HelloXD تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (199)

التسلسل الزمني

اللغة

en170
ru16
de6
it4
fr2

البلد

ru86
us46
gb10
it6
fr4

الفاعلين

HelloXD4
Meterpreter1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined64
Web Server14
Operating System12
Content Management System8
WordPress Plugin8

المجهز

Not Defined62
Microsoft18
Cisco8
Apache8
Siemens4

منتج

Microsoft Windows10
Cisco ASA6
WordPress6
Microsoft IIS6
Wireless IP Camera 3606

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1F21 JWT Signature JWT.php تجاوز الصلاحيات7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00307CVE-2015-2951
2Apple iOS/iPadOS IOMobileFrameBuffer تلف الذاكرة7.87.2$25k-$100k$5k-$25kFunctionalOfficial Fix0.020.00263CVE-2022-22587
3Famatech Remote Administrator توثيق ضعيف7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000.00000
4systemd-resolved DNS Response تجاوز الصلاحيات6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00706CVE-2017-9217
5AnyDesk Portable Mode gcapi.dll تجاوز الصلاحيات6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00060CVE-2020-35483
6guzzlehttp psr7 HTTP Message ثغرات غير معروفة5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00149CVE-2023-29197
7FreeBSD Ping pr_pack تلف الذاكرة7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00043CVE-2022-23093
8SourceCodester Garage Management System editbrand.php حقن إس كيو إل7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00098CVE-2022-2468
9Endian UTM Firewall changepw.cgi طلب تزوير مشترك4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
10Gitea تجاوز الصلاحيات6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00441CVE-2021-45327
11Microsoft Windows Installer Privilege Escalation8.37.5$100k أو أكثر$0-$5kProof-of-ConceptOfficial Fix0.020.00043CVE-2021-43883
12Apache Guacamole Connection History تجاوز الصلاحيات4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.040.00066CVE-2020-11997
13Wireless IP Camera 360 Service Port 9527 توثيق ضعيف7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.030.01201CVE-2017-11634
14nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.070.00241CVE-2020-12440
15Hughes mSQL تلف الذاكرة7.37.0$0-$5kجاري الحسابNot DefinedOfficial Fix0.020.01598CVE-1999-0276
16Xiaomi Router تجاوز الصلاحيات7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00078CVE-2023-26320
17Dreamer CMS Password Hash Calculation UserController.java updatePwd الحرمان من الخدمة5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00128CVE-2023-2473
18iamdroppy phoenixcf articles.cfm حقن إس كيو إل6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00148CVE-2011-10001
19Creative Minds CM Download Manager Plugin deletescreenshot سكربتات مشتركة3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00121CVE-2020-24145
20Video Downloader for TikTok Plugin Parameter اجتياز الدليل5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00244CVE-2020-24143

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.15.19.130HelloXD04/08/2022verifiedعالي
2XX.XX.XXX.XXxx-xx.xxxx-xxx.xx-xxxxx.xxx.xxXxxxxxx04/08/2022verifiedعالي
3XX.XXX.XX.XXXXxxxxxx04/08/2022verifiedعالي
4XXX.XX.XXX.XXxxx.xxxXxxxxxx04/08/2022verifiedعالي
5XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx04/08/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File.bash_historypredictiveعالي
2File.procmailrcpredictiveمتوسط
3File/+CSCOE+/logon.htmlpredictiveعالي
4File/cgi-bin/changepw.cgipredictiveعالي
5File/debug/pprofpredictiveمتوسط
6File/editbrand.phppredictiveعالي
7File/etc/raspap/hostapd/enablelog.shpredictiveعالي
8File/infusions/shoutbox_panel/shoutbox_admin.phppredictiveعالي
9File/xxx/xxxxxpredictiveمتوسط
10File/xxxxxxx/xxxpredictiveمتوسط
11File/xxxxxxx/predictiveمتوسط
12Filexxxxx_xxxxxxxx.xxxpredictiveعالي
13Filexxxxxxx.xxxpredictiveمتوسط
14Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveعالي
15Filexxxxxxxxxxxx.xxxpredictiveعالي
16Filexxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxxpredictiveعالي
17Filexxxxxxxxxxxxxxxxxx.xxpredictiveعالي
18Filexxxxxx.xxxpredictiveمتوسط
19Filexxxxxxx/xxx/xxx-xxx.xpredictiveعالي
20Filexxxxxx.xpredictiveمتوسط
21Filexxxxxxx.xxxpredictiveمتوسط
22Filexx/xxx/xxxxxxx/xxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveعالي
23Filexxxxxxx.xxxpredictiveمتوسط
24Filexxxxxxxx/xxxx/xxxx.xxpredictiveعالي
25Filexxxxx.xxxpredictiveمتوسط
26Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveعالي
27Filexxx/xxxxxxx/xxx/xxxxxx/xxxxxxx/xxx.xxx.xxxxxxxxxxxxxx.xxxxx.xxxxxxxpredictiveعالي
28Filexxx.xxxpredictiveواطئ
29Filexxxxxxxx.xpredictiveمتوسط
30Filexxxxxxxxxx/xxxxxxx.xpredictiveعالي
31Filexxxxx.xxxxpredictiveمتوسط
32Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveعالي
33Filexxxxxxxx.xxxpredictiveمتوسط
34Filexxxxxx/xxxxxx/xxxxxxpredictiveعالي
35Filexxxxxxxx.xpredictiveمتوسط
36Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveعالي
37Filexxx_xxxxx_xxx.xpredictiveعالي
38Filexxx.xxxpredictiveواطئ
39Filexxxxxxxxxxxxxx.xxxxpredictiveعالي
40Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveعالي
41Filexxxxxxx.xxxpredictiveمتوسط
42Filexxxx.xxxxx.xxxxxxpredictiveعالي
43Filexxxxx-xxxxxx.xxxpredictiveعالي
44Filexxxx.xxxpredictiveمتوسط
45Library/_xxx_xxx/xxxxx.xxxpredictiveعالي
46Libraryxxxxx.xxxpredictiveمتوسط
47Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxxx.xxpredictiveعالي
48Libraryxxxx.xxxxxpredictiveمتوسط
49Argument$xxxxxx/$xxxxxxxxxxx_xxxx/$xxxxx_xxxxx/$xxxxx_xxxxpredictiveعالي
50Argumentxxxxxxxxpredictiveمتوسط
51Argumentxxxxxxxxpredictiveمتوسط
52Argumentxxx_xxpredictiveواطئ
53Argumentxxxxxxxxxxpredictiveمتوسط
54Argumentxxxxpredictiveواطئ
55Argumentxxpredictiveواطئ
56Argumentxxxxxxxxxxxxxpredictiveعالي
57Argumentxxpredictiveواطئ
58Argumentxxxx_xxpredictiveواطئ
59Argumentxxx-xx-xxxxxxxx-xxxxxpredictiveعالي
60Argumentxxxxxxxxpredictiveمتوسط
61Argumentxxxxxxxxpredictiveمتوسط
62Argumentxxxxpredictiveواطئ
63Argumentxxxxxxx_xxxxpredictiveمتوسط
64Argumentxxxx_xxpredictiveواطئ
65Argumentxxxxxxpredictiveواطئ
66Argumentxxxxxx_xxxxpredictiveمتوسط
67Argumentxxxxxpredictiveواطئ
68Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveعالي
69Input Valuexxxxxxpredictiveواطئ
70Pattern|xx|xx|xx|predictiveمتوسط
71Network Portxxx/xxxxpredictiveمتوسط
72Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!