HawkEye Analysis

IOB - Indicator of Behavior (142)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en132
pl4
es2
ru2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us40
de6
ru6
pl6
is4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HawkEye11
Nanocore2
Adwind1
Emotet1
Grizzly Steppe1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Anti-Malware Software14
Web Server12
Operating System10
Smartphone Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Microsoft16
Apache14
K7computing12
Apple8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

K7computing K7AntiVirus Premium12
Apache HTTP Server10
PHP6
Microsoft Windows6
Apple iOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1cloud-init cc_set_passwords.py rand_user_password Policy insufficiently protected credentials4.24.2$0-$5kCalculatingNot DefinedNot Defined0.010.00950CVE-2020-8632
2Microsoft Windows LDAP Privilege Escalation7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.09891CVE-2022-30139
3Cisco ASA SSL VPN double free10.09.5$100k and more$0-$5kHighOfficial Fix0.040.57609CVE-2018-0101
4Zoho ManageEngine Applications Manager REST API sql injection8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.010.05634CVE-2020-15394
5Apache HTTP Server ap_some_auth_required access control3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.040.07344CVE-2015-3185
6Zoho ManageEngine ServiceDesk Plus missing authentication7.47.1$0-$5kCalculatingNot DefinedOfficial Fix0.040.01055CVE-2020-14048
7PHP PHP-FPM resource consumption5.95.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02654CVE-2015-9253
8Citrix ADC/Gateway SSL VPN Endpoint information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2019-18177
9Mikrotik RouterOS Hotspot Process out-of-bounds7.67.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.01086CVE-2022-45313
10SmarterTools SmarterMail Email Stored cross site scripting5.24.9$0-$5kCalculatingNot DefinedOfficial Fix0.060.00885CVE-2019-7211
11PRTG Network Monitor EXE File input validation5.45.4$0-$5kCalculatingNot DefinedNot Defined0.040.01624CVE-2017-15651
12mod_ssl ssl_engine_log.c mod_proxy format string7.37.0$0-$5kCalculatingNot DefinedOfficial Fix0.010.03779CVE-2004-0700
13SmarterTools SmarterMail path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.10289CVE-2019-7213
14TP-Link TL-WR841N ated_tp command injection6.66.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2022-42433
15Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak3.83.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01018CVE-2022-3646
16DMXReady Polling Booth Manager inc_pollingboothmanager.asp sql injection7.37.3$0-$5kCalculatingHighUnavailable0.000.01139CVE-2010-4921
17Pre Classified Listings ASP detailad.asp sql injection7.37.3$0-$5kCalculatingNot DefinedNot Defined0.010.01055CVE-2010-1370
18Microsoft Windows Kernel denial of service5.85.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.020.02844CVE-2022-30155
19Microsoft Windows Hyper-V Privilege Escalation8.57.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01967CVE-2022-30163
20Ericsson RX8200 Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2020-22158

IOC - Indicator of Compromise (98)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
11.1.1.1one.one.one.oneHawkEyeverifiedHigh
23.24.51.219awcp037.server-cpanel.comHawkEyeverifiedHigh
313.107.21.200HawkEyeverifiedHigh
418.211.9.206ec2-18-211-9-206.compute-1.amazonaws.comHawkEyeverifiedMedium
520.36.253.92HawkEyeverifiedHigh
623.3.13.153a23-3-13-153.deploy.static.akamaitechnologies.comHawkEyeverifiedHigh
723.3.13.154a23-3-13-154.deploy.static.akamaitechnologies.comHawkEyeverifiedHigh
