Hackers-for-Hire 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

タイムライン

言語

en34
de4
es2

国・地域

us30
de4
tr4
gb2

アクター

Hackers-for-Hire4
IcedID2
Bumblebee2
BumbleBee2
Cobalt Strike2

アクティビティ

関心

タイムライン

タイプ

Not Defined10
Router Operating System6
Photo Gallery Software4
Web Server4
Content Management System4

ベンダー

Not Defined6
TP-LINK4
Apache4
Gallarific2
D-Link2

製品

Apache HTTP Server4
TP-LINK TL-WR840N v42
Gallarific PHP Photo Gallery script2
Host2
D-Link DIR-6152

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Secomea GateManager 特権昇格5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.03CVE-2022-25782
2Alt-N MDaemon Worldclient 特権昇格4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.07CVE-2021-27182
3TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose メモリ破損7.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.054510.07CVE-2019-6989
4TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
5sitepress-multilingual-cms Plugin class-wp-installer.php 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
6SourceCodester Web-Based Student Clearance System edit-admin.php SQLインジェクション6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.07CVE-2022-3733
7php-fusion downloads.php クロスサイトスクリプティング5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001590.04CVE-2020-12708
8Gallarific PHP Photo Gallery script gallery.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001360.05CVE-2011-0519
9Gallery My Photo Gallery image.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Host Web Server phpinfo.php phpinfo 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.03
11ESMI PayPal Storefront products1h.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
12Ecommerce Online Store Kit shop.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.07CVE-2004-0300
13Simple Real Estate Portal System SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2022-28410
14Alan Ward A-CART deliver.asp クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003940.00CVE-2004-1874
15Alan Ward A-CART category.asp SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.008380.00CVE-2004-1873
16Hikvision DVR DS-7204HGHI-F1 capabilities User 情報の漏洩4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.001260.00CVE-2020-7057
17Dahua IPC-HX3XXX Data Packet 弱い認証8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.256290.03CVE-2021-33044
18Microsoft Windows Win32k 特権昇格7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-1709
19Apache HTTP Server mod_session メモリ破損7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.705970.04CVE-2021-26691
20CrushFTP Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000780.04CVE-2018-18288

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CostaRicto

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.89.175.206Hackers-for-HireCostaRicto2022年03月04日verified
245.138.172.54Hackers-for-HireCostaRicto2022年03月04日verified
3XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxxXxxxxxx-xxx-xxxxXxxxxxxxxx2022年03月04日verified
4XXX.XX.XX.XXXxxxxxx-xxx-xxxxXxxxxxxxxx2022年03月04日verified
5XXX.XX.XX.XXXXxxxxxx-xxx-xxxxXxxxxxxxxx2022年03月04日verified
6XXX.XXX.XX.XXXxxxxxx-xxx-xxxxXxxxxxxxxx2022年03月04日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/EXCU_SHELLpredictive
2File/my_photo_gallery/image.phppredictive
3File/reps/classes/Users.php?f=delete_agentpredictive
4FileAdmin/edit-admin.phppredictive
5Filexxxxxxxx.xxxpredictive
6Filexxxxxxx.xxxpredictive
7Filexxxxxxxxx/xxxxxxxxx.xxxpredictive
8Filexxxxxxx.xxxpredictive
9Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
10Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
11Filexxxxxxx.xxxpredictive
12Filexxxxxxxxxxxxx.xxxpredictive
13Filexxxxxxxxxx.xxxpredictive
14Filexxxx.xxxpredictive
15Filexxxxxxxxx.xxxpredictive
16Filexxxx-xxxxxxxx.xxxpredictive
17Filexxxxx/xxxxx.xxpredictive
18Argumentxxxxxxxpredictive
19Argumentxxx_xxpredictive
20Argumentxxpredictive
21Argumentxxxxxpredictive
22Argumentxxxxxxxxxpredictive
23Argumentxxxxxxxxpredictive
24Input Valuexxx xxxxxxxxpredictive
25Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictive
26Network Portxxx/xx (xxxxxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!