Domain | 1 | steps.zip |
|
| Details | Domain | 1 | nacos.zip |
|
| Details | Domain | 5 | media.defcon.org |
|
| Details | Domain | 34 | www.paloaltonetworks.com |
|
| Details | Domain | 21 | www.legitsecurity.com |
|
| Details | Domain | 37 | bugs.chromium.org |
|
| Details | Domain | 1 | 0xn3va.gitbook.io |
|
| Details | Domain | 15 | github.blog |
|
| Details | File | 1 | allartifacts.dat |
|
| Details | File | 1 | released-version.zip |
|
| Details | File | 4 | download.dat |
|
| Details | File | 1 | released-version.txt |
|
| Details | File | 370 | console.log |
|
| Details | File | 1 | actioncommandmanager.cs |
|
| Details | File | 2 | secrets.doc |
|
| Details | File | 1 | pr_number.txt |
|
| Details | File | 1 | firebase-android.zip |
|
| Details | File | 1 | downloadpreview.dat |
|
| Details | File | 1 | pr.zip |
|
| Details | File | 1 | steps.zip |
|
| Details | File | 1 | nacos.zip |
|
| Details | Github username | 1 | jungwinter |
|
| Details | Github username | 1 | winterjung |
|
| Details | Github username | 5 | synacktiv |
|
| Details | Url | 1 | https://github.com/jungwinter/split |
|
| Details | Url | 1 | https://github.com/winterjung/split |
|
| Details | Url | 1 | http://ip.ip.ip.ip/inject.so |
|
| Details | Url | 2 | https://media.defcon.org/def |
|
| Details | Url | 1 | https://www.paloaltonetworks.com/blog/prisma-cloud/github-actions-worm- |
|
| Details | Url | 3 | https://github.com/synacktiv/octoscan |
|
| Details | Url | 1 | https://www.legitsecurity.com/blog/github-privilege-escalation-vulnerab |
|
| Details | Url | 1 | https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q= |
|
| Details | Url | 1 | https://0xn3va.gitbook.io/cheat-sheets/web-application/command-injectio |
|
| Details | Url | 1 | https://github.blog/changelog/2020-10-01-github-actions-deprecating-set |