Poisoned Hurricane Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en20
fr2
zh1

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Microsoft IIS code injection10.09.0$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.04CVE-2008-0075
2Google Android HidHostService.java okToConnect privileges management8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.06CVE-2019-2036
3RoundCube Webmail Config Setting rcube_image.php argument injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-12641
4Microsoft Windows memory corruption10.09.0$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.03CVE-2009-4310
5Oracle GlassFish Server ADMIN Interface cross site scriting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2013-1515
6Alcatel Lucent-7750 SR Default Account improper authentication4.44.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.04
7VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.11CVE-2022-22963
8Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.26CVE-2014-4078
9Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.5$100k and more$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2021-31166
10Citrix Application Delivery Controller/Gateway Management Interface improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-18225
11Eclipse Jetty 404 Error Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-10247
12JustSystems Ichitaro memory corruption10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2013-5990
13TP-LINK TL-WR840N/TL-WR841N Session session fixiation8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.00CVE-2018-11714
14UnZip Password Protected ZIP Archive memory corruption7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.03CVE-2015-7696
15myPHPNuke print.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2008-4089
16NAT32 cross-site request forgery6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2018-6941
17MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.03

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Poisoned Hurricane

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
127.122.13.204Poisoned HurricaneverifiedHigh
259.125.42.16759-125-42-167.hinet-ip.hinet.netPoisoned HurricanePoisoned HurricaneverifiedHigh
359.125.42.16859-125-42-168.hinet-ip.hinet.netPoisoned HurricanePoisoned HurricaneverifiedHigh
461.78.32.139Poisoned HurricanePoisoned HurricaneverifiedHigh
561.78.32.148Poisoned HurricanePoisoned HurricaneverifiedHigh
661.78.34.179Poisoned HurricaneverifiedHigh
7XX.XX.XX.XXXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
8XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
9XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
10XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
12XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
13XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx XxxxxxxxxverifiedHigh
14XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
15XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
16XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
17XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxverifiedHigh
18XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
20XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
22XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
23XXX.XXX.XX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
24XXX.XX.X.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
25XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
26XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
27XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
28XXX.XXX.XXX.XXxxxxxxx XxxxxxxxxverifiedHigh
29XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxverifiedHigh
30XXX.XX.XXX.XXxxxxxxx XxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/shell?cmdpredictiveMedium
2FileHidHostService.javapredictiveHigh
3Filexxxx_xxxx.xxxpredictiveHigh
4Filexxxxx.xxxpredictiveMedium
5Filexxxxx_xxxxx.xxxpredictiveHigh
6Argumentxxxx_xxpredictiveLow
7ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!