Poisoned Hurricane 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (26)

时间轴

语言

en18
fr4
zh4

国家/地区

cn14
us6
kr6

演员

Poisoned Hurricane5
Zusy1

活动

利益

时间轴

类型

Not Defined10
Cloud Software2
Application Server Software2
Router Operating System2
Connectivity Software2

供应商

Not Defined4
ASUS2
VMware2
Oracle2
JustSystems2

产品

ASUS RT-AX86U2
VMware Spring Cloud Function2
Oracle GlassFish Server2
JustSystems Ichitaro2
myPHPNuke2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft IIS 权限升级10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.606970.03CVE-2008-0075
2Google Android HidHostService.java okToConnect 权限升级8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001420.02CVE-2019-2036
3RoundCube Webmail Config Setting rcube_image.php 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.091190.04CVE-2020-12641
4Microsoft Windows 内存损坏10.09.0$100k 以及更多$5k-$25kProof-of-ConceptOfficial Fix0.095630.00CVE-2009-4310
5Oracle GlassFish Server ADMIN Interface 跨网站脚本4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001410.00CVE-2013-1515
6ASUS RT-AX86U httpd module blocking_request.cgi 内存损坏7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003840.02CVE-2020-36109
7Telesquare SDT-CW3B1 权限升级7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.955670.04CVE-2021-46422
8Microsoft Windows Common Log File System Driver Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.001250.02CVE-2022-37969
9Alcatel Lucent-7750 SR Default Account 弱身份验证4.44.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.05
10VMware Spring Cloud Function SpEL Expression 权限升级9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.975370.02CVE-2022-22963
11Microsoft IIS IP/Domain Restriction 权限升级6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.03CVE-2014-4078
12Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.5$100k 以及更多$0-$5kProof-of-ConceptOfficial Fix0.973220.00CVE-2021-31166
13Citrix Application Delivery Controller/Gateway Management Interface 弱身份验证8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003080.02CVE-2019-18225
14Eclipse Jetty 404 Error Path 信息公开5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.006950.04CVE-2019-10247
15JustSystems Ichitaro 内存损坏10.010.0$0-$5k$0-$5kNot DefinedNot Defined0.013880.00CVE-2013-5990
16TP-LINK TL-WR840N/TL-WR841N Session 弱身份验证8.57.5$0-$5k$0-$5kProof-of-ConceptWorkaround0.300570.04CVE-2018-11714
17UnZip Password Protected ZIP Archive 内存损坏7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.045770.06CVE-2015-7696
18myPHPNuke print.php 跨网站脚本4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002200.01CVE-2008-4089
19NAT32 跨网站请求伪造6.55.9$0-$5k计算Proof-of-ConceptNot Defined0.208450.00CVE-2018-6941
20MidiCart PHP Shopping Cart item_show.php SQL注入6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05

活动 (1)

These are the campaigns that can be associated with the actor:

  • Poisoned Hurricane

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
127.122.13.204Poisoned Hurricane2021-09-01verified
259.125.42.16759-125-42-167.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane2021-01-01verified
359.125.42.16859-125-42-168.hinet-ip.hinet.netPoisoned HurricanePoisoned Hurricane2021-01-01verified
461.78.32.139Poisoned HurricanePoisoned Hurricane2021-01-01verified
561.78.32.148Poisoned HurricanePoisoned Hurricane2021-01-01verified
661.78.34.179Poisoned Hurricane2021-09-01verified
7XX.XX.XX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
8XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
9XXX.XXX.XXX.XXXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
10XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx2021-09-01verified
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxx.xx.xxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
12XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
13XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxxXxxxxxxx Xxxxxxxxx2021-09-01verified
14XXX.XX.XXX.XXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
15XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
16XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
17XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx Xxxxxxxxx2021-09-01verified
18XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
19XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx2021-09-01verified
20XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx2021-09-01verified
21XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx2021-09-01verified
22XXX.XXX.XXX.XXXXxxxxxxx Xxxxxxxxx2021-09-01verified
23XXX.XXX.XX.XXXXxxxxxxx Xxxxxxxxx2021-09-01verified
24XXX.XX.X.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
25XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
26XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
27XXX.XXX.XXX.Xxxx.xx.xxxXxxxxxxx XxxxxxxxxXxxxxxxx Xxxxxxxxx2021-01-01verified
28XXX.XXX.XXX.XXxxxxxxx Xxxxxxxxx2021-09-01verified
29XXX.XXX.XXX.XXXxxxxxxx Xxxxxxxxx2021-09-01verified
30XXX.XX.XXX.XXxxxxxxx Xxxxxxxxx2021-09-01verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
2T1059CWE-88, CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/shell?cmdpredictive
2Fileblocking_request.cgipredictive
3Filexxxxxxxxxxxxxx.xxxxpredictive
4Filexxxx_xxxx.xxxpredictive
5Filexxxxx.xxxpredictive
6Filexxxxx_xxxxx.xxxpredictive
7Argumentxxxx_xxpredictive
8Argumentxxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!