HyperBro Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (110)

Curso de tempo

Idioma

en82
zh16
ru8
de4

País

us70
cn26
ru8
af2
nl2

Actores

HyperBro11
Cobalt Strike4
RedLine Stealer2
Vidar2
IcedID2

Actividades

Interesse

Curso de tempo

Tipo

Not Defined28
Content Management System8
Mail Client Software6
Web Browser6
WordPress Plugin6

Fabricante

Not Defined34
Microsoft18
Google4
Cisco4
Ametys2

Produto

Microsoft Windows4
Microsoft Office4
Microsoft Excel4
Google Chrome4
Kubernetes2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2MediaWiki Submission index.php Roteiro Cruzado de Sítios5.85.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001760.02CVE-2012-4378
3RoundCube Injecção SQL6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005940.02CVE-2021-44026
4Yoast SEO Plugin REST Endpoint posts Divulgação de Informação3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001730.00CVE-2021-25118
5OpenSSH Authentication Username Divulgação de Informação5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.41CVE-2016-6210
6Vmware Workspace ONE Access/Identity Manager Template direitos alargados9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974360.06CVE-2022-22954
7MinIO Admin API Fraca autenticação8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.06CVE-2020-11012
8Microsoft Windows MSHTML Remote Code Execution8.87.9$100k e mais$5k-$25kProof-of-ConceptOfficial Fix0.968740.02CVE-2021-40444
9Fortinet FortiMail/FortiVoiceEntreprise Password Change Fraca autenticação8.58.5$0-$5k$0-$5kHighNot Defined0.020960.02CVE-2020-9294
10jforum User direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
11Fortinet FortiOS SSL-VPN Excesso de tampão9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.018420.05CVE-2024-21762
12Jitsi URL direitos alargados8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.03CVE-2022-43550
13Roundcube SVG Document rcube_washtml.php Roteiro Cruzado de Sítios5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006800.00CVE-2023-5631
14Byzoro Smart S210 Management Platform uploadfile.php direitos alargados7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2024-0939
15nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.41CVE-2020-12440
16Totolink LR1200GB cstecgi.cgi setIpPortFilterRules Excesso de tampão9.18.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000840.05CVE-2024-0576
17OMGF GDPR Compliant, Faster Google Fonts Plugin direitos alargados7.17.0$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2023-6600
18Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2023-27363
19Microsoft Windows Themes ThemeBleed Remote Code Execution8.88.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.858380.05CVE-2023-38146
20MGB OpenSource Guestbook email.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.013021.22CVE-2007-0354

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
18.218.77.161HyperBro11/03/2023verifiedAlto
245.77.32.13945.77.32.139.vultrusercontent.comHyperBro29/03/2023verifiedAlto
345.77.250.14145.77.250.141.vultrusercontent.comHyperBro29/03/2023verifiedAlto
4XX.XX.XXX.XXXxx.xxx-x.xxXxxxxxxx30/03/2023verifiedAlto
5XX.XXX.XX.XXXXxxxxxxx01/04/2023verifiedAlto
6XX.XX.XXX.XXXXxxxxxxx30/03/2023verifiedAlto
7XXX.XX.XX.XXXXxxxxxxx29/03/2023verifiedAlto
8XXX.XX.XX.XXXxxxxxxx01/04/2023verifiedAlto
9XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxx31/03/2023verifiedAlto
10XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx01/04/2023verifiedAlto
11XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxXxxxxxxx01/04/2023verifiedAlto
12XXX.XX.XXX.XXXXxxxxxxx11/03/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/+CSCOE+/logon.htmlpredictiveAlto
2File/cgi-bin/cstecgi.cgipredictiveAlto
3File/debug/pprofpredictiveMédio
4File/h/predictiveBaixo
5File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveAlto
6File/public/launchNewWindow.jsppredictiveAlto
7File/rapi/read_urlpredictiveAlto
8File/xxxx/xxxxxxxxxx.xxxpredictiveAlto
9File/xxxxxxx/predictiveMédio
10Filexxxxx/xxxxx_xxxx.xxxpredictiveAlto
11Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveAlto
12Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveAlto
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
14Filexxxxxxx.xxxxpredictiveMédio
15Filexxxxx.xxxpredictiveMédio
16Filexxxxx.xxxpredictiveMédio
17Filexxxxxxxxxxxxxx.xxxxpredictiveAlto
18Filexxxxx.xxxpredictiveMédio
19Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
20Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveAlto
21Filexxx/xxxx.xxxpredictiveMédio
22Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveAlto
23Filexxxxx.xxxpredictiveMédio
24Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveAlto
25Filexxxxxxxxxx.xxxpredictiveAlto
26Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveAlto
27Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
28Filexxxx.xpredictiveBaixo
29Filexxxx-xxxxxx.xpredictiveAlto
30Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
31Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
32Filexx/xx/xxxxxpredictiveMédio
33File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveAlto
34Libraryxxxxx.xxxpredictiveMédio
35Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveAlto
36Argumentxxxx_xxpredictiveBaixo
37ArgumentxxxxxxxxpredictiveMédio
38ArgumentxxxxxxxxxpredictiveMédio
39ArgumentxxxxxxxxxxxpredictiveMédio
40Argumentxxxx_xxxxxxpredictiveMédio
41ArgumentxxxxxpredictiveBaixo
42ArgumentxxxxpredictiveBaixo
43ArgumentxxpredictiveBaixo
44ArgumentxxxpredictiveBaixo
45ArgumentxxxxxxxxxxpredictiveMédio
46Argumentxx_xxpredictiveBaixo
47ArgumentxxxxxxxxpredictiveMédio
48Argumentxxxxxx/xxxxxx_xxxxxxpredictiveAlto
49ArgumentxxxxxpredictiveBaixo
50ArgumentxxxxxxxpredictiveBaixo
51ArgumentxxxxxxxpredictiveBaixo
52ArgumentxxxpredictiveBaixo
53ArgumentxxxxxxxpredictiveBaixo
54Argumentx-xxxxxxxxx-xxxxxxpredictiveAlto
55Argument_xxx_xxxxxxxxxxx_predictiveAlto
56Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!