Hadglider Analysis

IOB - Indicator of Behavior (130)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en128
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us8
cn6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

REvil1
TeamTNT1
BlackByte1
Hadglider1
Eternity1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Web Browser10
Operating System8
Programming Language Software6
Firewall Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Google10
Netgear6
HPE4
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome8
FreeRDP4
Linux Kernel4
Perl4
Netgear D78004

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-7132
2Telegram Web K Alpha Document Extension Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-40532
3pgjdbc injection6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.21296CVE-2022-21724
4Dell EMC CloudLink Active Directory improper authentication8.88.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.09029CVE-2022-34379
5Linux Kernel ebpf Verifier verifier.c adjust_scalar_min_max_vals unknown vulnerability4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00950CVE-2021-4159
6Web2py Password 7pk security7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01136CVE-2016-10321
7MantisBT API SOAP mc_project_get_users sql injection5.04.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.05473CVE-2020-28413
8MantisBT access control7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01319CVE-2014-9572
9October CMS ViewMaker.php#244 makeFileContents information disclosure5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2018-1999009
10XStream denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.53308CVE-2021-21341
11Eclipse Jetty Content-Length Header data processing8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.02686CVE-2017-7658
12HP Network Switch access control6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2015-6859
13Dolibarr CRM control flow4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2022-0174
14Philips Collaboration Platform cross-site request forgery5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2020-14506
15SAP 3D Visual Enterprise Viewer TGA File input validation4.34.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00954CVE-2020-6345
16Cisco Unified Contact Center Express Java Remote Management Interface input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2020-3280
17VMware Cloud Director injection7.57.0$5k-$25kCalculatingFunctionalOfficial Fix0.040.52583CVE-2020-3956
18Google Chrome Blink use after free7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01776CVE-2020-6474
19nginx DNS CNAME Record use after free7.36.8$0-$5k$0-$5kUnprovenOfficial Fix0.040.02172CVE-2016-0746
20Nutfind.com SSL Certificate Validator certificate validation4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2019-16252

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.9.148.123HadgliderverifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059.007CWE-79Cross Site ScriptingpredictiveHigh
4T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/goform/SetNetControlListpredictiveHigh
2Fileadmin/categories_industry.phppredictiveHigh
3Fileadmin/content/postcategorypredictiveHigh
4FileAdminstrator/Users/Edit/predictiveHigh
5Fileagent.cfgpredictiveMedium
6FileALL_IN_THE_BOX.OCXpredictiveHigh
7Filexxx.xpredictiveLow
8FilexxxpredictiveLow
9Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
10Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
11Filexxx_xxxx.xpredictiveMedium
12Filexxx/xxxxx.xxxxxpredictiveHigh
13Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
14Filexx_xxxxx.xpredictiveMedium
15Filexxxxx_xxxxx.xpredictiveHigh
16Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
17Filexxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
20Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
21Filexxxxx/xxxxx.xxxxxpredictiveHigh
22Filexxxxxxx.xpredictiveMedium
23Filexxx.xpredictiveLow
24FilexxxxxxxxxxxxxxxxpredictiveHigh
25Filexxx-xxxxxxx-xxx.xxpredictiveHigh
26Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
27Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
28Libraryxxxxxxx.xxxpredictiveMedium
29Libraryxxxxx.xxxpredictiveMedium
30Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
31ArgumentxxxxxxpredictiveLow
32ArgumentxxxpredictiveLow
33Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
34ArgumentxxxxxxpredictiveLow
35Argumentx:\xxxxxxx\xpredictiveMedium
36Argumentxxx_xxxpredictiveLow
37ArgumentxxxxpredictiveLow
38ArgumentxxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxxpredictiveLow
41ArgumentxxxxpredictiveLow
42Argumentx_xxxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxpredictiveLow
45ArgumentxxxxxxpredictiveLow
46Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!