Hive Analysis

IOB - Indicator of Behavior (372)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en340
de8
es6
ru6
ar4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

sc140
us84
ru26
co22
tr12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Hive12
Conti2
Cobalt Strike2
TA5512
TrickBot2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined150
Operating System22
WordPress Plugin20
Chip Software12
Connectivity Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined122
Microsoft20
Qualcomm12
IBM10
Google10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto12
Qualcomm Snapdragon Industrial IOT12
OpenSSH10
Microsoft Windows10
Qualcomm Snapdragon Compute10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2018-19551
3Moment.js path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01108CVE-2022-24785
4Sales / Company Management System member_order.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2018-19925
5Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2018-19549
6WEBrick Gem path traversal5.45.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-11879
7Facebook WhatsApp Video File integer underflow7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01103CVE-2022-27492
8Apple macOS Security certificate validation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01108CVE-2022-26766
9jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.63807CVE-2020-11023
10Dropbear TCP Listener double free7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.04695CVE-2017-9078
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.150.25090CVE-2017-0055
12Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.020.07767CVE-2020-1927
13Google Chrome v8 type confusion6.35.9$25k-$100k$5k-$25kFunctionalOfficial Fix0.030.01136CVE-2022-1096
14Microsoft Exchange Outlook Web Access access control5.34.6$25k-$100k$0-$5kUnprovenOfficial Fix0.020.18147CVE-2014-6319
15VMware vCenter Server/Cloud Foundation vSphere Client Privilege Escalation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.030.96081CVE-2021-21972
16Micro Focus Solutions Business Manager session fixiation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2019-18946
17Email Subscribers / Newsletters sql injection8.37.9$0-$5k$0-$5kNot DefinedOfficial Fix0.050.69724CVE-2019-20361
18Advanced Comment System admin.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01564CVE-2018-18619
19Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-19553
20Qualcomm Snapdragon Auto NFC use after free6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-14024

