Hangover Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (89)

Язык

en	84
pt	4
pl	2

Страна

us	46
nl	4
ru	4
au	2
ch	2

Акторы

Hangover	3
RedLine Stealer	3
Mirai	3
Remcos	3
Nanocore RAT	3

Интерес

Тип

Not Defined	30
Operating System	8
Web Server	6
WordPress Plugin	4
Content Management System	4

Поставщик

Not Defined	26
Microsoft	14
Apple	6
SITEL	2
Lesterchan	2

Продукт

Microsoft Windows	8
Microsoft IIS	4
Apple iOS	4
SITEL CAP	2
SITEL PRX	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-20818
2	Cisco IOS XE Self-Healing эскалация привилегий	7.3	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00042	0.06	CVE-2022-20855
3	Apple iOS ImageIO отказ в обслуживании	6.4	6.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03533	0.00	CVE-2016-1811
4	Acme Mini HTTPd Terminal эскалация привилегий	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00303	0.04	CVE-2009-4490
5	Cisco SD-WAN CLI Privilege Escalation	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20775
6	Apple iOS CommonCrypto раскрытие информации	5.4	5.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2016-1802
7	Microsoft IIS межсайтовый скриптинг	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.07	CVE-2017-0055
8	Microsoft Word wwlib Remote Code Execution	8.0	7.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.45352	0.00	CVE-2023-21716
9	Linux Kernel TPM Device повреждение памяти	7.6	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-2977
10	D-Link Go-RT-AC750 gena.php эскалация привилегий	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00121	0.03	CVE-2022-36523
11	Multivendor Marketplace Solution for WooCommerce Order Status неизвестная уязвимость	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2022-2657
12	taviso Lotus 1-2-3 Worksheet process_fmt повреждение памяти	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2022-39843
13	image-tiler эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.00	CVE-2020-28451
14	Apple macOS Kernel раскрытие информации	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.00	CVE-2022-32817
15	Irfan Skiljan IrfanView ShowPlugInSaveOptions_W повреждение памяти	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00057	0.00	CVE-2020-23561
16	Microsoft Windows Defender Credential Guard Privilege Escalation	8.3	7.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-34711
17	Microsoft Windows Kerberos Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00121	0.00	CVE-2022-30165
18	Microsoft Windows Kerberos AppContainer Privilege Escalation	8.9	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-30164
19	Microsoft Windows Network File System Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.88909	0.05	CVE-2022-30136
20	Vmware Workspace ONE Access слабая аутентификация	9.8	9.1	$25k-$100k	$0-$5k	Functional	Official Fix	0.58483	0.00	CVE-2022-22972

Кампании (1)

These are the campaigns that can be associated with the actor:

WindShift

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	37.46.150.102		Hangover	WindShift	29.08.2021	verified	Высокий
2	37.59.175.131	ip131.ip-37-59-175.eu	Hangover		01.01.2021	verified	Высокий
3	45.133.1.133		Hangover	WindShift	29.08.2021	verified	Высокий
4	XX.XX.XXX.XXX	xxxxxxxxxxx.xxx-xxx.xx.xx	Xxxxxxxx		01.01.2021	verified	Высокий
5	XX.X.XXX.XX		Xxxxxxxx		01.01.2021	verified	Высокий
6	XXX.XXX.XX.XXX	xxx.xxxxxxxxxxx.xxx.xx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
7	XXX.XXX.XX.XXX	xxxx.xx.xxxxxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
8	XXX.XX.XXX.XXX		Xxxxxxxx		01.01.2021	verified	Высокий
9	XXX.XX.XX.XXX	xxxx-xxxxx.xxxxxxx.xxxx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
10	XXX.XXX.XXX.XX	xxx-xxxx.xxxxx--xxxxxxx.xxx	Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
11	XXX.XXX.XX.XXX		Xxxxxxxx	Xxxxxxxxx	29.08.2021	verified	Высокий
12	XXX.XXX.XX.XXX	xxxxxx.xxxxxxxxxxxxxx.xxx	Xxxxxxxx		01.01.2021	verified	Высокий

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22, CWE-25	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CWE-94	Argument Injection	predictive	Высокий
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	Высокий
10	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Высокий
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	.procmailrc	predictive	Средний
2	File	/cgi-bin/wapopen	predictive	Высокий
3	File	/htdocs/upnpinc/gena.php	predictive	Высокий
4	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	Высокий
5	File	/xxxxxxx/xxxxx/xxxxx.xxx	predictive	Высокий
6	File	/xxxxxxx/	predictive	Средний
7	File	xxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.x	predictive	Высокий
8	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Высокий
9	File	xxxxxxxx.xxx	predictive	Средний
10	File	xxx.xxx?xxx=xxxxx_xxxx	predictive	Высокий
11	File	xxxxxxxxxxxxxx/xxxxxxx.xxx	predictive	Высокий
12	File	xx_xxxxxxx_xxxxxxx.xxx	predictive	Высокий
13	File	xxxxxxxx.xxx	predictive	Средний
14	File	xx-xxxxxxxxxxx.xxx	predictive	Высокий
15	File	~/xx-xxxxxxxx.xxx	predictive	Высокий
16	Argument	$_xxxxxx['xxx_xxxx']	predictive	Высокий
17	Argument	--xxxx=xxx	predictive	Средний
18	Argument	xxxxxxxx	predictive	Средний
19	Argument	xxx	predictive	Низкий
20	Argument	xxxxxxxxxx	predictive	Средний
21	Argument	xxxxxxxx	predictive	Средний
22	Argument	xxxxxxxx	predictive	Средний
23	Argument	xxxxx	predictive	Низкий
24	Argument	xxxxxx_xx	predictive	Средний
25	Argument	xxxx_xxxx	predictive	Средний
26	Argument	xxx	predictive	Низкий
27	Argument	xxx	predictive	Низкий
28	Argument	xxxxxxxx/xxxx	predictive	Высокий
29	Input Value	../..	predictive	Низкий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!