Hangover Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (89)

Język

en	82
pt	4
zh	2
pl	2

Kraj

us	48
tr	4
ch	4
ru	4
pl	2

Aktorzy

Hangover	4
RedLine Stealer	3
Mirai	3
Remcos	3
Nanocore RAT	3

Wysiłek

Rodzaj

Not Defined	24
Operating System	12
Web Server	8
Application Server Software	4
WordPress Plugin	4

Sprzedawca

Not Defined	24
Microsoft	12
Apache	8
Apple	8
Cisco	4

Produkt

Microsoft Windows	8
Apache HTTP Server	6
Apple iOS	4
Phusion Passenger	4
Microsoft IIS	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-20818
2	Cisco IOS XE Self-Healing privilege escalation	7.3	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.06	CVE-2022-20855
3	Apple iOS ImageIO denial of service	6.4	6.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03533	0.00	CVE-2016-1811
4	Acme Mini HTTPd Terminal privilege escalation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
5	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20775
6	Apple iOS CommonCrypto information disclosure	5.4	5.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-1802
7	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.09	CVE-2017-0055
8	Microsoft Word wwlib Remote Code Execution	8.0	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.45352	0.00	CVE-2023-21716
9	Linux Kernel TPM Device memory corruption	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-2977
10	D-Link Go-RT-AC750 gena.php privilege escalation	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00121	0.03	CVE-2022-36523
11	Multivendor Marketplace Solution for WooCommerce Order Status cross site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2022-2657
12	taviso Lotus 1-2-3 Worksheet process_fmt memory corruption	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2022-39843
13	image-tiler privilege escalation	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.00	CVE-2020-28451
14	Apple macOS Kernel information disclosure	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-32817
15	Irfan Skiljan IrfanView ShowPlugInSaveOptions_W memory corruption	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00057	0.00	CVE-2020-23561
16	Microsoft Windows Defender Credential Guard Privilege Escalation	8.3	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-34711
17	Microsoft Windows Kerberos Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2022-30165
18	Microsoft Windows Kerberos AppContainer Privilege Escalation	8.9	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-30164
19	Microsoft Windows Network File System Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.88909	0.04	CVE-2022-30136
20	Vmware Workspace ONE Access weak authentication	9.8	9.1	$25k-$100k	$0-$5k	Functional	Official Fix	0.58483	0.00	CVE-2022-22972

Kampanie (1)

These are the campaigns that can be associated with the actor:

WindShift

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	37.46.150.102		Hangover	WindShift	2021-08-29	verified	Wysoki
2	37.59.175.131	ip131.ip-37-59-175.eu	Hangover		2021-01-01	verified	Wysoki
3	45.133.1.133		Hangover	WindShift	2021-08-29	verified	Wysoki
4	XX.XX.XXX.XXX	xxxxxxxxxxx.xxx-xxx.xx.xx	Xxxxxxxx		2021-01-01	verified	Wysoki
5	XX.X.XXX.XX		Xxxxxxxx		2021-01-01	verified	Wysoki
6	XXX.XXX.XX.XXX	xxx.xxxxxxxxxxx.xxx.xx	Xxxxxxxx	Xxxxxxxxx	2021-08-29	verified	Wysoki
7	XXX.XXX.XX.XXX	xxxx.xx.xxxxxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	2021-08-29	verified	Wysoki
8	XXX.XX.XXX.XXX		Xxxxxxxx		2021-01-01	verified	Wysoki
9	XXX.XX.XX.XXX	xxxx-xxxxx.xxxxxxx.xxxx	Xxxxxxxx	Xxxxxxxxx	2021-08-29	verified	Wysoki
10	XXX.XXX.XXX.XX	xxx-xxxx.xxxxx--xxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	2021-08-29	verified	Wysoki
11	XXX.XXX.XX.XXX		Xxxxxxxx	Xxxxxxxxx	2021-08-29	verified	Wysoki
12	XXX.XXX.XX.XXX	xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxx		2021-01-01	verified	Wysoki

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22, CWE-25	Path Traversal	predictive	Wysoki
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	T1059	CWE-94	Argument Injection	predictive	Wysoki
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
8	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
9	TXXXX	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	Wysoki
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	.procmailrc	predictive	Medium
2	File	/cgi-bin/wapopen	predictive	Wysoki
3	File	/htdocs/upnpinc/gena.php	predictive	Wysoki
4	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	Wysoki
5	File	/xxxxxxx/xxxxx/xxxxx.xxx	predictive	Wysoki
6	File	/xxxxxxx/	predictive	Medium
7	File	xxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.x	predictive	Wysoki
8	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Wysoki
9	File	xxxxxxxx.xxx	predictive	Medium
10	File	xxx.xxx?xxx=xxxxx_xxxx	predictive	Wysoki
11	File	xxxxxxxxxxxxxx/xxxxxxx.xxx	predictive	Wysoki
12	File	xx_xxxxxxx_xxxxxxx.xxx	predictive	Wysoki
13	File	xxxxxxxx.xxx	predictive	Medium
14	File	xx-xxxxxxxxxxx.xxx	predictive	Wysoki
15	File	~/xx-xxxxxxxx.xxx	predictive	Wysoki
16	Argument	$_xxxxxx['xxx_xxxx']	predictive	Wysoki
17	Argument	--xxxx=xxx	predictive	Medium
18	Argument	xxxxxxxx	predictive	Medium
19	Argument	xxx	predictive	Niski
20	Argument	xxxxxxxxxx	predictive	Medium
21	Argument	xxxxxxxx	predictive	Medium
22	Argument	xxxxxxxx	predictive	Medium
23	Argument	xxxxx	predictive	Niski
24	Argument	xxxxxx_xx	predictive	Medium
25	Argument	xxxx_xxxx	predictive	Medium
26	Argument	xxx	predictive	Niski
27	Argument	xxx	predictive	Niski
28	Argument	xxxxxxxx/xxxx	predictive	Wysoki
29	Input Value	../..	predictive	Niski

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!