IOC - Indicator of Compromise (29)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.61.37.207mx.domain.comHiveverifiedHigh
25.199.162.220HiveverifiedHigh
35.199.162.229HiveverifiedHigh
445.9.150.144HiveverifiedHigh
546.166.161.93HiveverifiedHigh
646.166.161.123HiveverifiedHigh
7XX.XXX.XXX.XXXxxxverifiedHigh
8XX.XXX.XXX.XXXXxxxverifiedHigh
9XX.XXX.XXX.XXXxxxverifiedHigh
10XX.XX.XX.XXxx.xx.xx.xx.xx.xxx.xxXxxxverifiedHigh
11XX.XX.XXX.XXXxxxverifiedHigh
12XX.XX.XXX.XXXXxxxverifiedHigh
13XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxx.xxXxxxverifiedHigh
14XX.XXX.XX.XXXxxx.xxxxxxxxxxxxxxxxxxx.xxxxXxxxverifiedHigh
15XX.XXX.XX.XXXXxxxverifiedHigh
16XX.XXX.XX.XXXXxxxverifiedHigh
17XX.XXX.XX.XXXXxxxverifiedHigh
18XXX.XX.XXX.XXXxxxxxx-xxx-xx-xxx-xxx.xxxxxxxxx.xxXxxxverifiedHigh
19XXX.XX.XXX.XXXxxxverifiedHigh
20XXX.XX.XXX.XXXXxxxverifiedHigh
21XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxx-xxxx.xxxXxxxverifiedHigh
22XXX.XXX.XX.XXXxxx-xx-xxx-xxx.xxx.xxxxx.xxx.xxXxxxverifiedHigh
23XXX.X.XXX.XXXxxxverifiedHigh
24XXX.X.XXX.XXXXxxxverifiedHigh
25XXX.X.XXX.XXXXxxxverifiedHigh
26XXX.XX.XXX.XXxxxverifiedHigh
27XXX.XXX.XX.XXXXxxxverifiedHigh
28XXX.XXX.XXX.XXxxxxxx.xxx-xxx-xxx.xxxxxxx.xxx.xxXxxxverifiedHigh
29XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxx Xx Xxxx XxxxpredictiveHigh
22TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (143)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.vnc/sesman_${username}_passwdpredictiveHigh
2File/asms/classes/Master.php?f=delete_transactionpredictiveHigh
3File/cgi-bin/editBookmarkpredictiveHigh
4File/cgi-bin/wlogin.cgipredictiveHigh
5File/goform/addressNatpredictiveHigh
6File/include/chart_generator.phppredictiveHigh
7File/include/menu_v.inc.phppredictiveHigh
8File/librarian/lab.phppredictiveHigh
9File/omos/admin/?page=user/listpredictiveHigh
10File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
11File/panel/fields/addpredictiveHigh
12File/patient/settings.phppredictiveHigh
13File/proc/*/cmdline"predictiveHigh
14File/proc/pid/syscallpredictiveHigh
15File/sbin/acos_servicepredictiveHigh
16File/uncpath/predictiveMedium
17File/xxx/xxx/xxxxxpredictiveHigh
18File/xxx/xxx/xxx/xxxxxxx.xxpredictiveHigh
19Filexxx_xxxxxxx.xxxpredictiveHigh
20Filexxxxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxx_xxxxx_xxxx.xxxpredictiveHigh
23Filexxxx_xxx_xxxx.xxxpredictiveHigh
24Filexxx.xxxpredictiveLow
25Filexxx/xx-xxxxx-xxxxxxx/xxx-xx-xxxxx-xxxxxxx.xxxpredictiveHigh
26Filexxx\xxxxxxxxxx_xxxxxxxx\xxxxxxxxxx_xxxxxxx_xxxxxxx.xxxpredictiveHigh
27Filexxxx-xxxx.xpredictiveMedium
28Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
29Filexxx-xxxxxx-xxxxxx.xpredictiveHigh
30Filex:\xxxxxxpredictiveMedium
31Filex:\xxxxxxxxpredictiveMedium
32Filex:\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
34Filexxxxxxxxxx/xxxxxxx/xxxxxxxx.xxxpredictiveHigh
35Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxxx/xxxxxxxxxx/xx/xxxx/xxxx.xpredictiveHigh
38Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
39Filexxx.xpredictiveLow
40Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxx_xxxxxx.xxxx.xxxpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxxxx.xpredictiveMedium
45Filexxxxx_xxxx.xxxpredictiveHigh
46Filexxxxxxxx.xpredictiveMedium
47Filexxx/xxxxxx.xxxpredictiveHigh
48Filexxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xpredictiveMedium
51Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxx/xxxxxxxxx.xpredictiveHigh
54Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexx.xpredictiveLow
57Filexxxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
58Filexxx-xxxxxxx.xxxpredictiveHigh
59Filexxx/xxxxx.xxxxpredictiveHigh
60Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxxx.xxx.xxxpredictiveHigh
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxxx.xxxpredictiveMedium
64Filexxxxxxx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxx_xxxxxx.xxxxpredictiveHigh
67Filexxxxxx.xxxpredictiveMedium
68Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
69Filexxxxxxxx_xxx-xxxx-xx.xxxpredictiveHigh
70Filexxxx-xxxxxx.xpredictiveHigh
71Filexx_xxxx/xx_xxxx.xpredictiveHigh
72Filexxx_xxxxxxxx.xpredictiveHigh
73Filexxxxxx_xxxxxx.xpredictiveHigh
74Filexxx/xxxxx/xxxxxx.xxx?xxxxxxx=xxxxxxxpredictiveHigh
75Filexxxxxxxxx.xxxpredictiveHigh
76Filexxxxx.xpredictiveLow
77Filexxxxx/xxxx.xxpredictiveHigh
78Filexxxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
80Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
81Filexx-xxxxx.xxxpredictiveMedium
82Filexxxxxxxxxxxxxx.xxxpredictiveHigh
83File~/.xxxxxxxpredictiveMedium
84Libraryxxxx.xxxpredictiveMedium
85Libraryxxxxxxxx.xxxpredictiveMedium
86Libraryxxx/xxx/xxxx.xxxxx.xxxpredictiveHigh
87Libraryxxx/xxx/xxx_xxxxxx_xxx.xpredictiveHigh
88Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
89Argument-xxpredictiveLow
90Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHigh
91Argumentxx/xxpredictiveLow
92Argumentxxxxxxxx_xxx_xxx/xxxxxxxx_xxxxxxxx_xxxpredictiveHigh
93ArgumentxxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxpredictiveLow
96Argumentxxxxxxx[]predictiveMedium
97Argumentxxxxx/xxxxxxpredictiveMedium
98Argumentxxxxxx/xxxxxxxxxxxxpredictiveHigh
99Argumentxxxx_xxxpredictiveMedium
100Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxxpredictiveHigh
101ArgumentxxxxpredictiveLow
102ArgumentxxpredictiveLow
103ArgumentxxxxxxxpredictiveLow
104ArgumentxxxpredictiveLow
105ArgumentxxxxxpredictiveLow
106ArgumentxxxxxxpredictiveLow
107ArgumentxxxxpredictiveLow
108Argumentxxxxx_xxxxx_xxpredictiveHigh
109ArgumentxxxxxxxpredictiveLow
110ArgumentxxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112ArgumentxxxxpredictiveLow
113ArgumentxxpredictiveLow
114Argumentxxx.xxxxxxxxxxxxxxx.xxx.xxxxxxx.xxxx.xxxxxxxxxxxxxxxxxxxx.xxxxxxpredictiveHigh
115ArgumentxxxxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxxxxxxpredictiveMedium
119ArgumentxxxxxxxxxxpredictiveMedium
120ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
121Argumentxxxxxxxx_xxxxxpredictiveHigh
122Argumentxxxxxxx[xxxx]predictiveHigh
123ArgumentxxxxxxpredictiveLow
124ArgumentxxxxxxxpredictiveLow
125Argumentxxxxxxx_xxxxxpredictiveHigh
126Argumentxxxxxxx_xxpredictiveMedium
127ArgumentxxxxxxxxxpredictiveMedium
128ArgumentxxxxxxxxxpredictiveMedium
129ArgumentxxxxxxpredictiveLow
130ArgumentxxxxxpredictiveLow
131Argumentxxxx/x_xxxxxpredictiveMedium
132ArgumentxxxpredictiveLow
133ArgumentxxxxpredictiveLow
134ArgumentxxxxxxxxpredictiveMedium
135ArgumentxxxxxxxxxpredictiveMedium
136Argument_xxxxxxxxxxxxxxxxpredictiveHigh
137Argument_xxxxxxxpredictiveMedium
138Input Value//////////...predictiveHigh
139Input Value<xxxx<xxxxxx>xx>xxxxx(x)</xxxx</xxxxxx>xx>predictiveHigh
140Pattern|xx xx xx xx xx xx xx xx|predictiveHigh
141Pattern|xx xx xx|predictiveMedium
142Network Portxxxx/xxxxpredictiveMedium
143Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!