Poisoned Hurricane Analysis

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
zh2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us12
kr8
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

myPHPNuke2
UnZip2
Microsoft Windows2
Alcatel Lucent-7750 SR2
Citrix Application Delivery Controller2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS code injection10.09.0$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.180.46718CVE-2008-0075
2Google Android HidHostService.java okToConnect privileges management8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01156CVE-2019-2036
3RoundCube Webmail Config Setting rcube_image.php argument injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.060.02762CVE-2020-12641
4Microsoft Windows memory corruption10.09.0$100k and more$0-$5kProof-of-ConceptOfficial Fix0.030.55095CVE-2009-4310
5Oracle GlassFish Server ADMIN Interface cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01055CVE-2013-1515
6Telesquare SDT-CW3B1 os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.45466CVE-2021-46422
7Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01178CVE-2022-37969
8Alcatel Lucent-7750 SR Default Account improper authentication4.44.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
9VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.94581CVE-2022-22963
10Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.900.29797CVE-2014-4078
11Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.5$100k and more$0-$5kProof-of-ConceptOfficial Fix0.060.85478CVE-2021-31166
12Citrix Application Delivery Controller/Gateway Management Interface improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2019-18225
13Eclipse Jetty 404 Error Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.02686CVE-2019-10247
14JustSystems Ichitaro memory corruption10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.040.06309CVE-2013-5990
15TP-LINK TL-WR840N/TL-WR841N Session session fixiation8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.120.08382CVE-2018-11714
16UnZip Password Protected ZIP Archive memory corruption7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.020.06604CVE-2015-7696
17myPHPNuke print.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01213CVE-2008-4089
18NAT32 cross-site request forgery6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.07947CVE-2018-6941
19MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00000

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Poisoned Hurricane

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
127.122.13.204Poisoned HurricaneverifiedHigh
259.125.42.16759-125-42-167.hinet-ip.hinet.netPoisoned HurricanePoisoned HurricaneverifiedHigh
359.125.42.16859-125-42-168.hinet-ip.hinet.netPoisoned HurricanePoisoned HurricaneverifiedHigh
461.78.32.139Poisoned HurricanePoisoned HurricaneverifiedHigh
561.78.32.148Poisoned HurricanePoisoned HurricaneverifiedHigh
661.78.34.179Poisoned HurricaneverifiedHigh
7XX.XX.XX.XXXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
8XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
9XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
10XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
12XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
13XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx XxxxxxxxxverifiedHigh
14XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
15XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
16XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
17XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxverifiedHigh
18XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
20XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
22XXX.XXX.XXX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
23XXX.XXX.XX.XXXXxxxxxxx XxxxxxxxxverifiedHigh
24XXX.XX.X.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
25XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
26XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
27XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx XxxxxxxxxverifiedHigh
28XXX.XXX.XXX.XXxxxxxxx XxxxxxxxxverifiedHigh
29XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxverifiedHigh
30XXX.XX.XXX.XXxxxxxxx XxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74InjectionpredictiveHigh
2T1059CWE-88, CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/shell?cmdpredictiveMedium
2FileHidHostService.javapredictiveHigh
3Filexxxx_xxxx.xxxpredictiveHigh
4Filexxxxx.xxxpredictiveMedium
5Filexxxxx_xxxxx.xxxpredictiveHigh
6Argumentxxxx_xxpredictiveLow
7ArgumentxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!