Hackers-for-Hire Analysis

IOB - Indicator of Behavior (33)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en26
de4
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
tr2
gb2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Hackers-for-Hire3
IcedID2
Bumblebee2
Conti1
Ryuk1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Content Management System6
Router Operating System4
Smartphone Operating System2
Mail Client Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
D-Link4
Google2
TP-LINK2
Joomla2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android2
TP-LINK TL-WR840N v42
Joomla CMS2
D-Link DAP-15302
D-Link DAP-16102

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.10855CVE-2021-27182
2TP-LINK TL-WR940N PingIframeRpm.htm ipAddrDispose memory corruption7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.050.04891CVE-2019-6989
3SourceCodester Web-Based Student Clearance System edit-admin.php sql injection6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.10855CVE-2022-3733
4php-fusion downloads.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.010.01055CVE-2020-12708
5Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00986CVE-2011-0519
6Gallery My Photo Gallery image.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
7Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.040.00000
8ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.06790CVE-2005-0936
9Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.04386CVE-2004-0300
10Simple Real Estate Portal System sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00885CVE-2022-28410
11Alan Ward A-CART deliver.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01213CVE-2004-1874
12Alan Ward A-CART category.asp sql injection7.37.3$0-$5kCalculatingNot DefinedNot Defined0.010.04386CVE-2004-1873
13Hikvision DVR DS-7204HGHI-F1 capabilities User excessive authentication4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2020-7057
14Dahua IPC-HX3XXX Data Packet improper authentication8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.22170CVE-2021-33044
15Microsoft Windows Win32k privileges management7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2021-1709
16Apache HTTP Server mod_session heap-based overflow7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.07767CVE-2021-26691
17CrushFTP redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-18288
18GNU Mailman Admin Login Page/Pipermail Index Summary cross site scripting6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.04187CVE-2002-0388
19Django Admin Interface debug.py cross site scripting6.15.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.23437CVE-2016-6186
20Virtual Programming VP-ASP Shopping Cart shopadmin.asp cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02945CVE-2005-3685

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CostaRicto

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.89.175.206Hackers-for-HireCostaRictoverifiedHigh
245.138.172.54Hackers-for-HireCostaRictoverifiedHigh
3XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxxXxxxxxx-xxx-xxxxXxxxxxxxxxverifiedHigh
4XXX.XX.XX.XXXxxxxxx-xxx-xxxxXxxxxxxxxxverifiedHigh
5XXX.XX.XX.XXXXxxxxxx-xxx-xxxxXxxxxxxxxxverifiedHigh
6XXX.XXX.XX.XXXxxxxxx-xxx-xxxxXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/EXCU_SHELLpredictiveMedium
2File/my_photo_gallery/image.phppredictiveHigh
3File/reps/classes/Users.php?f=delete_agentpredictiveHigh
4FileAdmin/edit-admin.phppredictiveHigh
5Filexxxxxxxx.xxxpredictiveMedium
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxx.xxxpredictiveHigh
13Filexxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxx/xxxxx.xxpredictiveHigh
16ArgumentxxxxxxxpredictiveLow
17Argumentxxx_xxpredictiveLow
18ArgumentxxpredictiveLow
19ArgumentxxxxxpredictiveLow
20ArgumentxxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22Input Valuexxx xxxxxxxxpredictiveMedium
23Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveHigh
24Network Portxxx/xx (xxxxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!