Hive Analysis
IOB - Indicator of Behavior (500)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
IOC - Indicator of Compromise (36)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (22)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (200)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /.vnc/sesman_${username}_passwd | predictive | High |
2 | File | /admin/add-category.php | predictive | High |
3 | File | /admin/cashadvance_row.php | predictive | High |
4 | File | /admin/login.php | predictive | High |
5 | File | /asms/classes/Master.php?f=delete_transaction | predictive | High |
6 | File | /cgi-bin/cstecgi.cgi | predictive | High |
7 | File | /cgi-bin/editBookmark | predictive | High |
8 | File | /cgi-bin/login.cgi | predictive | High |
9 | File | /cgi-bin/wlogin.cgi | predictive | High |
10 | File | /change_password_process | predictive | High |
11 | File | /controller/Index.php | predictive | High |
12 | File | /CPE | predictive | Low |
13 | File | /Employer/EditProfile.php | predictive | High |
14 | File | /endpoint/add-guest.php | predictive | High |
15 | File | /goform/addressNat | predictive | High |
16 | File | /goform/aspForm | predictive | High |
17 | File | /goform/SysToolRestoreSet | predictive | High |
18 | File | /include/chart_generator.php | predictive | High |
19 | File | /include/menu_v.inc.php | predictive | High |
20 | File | /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 | predictive | High |
21 | File | /librarian/lab.php | predictive | High |
22 | File | /omos/admin/?page=user/list | predictive | High |
23 | File | /xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxx | predictive | High |
24 | File | /xxxxx/xxxxxx/xxx | predictive | High |
25 | File | /xxxxxxx/xxxxxxxx.xxx | predictive | High |
26 | File | /xxxx/*/xxxxxxx" | predictive | High |
27 | File | /xxxx/xxx/xxxxxxx | predictive | High |
28 | File | /xxxx/xxxx_xxxxxxx | predictive | High |
29 | File | /xxx/x-xxxxxx/xxxxxxx/xxxxxx/xxxx/xxxxxxx.x | predictive | High |
30 | File | /xxxxx_xxxxx.xxx | predictive | High |
31 | File | /xxxxxxx/ | predictive | Medium |
32 | File | /xxx/xxx/xxxxx | predictive | High |
33 | File | /xxx/xxx/xxx/xxxxxxx.xx | predictive | High |
34 | File | xxx_xxxxxxx.xxx | predictive | High |
35 | File | xxxxx.xxx/xxxxx/xxxxxx xxxxxxx xxx/xxxxxx/xxxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
36 | File | xxxxx/xxxxx_xxxxxxxx.xxx | predictive | High |
37 | File | xxxxx/xxxxxx.xxx | predictive | High |
38 | File | xxxxxxx.xxx | predictive | Medium |
39 | File | xxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxx | predictive | High |
40 | File | xxxx_xxxxx_xxxx.xxx | predictive | High |
41 | File | xxxx_xxx_xxxx.xxx | predictive | High |
42 | File | xxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xx | predictive | High |
43 | File | xxx.xxx | predictive | Low |
44 | File | xxx/xx-xxxxx-xxxxxxx/xxx-xx-xxxxx-xxxxxxx.xxx | predictive | High |
45 | File | xxx\xxxxxxxxxx_xxxxxxxx\xxxxxxxxxx_xxxxxxx_xxxxxxx.xxx | predictive | High |
46 | File | xxx\xxxxxxx\xxx\xxx.xxx.xxx | predictive | High |
47 | File | xxxx-xxxx.x | predictive | Medium |
48 | File | xxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx | predictive | High |
49 | File | xxxx.xxx | predictive | Medium |
50 | File | xxx-xxxxxx-xxxxxx.x | predictive | High |
51 | File | x:\xxxxxx | predictive | Medium |
52 | File | x:\xxxxxxxx | predictive | Medium |
53 | File | x:\xxxxxxx\xxxxxxxx.xxx | predictive | High |
54 | File | xxxxxxxxxxxxxxxx.xxxx | predictive | High |
55 | File | xxxxxxxxxx/xxxxxxx/xxxxxxxx.xxx | predictive | High |
56 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
57 | File | xxxxxx.xxx | predictive | Medium |
58 | File | xxxxxxx/xxxxxxxxxx/xx/xxxx/xxxx.x | predictive | High |
59 | File | xxxxxxx/xxxxx/xxxxxxxx/xxxxx | predictive | High |
60 | File | xxx.x | predictive | Low |
61 | File | xxxxxxxxxxxxxxxxxx.xxx | predictive | High |
