Poisoned Hurricane Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (26)

Langue

en	20
zh	4
fr	2

De campagne

cn	14
kr	6
us	4

Acteurs

Poisoned Hurricane	4
Zusy	1

Intérêt

Taper

Operating System	4
Not Defined	4
Mail Client Software	2
Web Server	2
Cloud Software	2

Fournisseur

Microsoft	6
Not Defined	4
RoundCube	2
VMware	2
Oracle	2

Produit

Microsoft Windows	4
RoundCube Webmail	2
Microsoft IIS	2
VMware Spring Cloud Function	2
NAT32	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Microsoft IIS elévation de privilèges	10.0	9.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.60697	0.03	CVE-2008-0075
2	Google Android HidHostService.java okToConnect elévation de privilèges	8.5	8.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00142	0.02	CVE-2019-2036
3	RoundCube Webmail Config Setting rcube_image.php elévation de privilèges	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09119	0.04	CVE-2020-12641
4	Microsoft Windows buffer overflow	10.0	9.0	$100k et plus	$5k-$25k	Proof-of-Concept	Official Fix	0.09563	0.00	CVE-2009-4310
5	Oracle GlassFish Server ADMIN Interface cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00141	0.00	CVE-2013-1515
6	ASUS RT-AX86U httpd module blocking_request.cgi buffer overflow	7.6	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00384	0.02	CVE-2020-36109
7	Telesquare SDT-CW3B1 elévation de privilèges	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.95567	0.04	CVE-2021-46422
8	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00125	0.02	CVE-2022-37969
9	Alcatel Lucent-7750 SR Default Account authentification faible	4.4	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.05
10	VMware Spring Cloud Function SpEL Expression elévation de privilèges	9.8	9.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97537	0.02	CVE-2022-22963
11	Microsoft IIS IP/Domain Restriction elévation de privilèges	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.19	CVE-2014-4078
12	Microsoft Windows HTTP Protocol Stack Remote Code Execution	9.8	8.5	$100k et plus	$0-$5k	Proof-of-Concept	Official Fix	0.97322	0.00	CVE-2021-31166
13	Citrix Application Delivery Controller/Gateway Management Interface authentification faible	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00308	0.02	CVE-2019-18225
14	Eclipse Jetty 404 Error Path divulgation de l'information	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00695	0.04	CVE-2019-10247
15	JustSystems Ichitaro buffer overflow	10.0	10.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01388	0.00	CVE-2013-5990
16	TP-LINK TL-WR840N/TL-WR841N Session authentification faible	8.5	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.30057	0.04	CVE-2018-11714
17	UnZip Password Protected ZIP Archive buffer overflow	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.04577	0.06	CVE-2015-7696
18	myPHPNuke print.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00220	0.01	CVE-2008-4089
19	NAT32 cross site request forgery	6.5	5.9	$0-$5k	Calculateur	Proof-of-Concept	Not Defined	0.20845	0.00	CVE-2018-6941
20	MidiCart PHP Shopping Cart item_show.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05

Campagnes (1)

These are the campaigns that can be associated with the actor:

Poisoned Hurricane

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	27.122.13.204		Poisoned Hurricane		01/09/2021	verified	Élevé
2	59.125.42.167	59-125-42-167.hinet-ip.hinet.net	Poisoned Hurricane	Poisoned Hurricane	01/01/2021	verified	Élevé
3	59.125.42.168	59-125-42-168.hinet-ip.hinet.net	Poisoned Hurricane	Poisoned Hurricane	01/01/2021	verified	Élevé
4	61.78.32.139		Poisoned Hurricane	Poisoned Hurricane	01/01/2021	verified	Élevé
5	61.78.32.148		Poisoned Hurricane	Poisoned Hurricane	01/01/2021	verified	Élevé
6	61.78.34.179		Poisoned Hurricane		01/09/2021	verified	Élevé
7	XX.XX.XX.XX		Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
8	XXX.XXX.XXX.XX		Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
9	XXX.XXX.XXX.XX		Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
10	XXX.XXX.XXX.XXX		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
11	XXX.XXX.XX.XXX	xxxxxxxxx.xxxxxx.xx.xx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
12	XXX.XX.XXX.XXX	xxxxxxx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
13	XXX.XX.XXX.XXX	xxxxxxxxxx.xxxxxxx.xxx	Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
14	XXX.XX.XXX.XX	xxxxxxx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
15	XXX.XX.XXX.XXX	xxxxxxx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
16	XXX.XX.XXX.XXX	xxxxxxx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
17	XXX.XX.XXX.XXX	xxxxxxx.xxx	Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
18	XXX.XX.XXX.XXX	xxxxxxx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
19	XXX.XXX.XXX.XXX		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
20	XXX.XXX.XXX.XXX		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
21	XXX.XXX.XXX.XXX		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
22	XXX.XXX.XXX.XXX		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
23	XXX.XXX.XX.XXX		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
24	XXX.XX.X.X	xxx.xx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
25	XXX.XXX.XXX.X	xxx.xx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
26	XXX.XXX.XXX.X	xxx.xx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
27	XXX.XXX.XXX.X	xxx.xx.xxx	Xxxxxxxx Xxxxxxxxx	Xxxxxxxx Xxxxxxxxx	01/01/2021	verified	Élevé
28	XXX.XXX.XXX.X		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
29	XXX.XXX.XXX.XX		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé
30	XXX.XX.XXX.X		Xxxxxxxx Xxxxxxxxx		01/09/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
2	T1059	CWE-88, CWE-94	Argument Injection	predictive	Élevé
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/shell?cmd	predictive	Moyen
2	File	blocking_request.cgi	predictive	Élevé
3	File	xxxxxxxxxxxxxx.xxxx	predictive	Élevé
4	File	xxxx_xxxx.xxx	predictive	Élevé
5	File	xxxxx.xxx	predictive	Moyen
6	File	xxxxx_xxxxx.xxx	predictive	Élevé
7	Argument	xxxx_xx	predictive	Faible
8	Argument	xxx	predictive	Faible

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Interested in the pricing of exploits?

See the underground prices here!