Hadglider Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en120

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-7132
2HP Network Switch access control5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.03CVE-2015-6859
3Dolibarr CRM control flow4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2022-0174
4Philips Collaboration Platform cross-site request forgery5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-14506
5SAP 3D Visual Enterprise Viewer TGA File input validation4.34.3$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2020-6345
6Cisco Unified Contact Center Express Java Remote Management Interface input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-3280
7VMware Cloud Director injection7.57.0$5k-$25k$0-$5kFunctionalOfficial Fix0.00CVE-2020-3956
8Google Chrome Blink use after free7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-6474
9nginx DNS CNAME Record use after free7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.03CVE-2016-0746
10Nutfind.com SSL Certificate Validator certificate validation4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2019-16252
11Google Android eas_mdls.c Parse_lart resource consumption5.45.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-0171
12Apache Unomi OGNL Scripting input validation8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.06CVE-2020-11975
13WinGate Installation default permission6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-13866
14Foxit PhantomPDF Signature Validation signature verification7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-20834
15Perl Regular Expression regcomp.c S_study_chunk buffer overflow7.46.5$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-12723
16Athom Homey/Homey Pro Network Configuration cleartext storage3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-9462
17Perl Regular Expression integer overflow8.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-10878
18Castel NextGen DVR privileges management7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-11679
19Google Chrome User Interface Domain default permission6.46.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2020-6498
20Grafana Incomplete Fix CVE-2018-12099 cross site scripting5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2018-18625

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
145.9.148.123HadgliderHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/goform/SetNetControlListHigh
2Fileadmin/categories_industry.phpHigh
3Fileadmin/content/postcategoryHigh
4FileAdminstrator/Users/Edit/High
5Fileagent.cfgMedium
6Filexxx_xx_xxx_xxx.xxxHigh
7Filexxx.xLow
8FilexxxLow
9Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxHigh
10Filexxxxxxx/xxx/xxx-xx.xHigh
11Filexxx_xxxx.xMedium
12Filexxx/xxxxx.xxxxxHigh
13Filexxxxxxx/xxxxx.xxx.xxxHigh
14Filexx_xxxxx.xMedium
15Filexxxxx_xxxxx.xHigh
16Filexxxx.xxxMedium
17Filexxxxx.xxxMedium
18Filexxxxxxxxx/xxxxx.xxxxxHigh
19Filexxxxx/xxxxx.xxxxxHigh
20Filexxxxxxx.xMedium
21Filexxx.xLow
22FilexxxxxxxxxxxxxxxxHigh
23Filexxx-xxxxxxx-xxx.xxHigh
24Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxHigh
25Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxHigh
26Libraryxxxxxxx.xxxMedium
27Libraryxxxxx.xxxMedium
28Libraryxxxxxxxxxxxxx.xxx)High
29ArgumentxxxLow
30ArgumentxxxxxxLow
31Argumentx:\xxxxxxx\xMedium
32ArgumentxxxxLow
33ArgumentxxLow
34ArgumentxxxxLow
35ArgumentxxxxLow
36Argumentx_xxxxLow
37ArgumentxxxxxLow
38ArgumentxxLow
39ArgumentxxxxxxLow
40Input Value//xxx//xxxxxxx.xxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!