Hadglider Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (220)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en206
ru14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA24
CN: China14
RU: Russia6
ES: Spain2
NL: Netherland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

CredStealer1
TeamTNT1
Bashlite1
BlackByte1
Tsunami1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined80
WordPress Plugin20
Operating System16
Content Management System14
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined78
Google8
Cisco6
IBM6
Linux6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
Cisco Firepower Threat Defense4
4Site CMS4
Apple macOS4
Hitachi Ucosminexus Application Server Standard4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.05CVE-2017-6342
2Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4290
3HPE Onboard Administrator Reflected cross site scripting4.44.4$5k-$25k$0-$5kNot DefinedNot Defined0.000500.05CVE-2020-7132
4Check Point Quantum Gateway/Spark Gateway/CloudGuard Network Remote Access VPN information disclosure6.46.4$0-$5k$0-$5kHighNot Defined0.945040.04CVE-2024-24919
5Logsign Unified SecOps Platform command injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03CVE-2024-5717
6TotalSuite Total Poll Lite Plugin authorization4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-32821
7Linux Kernel dm_exception_table_exit infinite loop5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2024-35805
8xwikisas macro-pdfviewer PDF Viewer Macro information disclosure6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.07CVE-2024-30263
9Moises Heberle WooCommerce Bookings Calendar Plugin cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-31117
10Foxit PDF Reader AcroForm use after free7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001410.03CVE-2024-30354
11Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.26CVE-2024-2581
12MediaTek MT8798 Lk memory corruption6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-20022
13Kofax Power PDF PNG File Parser out-of-bounds4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.04CVE-2024-27336
14Linux Kernel ASPM pci_set_power_state_locked deadlock4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2024-26605
15Elementor Plugin deserialization5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.05CVE-2024-24934
16IBM Security Access Manager Container DSC Server resource consumption6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2023-31006
17WP Recipe Maker Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-0382
18Dahua IPC/SD/NVR/XVR Packet unknown vulnerability4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000700.04CVE-2022-30564
19PrestaShop blockwishlist sql injection7.77.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010480.05CVE-2022-31101
20ThemePunch OHG Slider Revolution Plugin unrestricted upload7.27.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2023-47784

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.123Hadglider03/31/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (78)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ajax.php?action=read_msgpredictiveHigh
2File/debug/pprofpredictiveMedium
3File/desktop_app/file.ajax.php?action=uploadfilepredictiveHigh
4File/envpredictiveLow
5File/goform/SetNetControlListpredictiveHigh
6File/goform/SetStaticRouteCfgpredictiveHigh
7File/src/chatbotapp/chatWindow.javapredictiveHigh
8Fileadmin/categories_industry.phppredictiveHigh
9Fileadmin/class-woo-popup-admin.phppredictiveHigh
10Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
11Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxx_xx_xxx_xxx.xxxpredictiveHigh
14Filexxx.xpredictiveLow
15FilexxxpredictiveLow
16Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
17Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
18Filexxx_xxxx.xpredictiveMedium
19Filexxx/xxxxx.xxxxxpredictiveHigh
20Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
21Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
24Filexx_xxxxx.xpredictiveMedium
25Filexxxxx_xxxxx.xpredictiveHigh
26Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
31Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
32Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
33Filexxxxx/xxxxx.xxxxxpredictiveHigh
34Filexxxxxxx.xpredictiveMedium
35Filexxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxx-xxxxxx.xxxpredictiveHigh
37Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
38Filexxx.xpredictiveLow
39FilexxxxxxxxxxxxxxxxpredictiveHigh
40Filexxx-xxxxxxx-xxx.xxpredictiveHigh
41Filexxxxxxx.xpredictiveMedium
42Filexxx.xxxpredictiveLow
43Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
44File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
45Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
46Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
47Libraryxxxxxxx.xxxpredictiveMedium
48Libraryxxxxx.xxxpredictiveMedium
49Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
50ArgumentxxxxxxpredictiveLow
51ArgumentxxxpredictiveLow
52Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
53ArgumentxxxxxxpredictiveLow
54Argumentx:\xxxxxxx\xpredictiveMedium
55Argumentxxxxx_xxxxpredictiveMedium
56Argumentxxxxx_xxpredictiveMedium
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
59Argumentxxx_xxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxpredictiveLow
62Argumentxxxx_xxxxxpredictiveMedium
63Argumentxxxxxx_xxxpredictiveMedium
64ArgumentxxxxpredictiveLow
65ArgumentxxpredictiveLow
66ArgumentxxxxxxxpredictiveLow
67ArgumentxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxxpredictiveLow
70Argumentx_xxxxpredictiveLow
71Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
72ArgumentxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxxxxxxxxpredictiveMedium
75ArgumentxxpredictiveLow
76ArgumentxxxxxxpredictiveLow
77Argumentx-xxxxxxxxx-xxxxpredictiveHigh
78Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!