Hadglider Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (323)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en310
ru12
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA28
CN: China20
RU: Russia6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AsyncRAT1
TeamTNT1
Cobalt Strike1
RedLine Stealer1
Outlaw Cryptominer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined138
WordPress Plugin24
Operating System16
Content Management System14
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined106
mooSocial8
Apple6
Linux6
Netgear6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

mooSocial mooDating6
Apple macOS6
Linux Kernel6
Netgear D78006
Netgear R61006

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection7.57.2$0-$5k$0-$5kProof-of-ConceptWorkaroundexpected0.915170.06CVE-2024-7120
2Netgear WN604 Web Interface downloadFile.php information disclosure5.35.1$5k-$25k$0-$5kProof-of-ConceptWorkaroundexpected0.921240.08CVE-2024-6646
3Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.732000.18CVE-2024-0939
4TVT DVR TD-2104TS-CL queryDevInfo information disclosure5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaroundexpected0.812850.00CVE-2024-7339
5osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.064250.06CVE-2024-4348
6D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection8.18.1$5k-$25k$0-$5kAttackedWorkaroundverified0.944050.24CVE-2024-3273
7mooSocial mooDating URL users cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.071890.00CVE-2023-3847
8Dahua Smart Park Management devicePoint_addImgIco unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.904460.06CVE-2023-3836
9PHP Jabbers Bus Reservation System index.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.057480.06CVE-2023-4111
10PHP Jabbers Taxi Booking index.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.062580.06CVE-2023-4116
11DedeCMS select_templets.php path traversal4.64.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.025530.00CVE-2023-2059
12PHP Jabbers Availability Booking Calendar index.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.049770.07CVE-2023-4110
13Ellucian Ethos Identity logout cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.770480.06CVE-2023-2822
14PlayTube Redirect information disclosure5.45.2$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.895620.05CVE-2023-4714
15ColumbiaSoft Document Locator WebTools login improper authentication8.18.0$0-$5k$0-$5kNot definedOfficial fixexpected0.875650.06CVE-2023-5830
16Academy LMS GET Parameter filter sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.432310.06CVE-2023-4974
17mooSocial mooDating URL question cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.071890.06CVE-2023-3843
18mooSocial mooDating URL ajax_invite cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.071890.05CVE-2023-3845
19Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.906610.06CVE-2023-5222
20Ruijie RG-EW1200G Administrator Password set_passwd access control7.16.9$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.909560.18CVE-2023-4169

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.123Hadglider03/31/2022verifiedLow

