Poisoned Hurricane Analysisinfo

IOB - Indicator of Behavior (28)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en26
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
Microsoft Windows2
Telesquare SDT-CW3B12
Alcatel Lucent-7750 SR2
TP-LINK TL-WR840N2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft IIS code injection10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial fixpossible0.725000.00CVE-2008-0075
2UniFi UDM/UDP-Pro/UDM-SE/UDR/UDW Gateway Console access control6.96.9$0-$5k$0-$5kNot definedOfficial fix 0.002390.06CVE-2023-41721
3Google Android HidHostService.java okToConnect privileges management8.58.4$25k-$100k$5k-$25kNot definedOfficial fix 0.006050.00CVE-2019-2036
4RoundCube Webmail Config Setting rcube_image.php argument injection9.08.9$0-$5k$0-$5kAttackedOfficial fixverified0.936880.00CVE-2020-12641
5Microsoft Windows memory corruption10.09.0$100k and more$5k-$25kProof-of-ConceptOfficial fix 0.277970.06CVE-2009-4310
6Oracle GlassFish Server ADMIN Interface cross site scripting4.34.1$5k-$25k$0-$5kNot definedOfficial fix 0.002910.00CVE-2013-1515
7ASUS RT-AX86U httpd module blocking_request.cgi buffer overflow7.67.3$0-$5k$0-$5kNot definedOfficial fix 0.236280.00CVE-2020-36109
8Telesquare SDT-CW3B1 os command injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.942630.06CVE-2021-46422
9Microsoft Windows Common Log File System Driver out-of-bounds write8.17.7$100k and more$5k-$25kAttackedOfficial fixverified0.047000.08CVE-2022-37969
10Alcatel Lucent-7750 SR Default Account improper authentication4.44.1$0-$5k$0-$5kProof-of-ConceptWorkaround 0.000000.04
11VMware Spring Cloud Function SpEL Expression code injection9.89.7$5k-$25k$0-$5kAttackedOfficial fixverified0.944740.00CVE-2022-22963
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial fix 0.155470.03CVE-2014-4078
13Microsoft Windows HTTP Protocol Stack use after free9.89.4$25k-$100k$0-$5kAttackedOfficial fixverified0.930430.06CVE-2021-31166
14Citrix Application Delivery Controller/Gateway Management Interface improper authentication8.58.4$5k-$25k$0-$5kNot definedOfficial fix 0.002000.00CVE-2019-18225
15Eclipse Jetty 404 Error Path information disclosure5.35.3$0-$5k$0-$5kNot definedNot defined 0.061810.08CVE-2019-10247
16JustSystems Ichitaro memory corruption10.010.0$0-$5k$0-$5kNot definedNot defined 0.051330.00CVE-2013-5990
17TP-LINK TL-WR840N/TL-WR841N Session session fixiation8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround 0.059400.05CVE-2018-11714
18UnZip Password Protected ZIP Archive memory corruption7.37.3$0-$5k$0-$5kNot definedUnavailable 0.345140.08CVE-2015-7696
19myPHPNuke print.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.011520.00CVE-2008-4089
20NAT32 shell cross-site request forgery6.55.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.027270.06CVE-2018-6941

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Poisoned Hurricane

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.122.13.204Poisoned Hurricane09/01/2021verifiedLow
259.125.42.16759-125-42-167.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
359.125.42.16859-125-42-168.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
461.78.32.139Poisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
561.78.32.148Poisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
661.78.34.179Poisoned Hurricane09/01/2021verifiedLow
7XX.XX.XX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
8XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
9XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
10XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
12XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
13XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
14XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
15XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
16XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
17XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
18XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
19XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
20XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
21XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
22XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
23XXX.XXX.XX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
24XXX.XX.X.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
25XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
26XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
27XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
28XXX.XXX.XXX.XXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
29XXX.XXX.XXX.XXXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow
30XXX.XX.XXX.XXxxxxxxx Xxxxxxxxx09/01/2021verifiedLow

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/shell?cmdpredictiveMedium
2Fileblocking_request.cgipredictiveHigh
3Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
4Filexxxx_xxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxx_xxxxx.xxxpredictiveHigh
7Argumentxxxx_xxpredictiveLow
8ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!