Hadglider Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en120

Country

us6
es3

Actors

REvil120

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-7132
2HP Network Switch access control5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.03CVE-2015-6859
3Dolibarr CRM control flow4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-0174
4Philips Collaboration Platform cross-site request forgery5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-14506
5SAP 3D Visual Enterprise Viewer TGA File input validation4.34.3$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2020-6345
6Cisco Unified Contact Center Express Java Remote Management Interface input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3280
7VMware Cloud Director injection7.57.0$5k-$25k$0-$5kFunctionalOfficial Fix0.00CVE-2020-3956
8Google Chrome Blink use after free7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-6474
9nginx DNS CNAME Record use after free7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.03CVE-2016-0746
10Nutfind.com SSL Certificate Validator certificate validation4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2019-16252
11Google Android eas_mdls.c Parse_lart resource consumption5.45.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0171
12Apache Unomi OGNL Scripting input validation8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-11975
13WinGate Installation default permission6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-13866
14Foxit PhantomPDF Signature Validation signature verification7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-20834
15Perl Regular Expression regcomp.c S_study_chunk buffer overflow7.46.5$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-12723
16Athom Homey/Homey Pro Network Configuration cleartext storage3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-9462
17Perl Regular Expression integer overflow8.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-10878
18Castel NextGen DVR privileges management7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-11679
19Google Chrome User Interface Domain default permission6.46.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-6498
20Grafana Incomplete Fix CVE-2018-12099 cross site scripting5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2018-18625

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
145.9.148.123HadgliderHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxHigh
4TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/goform/SetNetControlListHigh
2Fileadmin/categories_industry.phpHigh
3Fileadmin/content/postcategoryHigh
4FileAdminstrator/Users/Edit/High
5Fileagent.cfgMedium
6Filexxx_xx_xxx_xxx.xxxHigh
7Filexxx.xLow
8FilexxxLow
9Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxHigh
10Filexxxxxxx/xxx/xxx-xx.xHigh
11Filexxx_xxxx.xMedium
12Filexxx/xxxxx.xxxxxHigh
13Filexxxxxxx/xxxxx.xxx.xxxHigh
14Filexx_xxxxx.xMedium
15Filexxxxx_xxxxx.xHigh
16Filexxxx.xxxMedium
17Filexxxxx.xxxMedium
18Filexxxxxxxxx/xxxxx.xxxxxHigh
19Filexxxxx/xxxxx.xxxxxHigh
20Filexxxxxxx.xMedium
21Filexxx.xLow
22FilexxxxxxxxxxxxxxxxHigh
23Filexxx-xxxxxxx-xxx.xxHigh
24Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxHigh
25Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxHigh
26Libraryxxxxxxx.xxxMedium
27Libraryxxxxx.xxxMedium
28Libraryxxxxxxxxxxxxx.xxx)High
29ArgumentxxxLow
30ArgumentxxxxxxLow
31Argumentx:\xxxxxxx\xMedium
32ArgumentxxxxLow
33ArgumentxxLow
34ArgumentxxxxLow
35ArgumentxxxxLow
36Argumentx_xxxxLow
37ArgumentxxxxxLow
38ArgumentxxLow
39ArgumentxxxxxxLow
40Input Value//xxx//xxxxxxx.xxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!