HelloXD Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (199)

Oś czasu

Język

en170
ru20
de4
fr2
it2

Kraj

ru96
us44
gb10
it6
tr4

Aktorzy

HelloXD4
Meterpreter1
Cobalt Strike1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined82
Web Server14
WordPress Plugin10
Operating System8
Firewall Software6

Sprzedawca

Not Defined70
Microsoft20
Apache10
Cisco8
IBM6

Produkt

Apache HTTP Server8
Cisco ASA6
Microsoft IIS6
Microsoft Windows6
Grafana4

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1F21 JWT Signature JWT.php privilege escalation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003070.03CVE-2015-2951
2Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.002630.11CVE-2022-22587
3Famatech Remote Administrator weak authentication7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.00
4systemd-resolved DNS Response privilege escalation6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.007060.00CVE-2017-9217
5AnyDesk Portable Mode gcapi.dll privilege escalation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.04CVE-2020-35483
6guzzlehttp psr7 HTTP Message nieznana luka5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001490.02CVE-2023-29197
7FreeBSD Ping pr_pack memory corruption7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-23093
8SourceCodester Garage Management System editbrand.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.07CVE-2022-2468
9Endian UTM Firewall changepw.cgi cross site request forgery4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Gitea privilege escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2021-45327
11Microsoft Windows Installer Privilege Escalation8.37.5$100k i więcej$0-$5kProof-of-ConceptOfficial Fix0.000430.02CVE-2021-43883
12Apache Guacamole Connection History privilege escalation4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.000660.00CVE-2020-11997
13Wireless IP Camera 360 Service Port 9527 weak authentication7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.012010.03CVE-2017-11634
14nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.19CVE-2020-12440
15Hughes mSQL memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.015980.05CVE-1999-0276
16Xiaomi Router privilege escalation7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.000780.02CVE-2023-26320
17Dreamer CMS Password Hash Calculation UserController.java updatePwd denial of service5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.04CVE-2023-2473
18iamdroppy phoenixcf articles.cfm sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.07CVE-2011-10001
19Creative Minds CM Download Manager Plugin deletescreenshot cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2020-24145
20Video Downloader for TikTok Plugin Parameter directory traversal5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002440.00CVE-2020-24143

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
145.15.19.130HelloXD2022-08-04verifiedWysoki
2XX.XX.XXX.XXxx-xx.xxxx-xxx.xx-xxxxx.xxx.xxXxxxxxx2022-08-04verifiedWysoki
3XX.XXX.XX.XXXXxxxxxx2022-08-04verifiedWysoki
4XXX.XX.XXX.XXxxx.xxxXxxxxxx2022-08-04verifiedWysoki
5XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2022-08-04verifiedWysoki

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveWysoki
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveWysoki
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveWysoki
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
15TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
16TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File.bash_historypredictiveWysoki
2File.procmailrcpredictiveMedium
3File/+CSCOE+/logon.htmlpredictiveWysoki
4File/cgi-bin/changepw.cgipredictiveWysoki
5File/debug/pprofpredictiveMedium
6File/editbrand.phppredictiveWysoki
7File/etc/raspap/hostapd/enablelog.shpredictiveWysoki
8File/infusions/shoutbox_panel/shoutbox_admin.phppredictiveWysoki
9File/xxx/xxxxxpredictiveMedium
10File/xxxxxxx/xxxpredictiveMedium
11File/xxxxxxx/predictiveMedium
12Filexxxxx_xxxxxxxx.xxxpredictiveWysoki
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveWysoki
15Filexxxxxxxxxxxx.xxxpredictiveWysoki
16Filexxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxxpredictiveWysoki
17Filexxxxxxxxxxxxxxxxxx.xxpredictiveWysoki
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxx/xxx/xxx-xxx.xpredictiveWysoki
20Filexxxxxx.xpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexx/xxx/xxxxxxx/xxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveWysoki
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx/xxxx/xxxx.xxpredictiveWysoki
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveWysoki
27Filexxx/xxxxxxx/xxx/xxxxxx/xxxxxxx/xxx.xxx.xxxxxxxxxxxxxx.xxxxx.xxxxxxxpredictiveWysoki
28Filexxx.xxxpredictiveNiski
29Filexxxxxxxx.xpredictiveMedium
30Filexxxxxxxxxx/xxxxxxx.xpredictiveWysoki
31Filexxxxx.xxxxpredictiveMedium
32Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveWysoki
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxx/xxxxxx/xxxxxxpredictiveWysoki
35Filexxxxxxxx.xpredictiveMedium
36Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveWysoki
37Filexxx_xxxxx_xxx.xpredictiveWysoki
38Filexxx.xxxpredictiveNiski
39Filexxxxxxxxxxxxxx.xxxxpredictiveWysoki
40Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveWysoki
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxx.xxxxx.xxxxxxpredictiveWysoki
43Filexxxxx-xxxxxx.xxxpredictiveWysoki
44Filexxxx.xxxpredictiveMedium
45Library/_xxx_xxx/xxxxx.xxxpredictiveWysoki
46Libraryxxxxx.xxxpredictiveMedium
47Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxxx.xxpredictiveWysoki
48Libraryxxxx.xxxxxpredictiveMedium
49Argument$xxxxxx/$xxxxxxxxxxx_xxxx/$xxxxx_xxxxx/$xxxxx_xxxxpredictiveWysoki
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxx_xxpredictiveNiski
53ArgumentxxxxxxxxxxpredictiveMedium
54ArgumentxxxxpredictiveNiski
55ArgumentxxpredictiveNiski
56ArgumentxxxxxxxxxxxxxpredictiveWysoki
57ArgumentxxpredictiveNiski
58Argumentxxxx_xxpredictiveNiski
59Argumentxxx-xx-xxxxxxxx-xxxxxpredictiveWysoki
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxpredictiveNiski
63Argumentxxxxxxx_xxxxpredictiveMedium
64Argumentxxxx_xxpredictiveNiski
65ArgumentxxxxxxpredictiveNiski
66Argumentxxxxxx_xxxxpredictiveMedium
67ArgumentxxxxxpredictiveNiski
68Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveWysoki
69Input ValuexxxxxxpredictiveNiski
70Pattern|xx|xx|xx|predictiveMedium
71Network Portxxx/xxxxpredictiveMedium
72Network Portxxx xxxxxx xxxxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you know our Splunk app?

Download it now for free!