HelloXD 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (200)

タイムライン

言語

en170
ru22
it4
de2
es2

国・地域

ru88
us44
gb12
it8
at2

アクター

HelloXD4
Cobalt Strike1
Meterpreter1

アクティビティ

関心

タイムライン

タイプ

Not Defined70
Web Server18
Operating System14
Network Camera Software10
Firewall Software8

ベンダー

Not Defined58
Microsoft24
Apache10
IBM8
Cisco8

製品

Apache HTTP Server10
Wireless IP Camera 3608
Microsoft Windows8
Microsoft IIS8
Cisco ASA6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1F21 JWT Signature JWT.php 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003070.00CVE-2015-2951
2Apple iOS/iPadOS IOMobileFrameBuffer メモリ破損7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.002630.04CVE-2022-22587
3Famatech Remote Administrator 弱い認証7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.04
4systemd-resolved DNS Response 特権昇格6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.007060.00CVE-2017-9217
5AnyDesk Portable Mode gcapi.dll 特権昇格6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.04CVE-2020-35483
6guzzlehttp psr7 HTTP Message 未知の脆弱性5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002550.04CVE-2023-29197
7FreeBSD Ping pr_pack メモリ破損7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2022-23093
8SourceCodester Garage Management System editbrand.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.14CVE-2022-2468
9Endian UTM Firewall changepw.cgi 未知の脆弱性4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Gitea 特権昇格6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2021-45327
11Microsoft Windows Installer Privilege Escalation8.37.5$100k 以上$0-$5kProof-of-ConceptOfficial Fix0.000430.00CVE-2021-43883
12Apache Guacamole Connection History 特権昇格4.94.9$5k-$25k$5k-$25kNot DefinedNot Defined0.000660.00CVE-2020-11997
13Wireless IP Camera 360 Service Port 9527 弱い認証7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.012010.03CVE-2017-11634
14nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.31CVE-2020-12440
15Linux Kernel メモリ破損7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2023-0461
16Hughes mSQL メモリ破損7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.015980.05CVE-1999-0276
17Xiaomi Router 特権昇格7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.000780.04CVE-2023-26320
18Dreamer CMS Password Hash Calculation UserController.java updatePwd サービス拒否5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.07CVE-2023-2473
19iamdroppy phoenixcf articles.cfm SQLインジェクション6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.28CVE-2011-10001
20Creative Minds CM Download Manager Plugin deletescreenshot クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2020-24145

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.15.19.130HelloXD2022年08月04日verified
2XX.XX.XXX.XXxx-xx.xxxx-xxx.xx-xxxxx.xxx.xxXxxxxxx2022年08月04日verified
3XX.XXX.XX.XXXXxxxxxx2022年08月04日verified
4XXX.XX.XXX.XXxxx.xxxXxxxxxx2022年08月04日verified
5XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2022年08月04日verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
15TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
16TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.bash_historypredictive
2File.procmailrcpredictive
3File/+CSCOE+/logon.htmlpredictive
4File/cgi-bin/changepw.cgipredictive
5File/debug/pprofpredictive
6File/editbrand.phppredictive
7File/etc/raspap/hostapd/enablelog.shpredictive
8File/infusions/shoutbox_panel/shoutbox_admin.phppredictive
9File/xxx/xxxxxpredictive
10File/xxxxxxx/xxxpredictive
11File/xxxxxxx/predictive
12Filexxxxx_xxxxxxxx.xxxpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictive
15Filexxxxxxxxxxxx.xxxpredictive
16Filexxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxxpredictive
17Filexxxxxxxxxxxxxxxxxx.xxpredictive
18Filexxxxxx.xxxpredictive
19Filexxxxxxx/xxx/xxx-xxx.xpredictive
20Filexxxxxx.xpredictive
21Filexxxxxxx.xxxpredictive
22Filexx/xxx/xxxxxxx/xxxxxx.xxx/xxxxxxxxxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexxxxxxxx/xxxx/xxxx.xxpredictive
25Filexxxxx.xxxpredictive
26Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictive
27Filexxx/xxxxxxx/xxx/xxxxxx/xxxxxxx/xxx.xxx.xxxxxxxxxxxxxx.xxxxx.xxxxxxxpredictive
28Filexxx.xxxpredictive
29Filexxxxxxxx.xpredictive
30Filexxxxxxxxxx/xxxxxxx.xpredictive
31Filexxxxx.xxxxpredictive
32Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxxxx/xxxxxx/xxxxxxpredictive
35Filexxxxxxxx.xpredictive
36Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
37Filexxx_xxxxx_xxx.xpredictive
38Filexxx.xxxpredictive
39Filexxxxxxxxxxxxxx.xxxxpredictive
40Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
41Filexxxxxxx.xxxpredictive
42Filexxxx.xxxxx.xxxxxxpredictive
43Filexxxxx-xxxxxx.xxxpredictive
44Filexxxx.xxxpredictive
45Library/_xxx_xxx/xxxxx.xxxpredictive
46Libraryxxxxx.xxxpredictive
47Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxxx.xxpredictive
48Libraryxxxx.xxxxxpredictive
49Argument$xxxxxx/$xxxxxxxxxxx_xxxx/$xxxxx_xxxxx/$xxxxx_xxxxpredictive
50Argumentxxxxxxxxpredictive
51Argumentxxxxxxxxpredictive
52Argumentxxx_xxpredictive
53Argumentxxxxxxxxxxpredictive
54Argumentxxxxpredictive
55Argumentxxpredictive
56Argumentxxxxxxxxxxxxxpredictive
57Argumentxxpredictive
58Argumentxxxx_xxpredictive
59Argumentxxx-xx-xxxxxxxx-xxxxxpredictive
60Argumentxxxxxxxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxxx_xxxxpredictive
64Argumentxxxx_xxpredictive
65Argumentxxxxxxpredictive
66Argumentxxxxxx_xxxxpredictive
67Argumentxxxxxpredictive
68Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
69Input Valuexxxxxxpredictive
70Pattern|xx|xx|xx|predictive
71Network Portxxx/xxxxpredictive
72Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!