62 | File | xxxxx_xxxxxx.xxxx.xxx | predictive | High |
63 | File | xxxx.xxx | predictive | Medium |
64 | File | xxxxx.xxx | predictive | Medium |
65 | File | xxxxxxxxx/xxxxx/xxxxxxx-xxxxx/xxxxx/xxxxxx-xxxxxxxxxx.xxx | predictive | High |
66 | File | xxxxxxx.x | predictive | Medium |
67 | File | xxxxx_xxxx.xxx | predictive | High |
68 | File | xxxxxxxx.x | predictive | Medium |
69 | File | xxxxx/xxxxx/xxxxxxxx.xxx | predictive | High |
70 | File | xxx/xxxxxx.xxx | predictive | High |
71 | File | xxxxxxxx/xxxxx-xx-xxxxxxxxx.xxx | predictive | High |
72 | File | xxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxx | predictive | High |
73 | File | xxxxxxx.xxx | predictive | Medium |
74 | File | xxxxxxxx.x | predictive | Medium |
75 | File | xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx | predictive | High |
76 | File | xxxxxxxx.xxx | predictive | Medium |
77 | File | xxxxxxxxxx/xxxxxxxxx.x | predictive | High |
78 | File | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx | predictive | High |
79 | File | xxxxx.xxx | predictive | Medium |
80 | File | xxxxx.xxx | predictive | Medium |
81 | File | xx.x | predictive | Low |
82 | File | xxxxxx/xxxxxx_xxxxx.xxx | predictive | High |
83 | File | xxxxxxxxxx.xx | predictive | High |
84 | File | xxx-xxxxxxx.xxx | predictive | High |
85 | File | xxx/xxxxx.xxxx | predictive | High |
86 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
87 | File | xxxxxxxxx.xxx.xxx | predictive | High |
88 | File | xxxxxxx.xxx | predictive | Medium |
89 | File | xxxxxx.xxx | predictive | Medium |
90 | File | xxxxxxx-xxxxxxxxx-xxxxxxxx.xxx | predictive | High |
91 | File | xxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
92 | File | xxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
93 | File | xxxxxxx_xxxxxx.xxxx | predictive | High |
94 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | High |
95 | File | xxxx-xxx/xxxxxxxx.xxx?xxxx=xxx_xxxxxxxx.xxx | predictive | High |
96 | File | xxxxxx.xxx | predictive | Medium |
97 | File | xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx | predictive | High |
98 | File | xxxxxxxx_xxx-xxxx-xx.xxx | predictive | High |
99 | File | xxxxx.xxx | predictive | Medium |
100 | File | xxxx-xxxxxx.x | predictive | High |
101 | File | xxxxxxxxxxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
102 | File | xx_xxxx/xx_xxxx.x | predictive | High |
103 | File | xxxxxxx.xxx | predictive | Medium |
104 | File | xxx_xxxxxxxx.x | predictive | High |
105 | File | xxxxxx_xxxxxx.x | predictive | High |
106 | File | xxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxx | predictive | High |
107 | File | xxxxxx.xxx | predictive | Medium |
108 | File | xxxxxxxxx.xxx | predictive | High |
109 | File | xxxxx.x | predictive | Low |
110 | File | xxxxx/xxxx.xx | predictive | High |
111 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
112 | File | xxxxxx/xxxxxxxxx.xxx | predictive | High |
113 | File | xxxxxx | predictive | Low |
114 | File | xx-xxxxx/xxxxx-xxxx.xxx | predictive | High |
115 | File | xx-xxxxx.xxx | predictive | Medium |
116 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
117 | File | _/xxxxxxx/xxxxxxx-xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxxxx_ | predictive | High |
118 | File | ~/.xxxxxxx | predictive | Medium |
119 | Library | xxxx.xxx | predictive | Medium |
120 | Library | xxxxxxxx.xxx | predictive | Medium |
121 | Library | xxxxxxxxxxxxxx.xxx | predictive | High |
122 | Library | xxx/xxx/xxxx.xxxxx.xxx | predictive | High |
123 | Library | xxx/xxx/xxx_xxxxxx_xxx.x | predictive | High |
124 | Library | xxxxxxxxxxxxxxxx.xxx | predictive | High |
125 | Library | xxxxxxxx.xxx | predictive | Medium |
126 | Library | xxxxxxxxxxx/xxxxxxxxxxx.xxx | predictive | High |
127 | Argument | -xx | predictive | Low |
128 | Argument | /.xxx/xxxxxx_${xxxxxxxx}_xxxxxx | predictive | High |
129 | Argument | xx/xx | predictive | Low |
130 | Argument | xxxxxxx | predictive | Low |