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24, CWE-28, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (163)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/academy/tutor/filterpredictiveHigh
2File/ad-listpredictiveMedium
3File/admin/suppliers/view_details.phppredictiveHigh
4File/ajax.php?action=read_msgpredictiveHigh
5File/api/authentication/loginpredictiveHigh
6File/api/sys/loginpredictiveHigh
7File/api/sys/set_passwdpredictiveHigh
8File/api/v2/open/rowsInfopredictiveHigh
9File/app/sys1.phppredictiveHigh
10File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
11File/cas/logoutpredictiveMedium
12File/catalog/all-productspredictiveHigh
13File/cgi-bin/adm.cgipredictiveHigh
14File/cgi-bin/mesh.cgi?page=upgradepredictiveHigh
15File/cgi-bin/nas_sharing.cgipredictiveHigh
16File/cgi-bin/nightled.cgipredictiveHigh
17File/cgi-bin/touchlist_sync.cgipredictiveHigh
18File/cgi-bin/vitogate.cgipredictiveHigh
19File/debug/pprofpredictiveMedium
20File/xxxxxxx_xxx/xxxx.xxxx.xxx?xxxxxx=xxxxxxxxxxpredictiveHigh
21File/xxxxxxxxxxxx.xxxpredictiveHigh
22File/xxxx/xxxxxxxxxxx_xxxxxxxxx?xxxxxxxxxxxx=xxxxpredictiveHigh
23File/xxxpredictiveLow
24File/xxxx-x-xxxxxpredictiveHigh
25File/xxxxxxxpredictiveMedium
26File/xxxxxxx/xxxx_xxxxxxpredictiveHigh
27File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
29File/xxx/xxxxxx/xxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
30File/xxxxx.xxxpredictiveMedium
31File/xxxxx.xxx?xxxx=xxxxxxxx_xxxpredictiveHigh
32File/xxxxxx/xxxxxxx.xxxpredictiveHigh
33File/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
34File/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
35File/xxxxxpredictiveLow
36File/xxx/xxxx.xxxpredictiveHigh
37File/xxxxxxxx/xxxxx.xxxpredictiveHigh
38File/xxxxxxxxxxxxpredictiveHigh
39File/xxxxxxpredictiveLow
40File/xxxxxx/xxxxxpredictiveHigh
41File/xxx/xxxxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
42File/xxxx/xxxxxxxxxx.xxxpredictiveHigh
43File/xxxxxpredictiveLow
44File/xxxxx/xxxxpredictiveMedium
45Filexxx-xxxxxx-xxxx.xxxpredictiveHigh
46Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
47Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
48Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
49Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxx_xx_xxx_xxx.xxxpredictiveHigh
52Filexxx/xxxxxx/xxxx/xxx_xxxxxx.xxxpredictiveHigh
53Filexxx.xpredictiveLow
54FilexxxpredictiveLow
55Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
56Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
57Filexxx_xxxx.xpredictiveMedium
58Filexxx/xxxxx.xxxxxpredictiveHigh
59Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
60Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
61Filexxxxxxx_xxx.xxxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexx_xxxxx.xpredictiveMedium
66Filexxxxx_xxxxx.xpredictiveHigh
67Filexxxxxxxx/xxxxxxxxxpredictiveHigh
68Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
69Filexxxx.xxxpredictiveMedium
70Filexxxxx.xxxpredictiveMedium
71Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
72Filexxxxxxxx.xxxpredictiveMedium
73Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
74Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
75Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
76Filexxxxx/xxxxx.xxxxxpredictiveHigh
77Filexxxxxxx.xpredictiveMedium
78Filexxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxx-xxxxxxx.xxxpredictiveHigh
80Filexxxxxx-xxxxxx.xxxpredictiveHigh
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
83Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
84Filexxx/xxxx/xxxx/xxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
85Filexxx/xxxx.xpredictiveMedium
86Filexxx.xpredictiveLow
87FilexxxxxxxxxxxxxxxxpredictiveHigh
88Filexxx-xxxxxxx-xxx.xxpredictiveHigh
89Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
90Filexxxxxxx.xpredictiveMedium
91Filexxx.xxxpredictiveLow
92Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
93File\xxxxxxxxxx\xxxxxxxxx\xxx\xxxxxx.xxpredictiveHigh
94File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
95Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
96Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
97Libraryxxxxxxx.xxxpredictiveMedium
98Libraryxxxxx.xxxpredictiveMedium
99Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxxxpredictiveLow
102ArgumentxxxpredictiveLow
103ArgumentxxxxxxxxxxxpredictiveMedium
104Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
105ArgumentxxxxxxpredictiveLow
106Argumentx:\xxxxxxx\xpredictiveMedium
107Argumentxxxxx_xxxxpredictiveMedium
108ArgumentxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111Argumentxxxxx_xxpredictiveMedium
112ArgumentxxxxxxxxpredictiveMedium
113ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
114Argumentxxx_xxxpredictiveLow
115ArgumentxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117ArgumentxxxxxxxxpredictiveMedium
118Argumentxxxx_xxxxxpredictiveMedium
119Argumentxxxx_xxxxxxpredictiveMedium
120Argumentxxxxxx[xxxxxxx]/xxxxxx[xxxxx]predictiveHigh
121Argumentxxxxxx_xxxpredictiveMedium
122ArgumentxxxxpredictiveLow
123ArgumentxxpredictiveLow
124ArgumentxxxxxpredictiveLow
125ArgumentxxxxxpredictiveLow
126Argumentxxxxx/xxxxxx_xxpredictiveHigh
127ArgumentxxxxxxxpredictiveLow
128ArgumentxxpredictiveLow
129ArgumentxxxxxxpredictiveLow
130Argumentxxxxxxxx[xx]predictiveMedium
131ArgumentxxxpredictiveLow
132ArgumentxxxxpredictiveLow
133ArgumentxxxxpredictiveLow
134ArgumentxxxxxxpredictiveLow
135Argumentxxxxx_xxx/xxxxx_xxxpredictiveHigh
136ArgumentxxxxxxxpredictiveLow
137Argumentx_xxxxpredictiveLow
138ArgumentxxxxxxxxxxxxxpredictiveHigh
139Argumentxxxxxxxxxxx/xxxxpredictiveHigh
140Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
141ArgumentxxxxxxxxxxpredictiveMedium
142ArgumentxxxxxxpredictiveLow
143Argumentxxxxxxx_xxpredictiveMedium
144ArgumentxxxpredictiveLow
145ArgumentxxxxxpredictiveLow
146Argumentxxxxx_xxxxpredictiveMedium
147ArgumentxxxxxxpredictiveLow
148Argumentxxxxx_xxxxpredictiveMedium
149ArgumentxxxxxxxxpredictiveMedium
150ArgumentxxxxxxxxxxxpredictiveMedium
151ArgumentxxpredictiveLow
152ArgumentxxxxxxpredictiveLow
153ArgumentxxxpredictiveLow
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxxxxxpredictiveMedium
156ArgumentxxxxpredictiveLow
157Argumentx-xxxxxxxxx-xxxxpredictiveHigh
158Input Value"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
159Input Value/../../../../../../../../../xxxxxxx/xxx.xxxpredictiveHigh
160Input Value//xxx//xxxxxxx.xxxpredictiveHigh
161Input ValuexxxxxxpredictiveLow
162Input ValuexxpredictiveLow
163Input Valuexxxxxxx -xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!