Poisoned Hurricane Analysis

IOB - Indicator of Behavior (26)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
zh4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

kr10
us10
cn6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

UnZip2
Eclipse Jetty2
Microsoft Windows2
Google Android2
RoundCube Webmail2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft IIS code injection10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.542870.04CVE-2008-0075
2Google Android HidHostService.java okToConnect privileges management8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001420.03CVE-2019-2036
3RoundCube Webmail Config Setting rcube_image.php argument injection8.58.4$0-$5k$0-$5kHighOfficial Fix0.123110.05CVE-2020-12641
4Microsoft Windows memory corruption10.09.0$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.183400.00CVE-2009-4310
5Oracle GlassFish Server ADMIN Interface cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001410.00CVE-2013-1515
6ASUS RT-AX86U httpd module blocking_request.cgi buffer overflow7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005440.00CVE-2020-36109
7Telesquare SDT-CW3B1 os command injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.958430.06CVE-2021-46422
8Microsoft Windows Common Log File System Driver Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.001250.05CVE-2022-37969
9Alcatel Lucent-7750 SR Default Account improper authentication4.44.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.05
10VMware Spring Cloud Function SpEL Expression code injection9.89.6$5k-$25k$0-$5kHighOfficial Fix0.975140.00CVE-2022-22963
11Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.23CVE-2014-4078
12Microsoft Windows HTTP Protocol Stack Remote Code Execution9.89.0$25k-$100k$0-$5kHighOfficial Fix0.973190.03CVE-2021-31166
13Citrix Application Delivery Controller/Gateway Management Interface improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003080.05CVE-2019-18225
14Eclipse Jetty 404 Error Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006950.00CVE-2019-10247
15JustSystems Ichitaro memory corruption10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.015670.00CVE-2013-5990
16TP-LINK TL-WR840N/TL-WR841N Session session fixiation8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.414790.05CVE-2018-11714
17UnZip Password Protected ZIP Archive memory corruption7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.045770.04CVE-2015-7696
18myPHPNuke print.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002200.04CVE-2008-4089
19NAT32 cross-site request forgery6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.208450.00CVE-2018-6941
20MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Poisoned Hurricane

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.122.13.204Poisoned Hurricane09/01/2021verifiedMedium
259.125.42.16759-125-42-167.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
359.125.42.16859-125-42-168.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
461.78.32.139Poisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
561.78.32.148Poisoned HurricanePoisoned Hurricane01/01/2021verifiedLow
661.78.34.179Poisoned Hurricane09/01/2021verifiedMedium
7XX.XX.XX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
8XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
9XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
10XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
12XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
13XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
14XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
15XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
16XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
17XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
18XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
19XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
20XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
21XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
22XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
23XXX.XXX.XX.XXXXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
24XXX.XX.X.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
25XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
26XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
27XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedLow
28XXX.XXX.XXX.XXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
29XXX.XXX.XXX.XXXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium
30XXX.XX.XXX.XXxxxxxxx Xxxxxxxxx09/01/2021verifiedMedium

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/shell?cmdpredictiveMedium
2Fileblocking_request.cgipredictiveHigh
3Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
4Filexxxx_xxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxx_xxxxx.xxxpredictiveHigh
7Argumentxxxx_xxpredictiveLow
8ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!