823.5.230.228a23-5-230-228.deploy.static.akamaitechnologies.comHawkEyeverifiedHigh
923.54.213.99a23-54-213-99.deploy.static.akamaitechnologies.comHawkEyeverifiedHigh
1023.94.43.9023-94-43-90-host.colocrossing.comHawkEyeverifiedHigh
1123.217.148.78a23-217-148-78.deploy.static.akamaitechnologies.comHawkEyeverifiedHigh
1223.222.79.194a23-222-79-194.deploy.static.akamaitechnologies.comHawkEyeverifiedHigh
1323.222.79.232a23-222-79-232.deploy.static.akamaitechnologies.comHawkEyeverifiedHigh
1431.170.163.242mx1.main-hosting.comHawkEyeverifiedHigh
1531.209.137.12smtp.vivaldi.netHawkEyeverifiedHigh
1634.226.71.106ec2-34-226-71-106.compute-1.amazonaws.comHawkEyeverifiedMedium
1734.232.187.93ec2-34-232-187-93.compute-1.amazonaws.comHawkEyeverifiedMedium
1865.55.44.109HawkEyeverifiedHigh
1972.29.90.201zeus.imd.laHawkEyeverifiedHigh
2074.208.5.15smtp.mail.comHawkEyeverifiedHigh
21XX.XX.XX.XXXxxxx-xxxx.xxxxxx.xxxxx-x.xxxxxx.xxxXxxxxxxverifiedHigh
22XX.XX.XX.XXXxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
23XX.XXX.XXX.XXXxxxx.xxxxxxx.xxxXxxxxxxverifiedHigh
24XX.XXX.XXX.XXXxxx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
25XX.XXX.XXX.XXxxxx.xxxxxx.xxXxxxxxxverifiedHigh
26XX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxverifiedHigh
27XX.XXX.XX.XXXXxxxxxxverifiedHigh
28XX.XXX.XXX.XXXXxxxxxxverifiedHigh
29XX.XXX.XXX.XXxxxx.xxxxxx.xxXxxxxxxverifiedHigh
30XX.XX.XX.XXXxxxxxx.xxx.xxXxxxxxxverifiedHigh
31XX.XXX.XXX.XXXxxxx.xxxx.xxXxxxxxxverifiedHigh
32XXX.XX.XXX.XXxxxxxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
33XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxverifiedHigh
34XXX.XXX.XXX.XXXxx-xxx-xxx.xxxxx.xxxXxxxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxx.xxXxxxxxxverifiedHigh
36XXX.XX.XX.XXXxxxxxxverifiedHigh
37XXX.XX.XXX.XXXxxxxxxverifiedHigh
38XXX.XX.XXX.XXXxxxxxxverifiedHigh
39XXX.XX.X.XXXxxxxxxverifiedHigh
40XXX.XX.XXX.XXxxxx-xx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
41XXX.XXX.X.XXxxxx-xxx-x-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
42XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
43XXX.XXX.XXX.XXXxxxxxxverifiedHigh
44XXX.XXX.XX.XXXxxxx-xxxxxx.xxxx.xxx.xxxXxxxxxxverifiedHigh
45XXX.XXX.XXX.XXxxxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
46XXX.XXX.XXX.XXxxxxxxxx-xxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
47XXX.XXX.XXX.XXXxxxxxxverifiedHigh
48XXX.XXX.XXX.XXXxxxxxxverifiedHigh
49XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
50XXX.XX.XXX.Xxx-xxx-xx-xxx-x-xxx.xxxxxx.xxxXxxxxxxverifiedHigh
51XXX.XX.XXX.Xxx-xxx-xx-xxx-x-xxx.xxxxxx.xxxXxxxxxxverifiedHigh
52XXX.XX.XXX.Xxx-xxx-xx-xxx-x-xxx.xxxxxx.xxxXxxxxxxverifiedHigh
53XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
54XXX.XX.XXX.XXXxx-xxx-xxxxxxx.xxxxxxxxx.xxXxxxxxxverifiedHigh
55XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
56XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxverifiedMedium
57XXX.XXX.X.XXXXxxxxxxverifiedHigh
58XXX.XXX.X.XXXXxxxxxxverifiedHigh
59XXX.XXX.XX.XXXXxxxxxxverifiedHigh
60XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
61XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
62XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
63XXX.XXX.X.XXXxxxxxxverifiedHigh
64XXX.XX.XXX.XXxxxxxxxx-xxxxxx.xxxxxx.xxxXxxxxxxverifiedHigh
65XXX.XXX.XX.Xxxxxx.xxxxxxxx.xxxXxxxxxxverifiedHigh
66XXX.XX.XX.XXXXxxxxxxverifiedHigh
67XXX.XXX.X.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxverifiedHigh
68XXX.XXX.X.XXXxxxxxxxx-xx-xx.xxxxx.xxxXxxxxxxverifiedHigh
69XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
70XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
71XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
72XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
73XXX.XXX.XX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
74XXX.XX.X.XXXxxxx.xxXxxxxxxverifiedHigh
75XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxxxverifiedHigh
76XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxxxverifiedHigh
77XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxxxverifiedHigh
78XXX.XX.XXX.XXXxxxxxxverifiedHigh
79XXX.XX.XXX.XXXxxxxxx.xxxxxxx.xxXxxxxxxverifiedHigh
80XXX.XXX.XX.XXXxxxxxxxxxxxxx.xxxxxxxx.xxxXxxxxxxverifiedHigh
81XXX.XXX.XXX.XXxxxxxxverifiedHigh
82XXX.XX.XXX.XXxxx-xxxxxxxx.xxx.xxx.xxXxxxxxxverifiedHigh
83XXX.XX.XX.XXXXxxxxxxverifiedHigh
84XXX.XX.XX.XXXXxxxxxxverifiedHigh
85XXX.XX.XXX.XXxxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
86XXX.XX.XX.XXXxxxx.xxxxxxxx.xxxXxxxxxxverifiedHigh
87XXX.XX.XX.XXXxxxxxxxxxxx.xxxxx.xxxXxxxxxxverifiedHigh
88XXX.XX.XX.XXXxxxxxxverifiedHigh
89XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxverifiedHigh
90XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
91XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
92XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
93XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
94XXX.XX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxverifiedHigh
95XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxverifiedHigh
96XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxverifiedHigh
97XXX.XX.XXX.XXXxxxx.xxxx.xxXxxxxxxverifiedHigh
98XXX.XX.XXX.XXXxxxx.xx.xxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/out.phppredictiveMedium
3File/romfile.cfgpredictiveMedium
4Fileabook_database.phppredictiveHigh
5Filecloudinit/config/cc_set_passwords.pypredictiveHigh
6FileCodeBrws.asppredictiveMedium
7FileCrystalReports12.CrystalPrintControl.1predictiveHigh
8Filexxxxxx/xxxxxxxxxx.xpredictiveHigh
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxx/xxxx/xx_xxxxx.xpredictiveHigh
11Filexxxxxxxxxx.xxxxxxx.xxpredictiveHigh
12Filexx/xxxxxx/xxxxxxx.xpredictiveHigh
13Filexxx_xxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
15Filexxx_xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxx/xxxx.xxxpredictiveHigh
20Filexxx_xxxxx_xxxx.xpredictiveHigh
21Filexxxxxx_xxx.xxxpredictiveHigh
22Filexxx/xxxxxxxx.xxpredictiveHigh
23Filexxxxx.xpredictiveLow
24Filexxxx_xxxx.xxxpredictiveHigh
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxx.xxpredictiveLow
27Filexxx_xxxxxx_xxx.xpredictiveHigh
28Filexxxxxxxxx.xxxpredictiveHigh
29FilexxxxxxpredictiveLow
30Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
31Filexx-xxxxx.xxxpredictiveMedium
32Filexxx/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
33Libraryxxxxxxxx.xxxpredictiveMedium
34Libraryxxxxxxxxxxxx.xxxpredictiveHigh
35ArgumentxxxpredictiveLow
36ArgumentxxxxpredictiveLow
37ArgumentxxpredictiveLow
38Argumentxx_xxxxpredictiveLow
39Argumentxxxxxxx/xxxxxx_xxpredictiveHigh
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxx/xxxxxxxx+xxpredictiveHigh
44ArgumentxxxxxpredictiveLow
45ArgumentxxxxxxxxxxpredictiveMedium
46ArgumentxxxxxxpredictiveLow
47ArgumentxxxxxpredictiveLow
48Argumentxxxx_xxpredictiveLow
49Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
50ArgumentxxxxpredictiveLow
51Input Value%xx%xx%xx%xxpredictiveMedium
52Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
53Input ValuexxxxxxxpredictiveLow
54Network Portxxx/xxxxpredictiveMedium
55Network Portxxx/xxxxxpredictiveMedium
56Network Portxxx xxxxxx xxxxpredictiveHigh

References (14)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!