Hploki Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Langue

en	28
de	4

De campagne

us	20
de	4
ru	2

Acteurs

Hploki	2
Adwind	1
Zusy	1
GenInjector	1
Razy	1

Intérêt

Taper

Not Defined	12
Web Browser	2
Image Processing Software	2
JavaScript Library	2
Programming Tool Software	2

Fournisseur

Not Defined	6
ZModo	2
Rockettheme	2
Microsoft	2
Comcast	2

Produit

ZModo ZP-NE14-S	2
ZModo ZP-IBH-13W	2
AbleDating	2
Rockettheme Com Rokmodule	2
Bochs	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Microsoft Internet Explorer buffer overflow	7.1	6.8	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00355	0.00	CVE-2017-11856
2	VISAGESOFT Expert Pdf Viewer Activex ActiveX Control VSPDFViewerX.ocx elévation de privilèges	9.1	8.9	$0-$5k	$0-$5k	Functional	Unavailable	0.15317	0.03	CVE-2008-4919
3	Irfan Skiljan IrfanView LZW Compression buffer overflow	9.3	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.17085	0.00	CVE-2013-5351
4	Yoast SEO Plugin class-gsc-table.php cross site scripting	3.6	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.07	CVE-2017-16842
5	PHP URL Validation filter_var elévation de privilèges	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00093	0.03	CVE-2021-21705
6	Node.js zlib elévation de privilèges	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07128	0.00	CVE-2017-14919
7	Omron CX-One CX-Programmer Password Storage divulgation de l'information	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2015-0988
8	ZModo ZP-NE14-S/ZP-IBH-13W Telnet authentification faible	9.8	9.7	$0-$5k	$0-$5k	Not Defined	Workaround	0.00536	0.05	CVE-2016-5081
9	Corel ActiveCGM Browser ActiveX Control acgm.dll buffer overflow	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05941	0.00	CVE-2007-2921
10	Bochs ne2k.cc rx_frame buffer overflow	9.3	8.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.02	CVE-2007-2893
11	Microsoft Windows Secondary Login CreateProcessWithLogon elévation de privilèges	7.8	7.5	$25k-$100k	$0-$5k	High	Official Fix	0.00044	0.07	CVE-2016-0099
12	Comcast MX011ANM Web Inspector elévation de privilèges	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00076	0.02	CVE-2017-9497
13	Cisco Linksys Router tmUnblock.cgi elévation de privilèges	9.8	9.2	$25k-$100k	$0-$5k	High	Workaround	0.00000	0.00
14	AbleDating search_results.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00137	0.00	CVE-2008-6572
15	FFmpeg MPEG File mpegvideodsp.c gmc_mmx divulgation de l'information	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00501	0.00	CVE-2017-17081
16	GNU binutils libbfd elf.c buffer overflow	6.4	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00134	0.00	CVE-2017-17080
17	Logitech Media Server favorite cross site scripting	4.4	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00111	0.00	CVE-2017-16567
18	Octopus cross site scripting	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00069	0.00	CVE-2017-16810
19	CMS Made Simple Access Restriction action.upload.php is_file_acceptable cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00066	0.00	CVE-2017-16798
20	Rockettheme Com Rokmodule index.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00272	0.00	CVE-2010-1479

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	31.31.196.52	ns1.hosting.reg.ru	Hploki	08/04/2022	verified	Élevé
2	52.7.6.73	ec2-52-7-6-73.compute-1.amazonaws.com	Hploki	08/04/2022	verified	Moyen
3	64.98.145.30	url.hover.com	Hploki	08/04/2022	verified	Élevé
4	XXX.XXX.XXX.XXX		Xxxxxx	08/04/2022	verified	Élevé
5	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxxxxxx.xxx	Xxxxxx	08/04/2022	verified	Élevé
6	XXX.XXX.XXX.XX		Xxxxxx	08/04/2022	verified	Élevé
7	XXX.X.XX.XX		Xxxxxx	08/04/2022	verified	Élevé
8	XXX.XXX.XX.X		Xxxxxx	08/04/2022	verified	Élevé
9	XXX.XXX.XXX.XXX		Xxxxxx	08/04/2022	verified	Élevé
10	XXX.XX.XX.XX	xxx-xx-xx-xx.xxx.xxxxxxxxxxx.xxx	Xxxxxx	08/04/2022	verified	Élevé
11	XXX.XXX.XX.XX	xxxxxxx-xxx.xxxxxx.xxx	Xxxxxx	08/04/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1059.007	CWE-79	Cross Site Scripting	predictive	Élevé
2	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
3	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	admin/google_search_console/class-gsc-table.php	predictive	Élevé
2	File	DevInfo.txt	predictive	Moyen
3	File	elf.c	predictive	Faible
4	File	xxxxx.xxx	predictive	Moyen
5	File	xxxxx/xxxx.xx	predictive	Élevé
6	File	xxxxxxxxxx/xxx/xxxxxxxxxxxx.x	predictive	Élevé
7	File	xxxxxxx/xxxxxxxxxxx/xxxxxx.xxxxxx.xxx	predictive	Élevé
8	File	xxxxxx_xxxxxxx.xxx	predictive	Élevé
9	File	xxxxxxxxx.xxx	predictive	Élevé
10	File	xxxxxxxxxxxx.xxx	predictive	Élevé
11	Library	xxxx.xxx	predictive	Moyen
12	Argument	xxxxxx_xxxxxxxx_xxx	predictive	Élevé
13	Argument	xxxxxxx	predictive	Faible
14	Argument	xxxxxxxx	predictive	Moyen
15	Argument	xxxx_xx	predictive	Faible
16	Argument	xxxxx/xxxxxx	predictive	Moyen
17	Argument	xxxxxxxxxx	predictive	Moyen
18	Input Value	<xxxxxxxxx>xxx	predictive	Élevé
19	Network Port	xxx/xxxx	predictive	Moyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Interested in the pricing of exploits?

See the underground prices here!