Hworm Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Lang

en	16
ru	10
ko	2

Land

de	28

Skådespelare

Hworm	1
HawkEye	1

Intressera

Typ

Not Defined	12
Programming Tool Software	2
Operating System	2
Network Management Software	2
Router Operating System	2

Säljare

D-Link	6
Not Defined	4
GNU	2
Linux	2
Samsung	2

Produkt

GNU Binutils	2
Linux Kernel	2
Samsung Exynos Modem 5123	2
Samsung Exynos Modem 5300	2
Samsung Exynos 980	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Netgear R6700/R6700v3/R6900 fwSchedule.cgi minneskorruption	8.0	7.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00307	0.07	CVE-2023-30280
2	codeprojects Pharmacy Management System Avatar Image add.php privilegier eskalering	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00148	0.12	CVE-2023-0918
3	Rockwell Automation FactoryTalk View Site Edition förnekande av tjänsten	7.5	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2023-46289
4	Node.js Uint8Array kataloggenomgång	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.02	CVE-2023-39332
5	NVIDIA GeForce Now Game Launcher Local Privilege Escalation	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.02	CVE-2023-31014
6	NVIDIA DGX H100 BMC Host KVM Daemon minneskorruption	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.05	CVE-2023-25527
7	GNU Binutils compare_symbols förnekande av tjänsten	5.6	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.03	CVE-2022-47696
8	Keycloak cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.04	CVE-2021-20323
9	Kofax Power PDF File Parser minneskorruption	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.00	CVE-2023-42037
10	Asus RT-AX55 privilegier eskalering	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00247	0.04	CVE-2023-39780
11	D-Link DAP-2622 DDP Service minneskorruption	8.8	8.4	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00000	0.00	CVE-2023-35730
12	D-Link DIR-868L FUN_0000acb4 minneskorruption	7.6	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00063	0.03	CVE-2023-39667
13	Juniper Junos OS bbe-smgd privilegier eskalering	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2023-28974
14	TOTOLINK CP300+ HTTP Packet NTPSyncWithHostof privilegier eskalering	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06283	0.00	CVE-2023-31856
15	D-Link DCS-936L info.cgi informationsgivning	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00621	0.02	CVE-2018-18441
16	Samsung Exynos Auto T5123 SIP Status Line minneskorruption	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.00	CVE-2023-29085
17	SourceCodester Lost and Found Information System GET Parameter sql injektion	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00089	0.04	CVE-2023-2699
18	NTP refclock_palisade.c praecis_parse minneskorruption	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00050	0.03	CVE-2023-26555
19	NTP mstolfp.c mstolfp minneskorruption	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.02	CVE-2023-26553
20	Linux Kernel Performance Events System core.c perf_group_detach minneskorruption	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.01	CVE-2023-2235

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	52.42.161.75	ec2-52-42-161-75.us-west-2.compute.amazonaws.com	Hworm		23/12/2020	verified	Medium
2	XX.XX.XX.XX	xxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx		23/12/2020	verified	Hög

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Hög
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/common/info.cgi	predictive	Hög
2	File	add.php	predictive	Låg
3	File	xxxxx/?xxxx=xxxxx/xxxx_xxxx	predictive	Hög
4	File	xx/xxxxxx/xxxxxxx.x	predictive	Hög
5	File	xxxxxxxxxx.xxx	predictive	Hög
6	File	xxxxxx/xxxxxx/xxxx.x	predictive	Hög
7	File	xxxxxx/xxxxxxx.x	predictive	Hög
8	File	xxxx/xxxxxxxx_xxxxxxxx.x	predictive	Hög
9	File	xxx_xxxxxx_xxx.x	predictive	Hög
10	File	xxxxxx	predictive	Låg
11	Argument	xxxxxxxxxxxx	predictive	Medium
12	Argument	xxxxxxxx	predictive	Medium
13	Argument	xx	predictive	Låg
14	Argument	xxxxx_x	predictive	Låg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!