Poisoned Hurricane Análise

IOB - Indicator of Behavior (26)

Curso de tempo

Idioma

en20
zh4
fr2

País

cn12
kr8
us6

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

ASUS RT-AX86U2
Eclipse Jetty2
TP-LINK TL-WR840N2
TP-LINK TL-WR841N2
RoundCube Webmail2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Microsoft IIS direitos alargados10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.60697CVE-2008-0075
2Google Android HidHostService.java okToConnect direitos alargados8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00142CVE-2019-2036
3RoundCube Webmail Config Setting rcube_image.php direitos alargados8.58.2$0-$5kCalculadoNot DefinedOfficial Fix0.000.08122CVE-2020-12641
4Microsoft Windows Excesso de tampão10.09.0$100k e mais$5k-$25kProof-of-ConceptOfficial Fix0.000.09563CVE-2009-4310
5Oracle GlassFish Server ADMIN Interface Roteiro Cruzado de Sítios4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00141CVE-2013-1515
6ASUS RT-AX86U httpd module blocking_request.cgi Excesso de tampão7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00384CVE-2020-36109
7Telesquare SDT-CW3B1 direitos alargados7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.95567CVE-2021-46422
8Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00128CVE-2022-37969
9Alcatel Lucent-7750 SR Default Account Fraca autenticação4.44.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.030.00000
10VMware Spring Cloud Function SpEL Expression direitos alargados9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97537CVE-2022-22963
11Microsoft IIS IP/Domain Restriction direitos alargados6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00817CVE-2014-4078
12Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.5$100k e mais$0-$5kProof-of-ConceptOfficial Fix0.020.97271CVE-2021-31166
13Citrix Application Delivery Controller/Gateway Management Interface Fraca autenticação8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00308CVE-2019-18225
14Eclipse Jetty 404 Error Path Divulgação de Informação5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00359CVE-2019-10247
15JustSystems Ichitaro Excesso de tampão10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.000.01388CVE-2013-5990
16TP-LINK TL-WR840N/TL-WR841N Session Fraca autenticação8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.030.30057CVE-2018-11714
17UnZip Password Protected ZIP Archive Excesso de tampão7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.060.04577CVE-2015-7696
18myPHPNuke print.php Roteiro Cruzado de Sítios4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.00220CVE-2008-4089
19NAT32 Falsificação de Pedido Cross Site6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.20845CVE-2018-6941
20MidiCart PHP Shopping Cart item_show.php Injecção SQL6.36.0$0-$5kCalculadoProof-of-ConceptNot Defined0.050.00000

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • Poisoned Hurricane

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
127.122.13.204Poisoned Hurricane01/09/2021verifiedAlto
259.125.42.16759-125-42-167.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane01/01/2021verifiedAlto
359.125.42.16859-125-42-168.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane01/01/2021verifiedAlto
461.78.32.139Poisoned HurricanePoisoned Hurricane01/01/2021verifiedAlto
561.78.32.148Poisoned HurricanePoisoned Hurricane01/01/2021verifiedAlto
661.78.34.179Poisoned Hurricane01/09/2021verifiedAlto
7XX.XX.XX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
8XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
9XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
10XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
12XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
13XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
14XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
15XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
16XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
17XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
18XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
19XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
20XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
21XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
22XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
23XXX.XXX.XX.XXXXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
24XXX.XX.X.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
25XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
26XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
27XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx01/01/2021verifiedAlto
28XXX.XXX.XXX.XXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
29XXX.XXX.XXX.XXXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto
30XXX.XX.XXX.XXxxxxxxx Xxxxxxxxx01/09/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
2T1059CWE-88, CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/shell?cmdpredictiveMédio
2Fileblocking_request.cgipredictiveAlto
3Filexxxxxxxxxxxxxx.xxxxpredictiveAlto
4Filexxxx_xxxx.xxxpredictiveAlto
5Filexxxxx.xxxpredictiveMédio
6Filexxxxx_xxxxx.xxxpredictiveAlto
7Argumentxxxx_xxpredictiveBaixo
8ArgumentxxxpredictiveBaixo

Referências (4)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!