Hploki Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en28
de2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us12
ru6
de2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Hploki2
Adwind1
Zusy1
GenInjector1
Razy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Router Operating System4
Web Browser2
WordPress Plugin2
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft4
Not Defined4
Cisco2
Logitech2
D-Link2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco Linksys Router2
Logitech Media Server2
Microsoft Internet Explorer2
Yoast SEO Plugin2
D-Link DIR-3002

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Internet Explorer memory corruption7.16.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00355CVE-2017-11856
2VISAGESOFT Expert Pdf Viewer Activex ActiveX Control VSPDFViewerX.ocx input validation9.18.9$0-$5k$0-$5kFunctionalUnavailable0.030.15317CVE-2008-4919
3Irfan Skiljan IrfanView LZW Compression memory corruption9.38.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.17085CVE-2013-5351
4Yoast SEO Plugin class-gsc-table.php cross site scripting3.63.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00068CVE-2017-16842
5PHP URL Validation filter_var input validation5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00093CVE-2021-21705
6Node.js zlib input validation6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.07128CVE-2017-14919
7Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2015-0988
8ZModo ZP-NE14-S/ZP-IBH-13W Telnet hard-coded credentials9.89.7$0-$5k$0-$5kNot DefinedWorkaround0.020.00536CVE-2016-5081
9Corel ActiveCGM Browser ActiveX Control acgm.dll memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.05941CVE-2007-2921
10Bochs ne2k.cc rx_frame memory corruption9.38.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00042CVE-2007-2893
11Microsoft Windows Secondary Login CreateProcessWithLogon access control7.87.5$25k-$100k$0-$5kHighOfficial Fix0.040.00044CVE-2016-0099
12Comcast MX011ANM Web Inspector input validation6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00076CVE-2017-9497
13Cisco Linksys Router tmUnblock.cgi privileges management9.89.2$25k-$100k$0-$5kHighWorkaround0.030.00000
14AbleDating search_results.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.000.00137CVE-2008-6572
15FFmpeg MPEG File mpegvideodsp.c gmc_mmx out-of-bounds5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00501CVE-2017-17081
16GNU binutils libbfd elf.c memory corruption6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00134CVE-2017-17080
17Logitech Media Server favorite cross site scripting4.44.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00111CVE-2017-16567
18Octopus cross site scripting4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00069CVE-2017-16810
19CMS Made Simple Access Restriction action.upload.php is_file_acceptable cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00066CVE-2017-16798
20Rockettheme Com Rokmodule index.php sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.000.00272CVE-2010-1479

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.31.196.52ns1.hosting.reg.ruHploki04/08/2022verifiedHigh
252.7.6.73ec2-52-7-6-73.compute-1.amazonaws.comHploki04/08/2022verifiedMedium
364.98.145.30url.hover.comHploki04/08/2022verifiedHigh
4XXX.XXX.XXX.XXXXxxxxx04/08/2022verifiedHigh
5XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxxx.xxxXxxxxx04/08/2022verifiedHigh
6XXX.XXX.XXX.XXXxxxxx04/08/2022verifiedHigh
7XXX.X.XX.XXXxxxxx04/08/2022verifiedHigh
8XXX.XXX.XX.XXxxxxx04/08/2022verifiedHigh
9XXX.XXX.XXX.XXXXxxxxx04/08/2022verifiedHigh
10XXX.XX.XX.XXxxx-xx-xx-xx.xxx.xxxxxxxxxxx.xxxXxxxxx04/08/2022verifiedHigh
11XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxx04/08/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin/google_search_console/class-gsc-table.phppredictiveHigh
2FileDevInfo.txtpredictiveMedium
3Fileelf.cpredictiveLow
4Filexxxxx.xxxpredictiveMedium
5Filexxxxx/xxxx.xxpredictiveHigh
6Filexxxxxxxxxx/xxx/xxxxxxxxxxxx.xpredictiveHigh
7Filexxxxxxx/xxxxxxxxxxx/xxxxxx.xxxxxx.xxxpredictiveHigh
8Filexxxxxx_xxxxxxx.xxxpredictiveHigh
9Filexxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxx.xxxpredictiveHigh
11Libraryxxxx.xxxpredictiveMedium
12Argumentxxxxxx_xxxxxxxx_xxxpredictiveHigh
13ArgumentxxxxxxxpredictiveLow
14ArgumentxxxxxxxxpredictiveMedium
15Argumentxxxx_xxpredictiveLow
16Argumentxxxxx/xxxxxxpredictiveMedium
17ArgumentxxxxxxxxxxpredictiveMedium
18Input Value<xxxxxxxxx>xxxpredictiveHigh
19Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!