Hadglider 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (216)

タイムライン

言語

en196
ru20

国・地域

us22
cn20
ru10
es2
gb2

アクター

CredStealer1
TeamTNT1
BlackByte1
Tsunami1
Hadglider1

アクティビティ

関心

タイムライン

タイプ

Not Defined98
WordPress Plugin22
Web Browser12
Content Management System10
Operating System8

ベンダー

Not Defined78
Google14
Dahua6
IBM4
Apple4

製品

Google Chrome10
Dahua DHI-HCVR7216A-S34
Apple macOS4
GeoServer2
WP-DBManager2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
2Cyr to Lat Plugin SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
3HPE Onboard Administrator Reflected クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2020-7132
4xwikisas macro-pdfviewer PDF Viewer Macro 情報の漏洩6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
5Moises Heberle WooCommerce Bookings Calendar Plugin クロスサイトスクリプティング5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
6Foxit PDF Reader AcroForm メモリ破損6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
7Tenda AC10 SetStaticRouteCfg fromSetRouteStatic メモリ破損8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-2581
8MediaTek MT8798 Lk メモリ破損6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022
9Kofax Power PDF PNG File Parser 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2024-27336
10Linux Kernel ASPM pci_set_power_state_locked サービス拒否4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-26605
11Elementor Plugin 特権昇格5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.03CVE-2024-24934
12IBM Security Access Manager Container DSC Server サービス拒否6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2023-31006
13WP Recipe Maker Plugin クロスサイトスクリプティング5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.02CVE-2024-0382
14Dahua IPC/SD/NVR/XVR Packet 未知の脆弱性4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.03CVE-2022-30564
15PrestaShop blockwishlist SQLインジェクション7.77.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007410.02CVE-2022-31101
16ThemePunch OHG Slider Revolution Plugin 特権昇格7.27.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.05CVE-2023-47784
17OpenZeppelin openzeppelin-contracts Subcall 特権昇格5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.06CVE-2023-49798
18Brocade Fabric OS 弱い暗号化6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2021-27795
19WPFactory Products, Order & Customers Export for WooCommerce Plugin クロスサイトスクリプティング5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-47547
20Bitrix24 MIME Type 特権昇格8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000870.03CVE-2023-1720

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.9.148.123Hadglider2022年03月31日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22, CWE-425Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxxpredictive
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (78)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ajax.php?action=read_msgpredictive
2File/debug/pprofpredictive
3File/desktop_app/file.ajax.php?action=uploadfilepredictive
4File/envpredictive
5File/goform/SetNetControlListpredictive
6File/goform/SetStaticRouteCfgpredictive
7File/src/chatbotapp/chatWindow.javapredictive
8Fileadmin/categories_industry.phppredictive
9Fileadmin/class-woo-popup-admin.phppredictive
10Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictive
11Filexxxxxxxxxxxx/xxxxx/xxxx/predictive
12Filexxxxx.xxxpredictive
13Filexxx_xx_xxx_xxx.xxxpredictive
14Filexxx.xpredictive
15Filexxxpredictive
16Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictive
17Filexxxxxxx/xxx/xxx-xx.xpredictive
18Filexxx_xxxx.xpredictive
19Filexxx/xxxxx.xxxxxpredictive
20Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictive
21Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
22Filexxxxxx.xxxpredictive
23Filexxxxxxx/xxxxx.xxx.xxxpredictive
24Filexx_xxxxx.xpredictive
25Filexxxxx_xxxxx.xpredictive
26Filexxxxxx/xxx/xxxxxxxx.xpredictive
27Filexxxx.xxxpredictive
28Filexxxxx.xxxpredictive
29Filexxxxxxxx.xxxpredictive
30Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
31Filexxxxxxxxxxx-xxxx.xxpredictive
32Filexxxxxxxxx/xxxxx.xxxxxpredictive
33Filexxxxx/xxxxx.xxxxxpredictive
34Filexxxxxxx.xpredictive
35Filexxxxxxxxxxxxx.xxxpredictive
36Filexxxxxx-xxxxxx.xxxpredictive
37Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
38Filexxx.xpredictive
39Filexxxxxxxxxxxxxxxxpredictive
40Filexxx-xxxxxxx-xxx.xxpredictive
41Filexxxxxxx.xpredictive
42Filexxx.xxxpredictive
43Filexx-xxxxx-xxxxxx.xxxpredictive
44File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
45Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
46Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictive
47Libraryxxxxxxx.xxxpredictive
48Libraryxxxxx.xxxpredictive
49Libraryxxxxxxxxxxxxx.xxx)predictive
50Argumentxxxxxxpredictive
51Argumentxxxpredictive
52Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
53Argumentxxxxxxpredictive
54Argumentx:\xxxxxxx\xpredictive
55Argumentxxxxx_xxxxpredictive
56Argumentxxxxx_xxpredictive
57Argumentxxxxxxxxpredictive
58Argumentxxxxxxxxxxxxxxxxxpredictive
59Argumentxxx_xxxpredictive
60Argumentxxxxpredictive
61Argumentxxxxpredictive
62Argumentxxxx_xxxxxpredictive
63Argumentxxxxxx_xxxpredictive
64Argumentxxxxpredictive
65Argumentxxpredictive
66Argumentxxxxxxxpredictive
67Argumentxxxxpredictive
68Argumentxxxxpredictive
69Argumentxxxxxxxpredictive
70Argumentx_xxxxpredictive
71Argumentxxxxxx/xxxxxx_xxxxxxpredictive
72Argumentxxxpredictive
73Argumentxxxxxpredictive
74Argumentxxxxxxxxxxxpredictive
75Argumentxxpredictive
76Argumentxxxxxxpredictive
77Argumentx-xxxxxxxxx-xxxxpredictive
78Input Value//xxx//xxxxxxx.xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!