131 | Argument | xxxxxxxx_xxx_xxx/xxxxxxxx_xxxxxxxx_xxx | predictive | High |
132 | Argument | xxxxx | predictive | Low |
133 | Argument | xxxxxxxx | predictive | Medium |
134 | Argument | xxx | predictive | Low |
135 | Argument | xxxxxxx[] | predictive | Medium |
136 | Argument | xxxx_xxxx | predictive | Medium |
137 | Argument | xxx | predictive | Low |
138 | Argument | xxxxxxxxxxx | predictive | Medium |
139 | Argument | xxxxx/xxxxxx | predictive | Medium |
140 | Argument | xxxxxx/xxxxxxxxxxxx | predictive | High |
141 | Argument | xxxxxxx | predictive | Low |
142 | Argument | xxxx_xxx | predictive | Medium |
143 | Argument | xxxxx xxxx/xxxxxx xxxx/xxxx xxxx | predictive | High |
144 | Argument | xxxx | predictive | Low |
145 | Argument | xxxxxxxx | predictive | Medium |
146 | Argument | xx | predictive | Low |
147 | Argument | xxxxxx | predictive | Low |
148 | Argument | xxxxxxx | predictive | Low |
149 | Argument | xxxxxxxxxxxxxx.xxxxxxxxxxxxx | predictive | High |
150 | Argument | xxx | predictive | Low |
151 | Argument | xxxxx | predictive | Low |
152 | Argument | xxxxxx | predictive | Low |
153 | Argument | xxxx | predictive | Low |
154 | Argument | xxxxx_xxxxx_xx | predictive | High |
155 | Argument | xxxxxxx | predictive | Low |
156 | Argument | xxxx | predictive | Low |
157 | Argument | xxxx | predictive | Low |
158 | Argument | xxxx/xxxxxxx | predictive | Medium |
159 | Argument | xxxx | predictive | Low |
160 | Argument | xx | predictive | Low |
161 | Argument | xxx.xxxxxxxxxxxxxxx.xxx.xxxxxxx.xxxx.xxxxxxxxxxxxxxxxxxxx.xxxxxx | predictive | High |
162 | Argument | xxxxxxx | predictive | Low |
163 | Argument | xxxx | predictive | Low |
164 | Argument | xxxxxxxx | predictive | Medium |
165 | Argument | xxxxxxxxx | predictive | Medium |
166 | Argument | xxxxxxxxxx | predictive | Medium |
167 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
168 | Argument | xxxxxxxx_xxxxx | predictive | High |
169 | Argument | xxxxxxx[xxxx] | predictive | High |
170 | Argument | xxxxx | predictive | Low |
171 | Argument | xxxxxxx | predictive | Low |
172 | Argument | xxx | predictive | Low |
173 | Argument | xxxxxx | predictive | Low |
174 | Argument | xxxxxxx | predictive | Low |
175 | Argument | xxxxxxx_xxxxx | predictive | High |
176 | Argument | xxxxxxx_xx | predictive | Medium |
177 | Argument | xxxxxxxxx | predictive | Medium |
178 | Argument | xxxxxxxxx | predictive | Medium |
179 | Argument | xxxxx xx/xxxxx xxxxxxxx | predictive | High |
180 | Argument | xxxxxx | predictive | Low |
181 | Argument | xxx | predictive | Low |
182 | Argument | xxxxxx | predictive | Low |
183 | Argument | xxxx | predictive | Low |
184 | Argument | xxxxx | predictive | Low |
185 | Argument | xxxx/x_xxxxx | predictive | Medium |
186 | Argument | xxx | predictive | Low |
187 | Argument | xxxx | predictive | Low |
188 | Argument | xxxx/xxxx | predictive | Medium |
189 | Argument | xxxxxxxx | predictive | Medium |
190 | Argument | xxxxxxxxx | predictive | Medium |
191 | Argument | x-xxxxxx-xxxxxx | predictive | High |
192 | Argument | _xxxxxxxxxxxxxxxx | predictive | High |
193 | Argument | _xxxxxxx | predictive | Medium |
194 | Argument | _xxxxxxxxxxxx_ | predictive | High |
195 | Input Value | //////////... | predictive | High |
196 | Input Value | <xxxx<xxxxxx>xx>xxxxx(x)</xxxx</xxxxxx>xx> | predictive | High |
197 | Pattern | |xx xx xx xx xx xx xx xx| | predictive | High |
198 | Pattern | |xx xx xx| | predictive | Medium |
199 | Network Port | xxxx/xxxx | predictive | Medium |
200 | Network Port | xxx/xxxx | predictive | Medium |
References (5)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.netlab.360.com/warning-hive-variant-xdr33-is-coming_cn/
- xxxxx://xx.xxxxxxxxx.xxx/xxxx/xxxxxxxx-xxx-xxxx-xxxxxxxxxx-xxxxxxxxx-xx-x-xxxx-xxxxxxxxxx-xx-xxxxxxx
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxx
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxx/xxxxxx/xxxx-xxxx
- xxxxx://xxx.xxxxxxx.xxx/xxxx/xxxx-xxxxxxxxxx-xxxxxxxx