Hackers-for-Hire Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en36
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA26
GB: Great Britain6
TR: Turkey4
RU: Russia2
DE: Germany2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Hackers-for-Hire4
Feodo2
Cobalt Strike2
IcedID2
Meterpreter2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Content Management System6
Router Operating System4
Web Server4
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
D-Link4
Apache4
Virtual Programming2
ESMI2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server4
D-Link DIR-6152
Virtual Programming VP-ASP2
ESMI PayPal Storefront2
Alan Ward A-CART2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Secomea GateManager insufficient privileges5.95.7$0-$5k$0-$5kNot definedOfficial fix 0.001440.00CVE-2022-25782
2Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot definedOfficial fix 0.008570.05CVE-2021-27182
3TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptWorkaround 0.198600.02CVE-2019-6989
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042770.63CVE-2006-6168
5sitepress-multilingual-cms Plugin class-wp-installer.php cross-site request forgery6.56.4$0-$5k$0-$5kNot definedOfficial fix 0.022640.07CVE-2020-10568
6SourceCodester Web-Based Student Clearance System edit-admin.php sql injection6.36.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000420.05CVE-2022-3733
7php-fusion downloads.php cross site scripting5.75.7$0-$5k$0-$5kNot definedNot defined 0.001950.00CVE-2020-12708
8Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001100.04CVE-2011-0519
9Gallery My Photo Gallery image.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.00
10Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot definedWorkaround 0.000000.06
11ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.078260.02CVE-2005-0936
12Ecommerce Online Store Kit shop.php sql injection9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.028070.02CVE-2004-0300
13Simple Real Estate Portal System Users.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.003090.00CVE-2022-28410
14Alan Ward A-CART deliver.asp cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.004440.00CVE-2004-1874
15Alan Ward A-CART category.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.015540.00CVE-2004-1873
16Hikvision DVR DS-7204HGHI-F1 capabilities User excessive authentication4.54.5$0-$5k$0-$5kNot definedNot defined 0.003270.05CVE-2020-7057
17Dahua IPC-HX3XXX Data Packet improper authentication8.98.7$0-$5k$0-$5kAttackedOfficial fixverified0.942690.04CVE-2021-33044
18Microsoft Windows Win32k privileges management7.26.7$25k-$100k$5k-$25kUnprovenOfficial fix 0.002750.00CVE-2021-1709
19Apache HTTP Server mod_session heap-based overflow7.37.0$25k-$100k$5k-$25kNot definedOfficial fixpossible0.409330.00CVE-2021-26691
20CrushFTP redirect6.66.6$0-$5k$0-$5kNot definedNot defined 0.002710.06CVE-2018-18288

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CostaRicto

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.89.175.206Hackers-for-HireCostaRicto03/04/2022verifiedLow
245.138.172.54Hackers-for-HireCostaRicto03/04/2022verifiedLow
3XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxxXxxxxxx-xxx-xxxxXxxxxxxxxx03/04/2022verifiedLow
4XXX.XX.XX.XXXxxxxxx-xxx-xxxxXxxxxxxxxx03/04/2022verifiedLow
5XXX.XX.XX.XXXXxxxxxx-xxx-xxxxXxxxxxxxxx03/04/2022verifiedLow
6XXX.XXX.XX.XXXxxxxxx-xxx-xxxxXxxxxxxxxx03/04/2022verifiedLow

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/EXCU_SHELLpredictiveMedium
2File/my_photo_gallery/image.phppredictiveHigh
3File/reps/classes/Users.php?f=delete_agentpredictiveHigh
4FileAdmin/edit-admin.phppredictiveHigh
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
10Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxx.xxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxx-xxxxxxxx.xxxpredictiveHigh
17Filexxxxx/xxxxx.xxpredictiveHigh
18ArgumentxxxxxxxpredictiveLow
19Argumentxxx_xxpredictiveLow
20ArgumentxxpredictiveLow
21ArgumentxxxxxpredictiveLow
22ArgumentxxxxxxxxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24Input Valuexxx xxxxxxxxpredictiveMedium
25Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveHigh
26Network Portxxx/xx (xxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!