HelloXD Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (199)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en168
ru24
de6
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru92
us52
gb6
it4
tr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HelloXD4
Cobalt Strike1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined66
Web Server18
Content Management System12
Operating System10
Network Camera Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined58
Microsoft22
Apache8
Siemens6
Cisco6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS10
Apache HTTP Server6
Microsoft Windows6
IBM Guardium Data Encryption6
Wireless IP Camera 3604

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1F21 JWT Signature JWT.php input validation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003070.03CVE-2015-2951
2Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.002630.04CVE-2022-22587
3Famatech Remote Administrator improper authentication7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.00
4systemd-resolved DNS Response input validation6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.007060.00CVE-2017-9217
5AnyDesk Portable Mode gcapi.dll uncontrolled search path6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.04CVE-2020-35483
6guzzlehttp psr7 HTTP Message interpretation conflict5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-29197
7FreeBSD Ping pr_pack stack-based overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-23093
8SourceCodester Garage Management System editbrand.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000980.08CVE-2022-2468
9Endian UTM Firewall changepw.cgi cross-site request forgery4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Gitea permission6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2021-45327
11Microsoft Windows Installer Privilege Escalation8.37.5$100k and more$0-$5kProof-of-ConceptOfficial Fix0.000430.00CVE-2021-43883
12Apache Guacamole Connection History permission4.94.9$5k-$25k$5k-$25kNot DefinedNot Defined0.000660.00CVE-2020-11997
13Wireless IP Camera 360 Service Port 9527 hard-coded credentials7.57.4$0-$5k$0-$5kNot DefinedWorkaround0.012010.03CVE-2017-11634
14nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.32CVE-2020-12440
15Hughes mSQL memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.015980.05CVE-1999-0276
16Xiaomi Router command injection7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.000780.02CVE-2023-26320
17Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001280.00CVE-2023-2473
18iamdroppy phoenixcf articles.cfm sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.08CVE-2011-10001
19Creative Minds CM Download Manager Plugin deletescreenshot cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.001210.00CVE-2020-24145
20Video Downloader for TikTok Plugin Parameter pathname traversal5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002440.00CVE-2020-24143

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.15.19.130HelloXD08/04/2022verifiedHigh
2XX.XX.XXX.XXxx-xx.xxxx-xxx.xx-xxxxx.xxx.xxXxxxxxx08/04/2022verifiedHigh
3XX.XXX.XX.XXXXxxxxxx08/04/2022verifiedHigh
4XXX.XX.XXX.XXxxx.xxxXxxxxxx08/04/2022verifiedHigh
5XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx08/04/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.bash_historypredictiveHigh
2File.procmailrcpredictiveMedium
3File/+CSCOE+/logon.htmlpredictiveHigh
4File/cgi-bin/changepw.cgipredictiveHigh
5File/debug/pprofpredictiveMedium
6File/editbrand.phppredictiveHigh
7File/etc/raspap/hostapd/enablelog.shpredictiveHigh
8File/infusions/shoutbox_panel/shoutbox_admin.phppredictiveHigh
9File/xxx/xxxxxpredictiveMedium
10File/xxxxxxx/xxxpredictiveMedium
11File/xxxxxxx/predictiveMedium
12Filexxxxx_xxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxx-xx-xxxxxx-xxxxx.xxxpredictiveHigh
15Filexxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxx/x-xxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxxxxxxxxxx.xxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxx/xxx/xxx-xxx.xpredictiveHigh
20Filexxxxxx.xpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexx/xxx/xxxxxxx/xxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx/xxxx/xxxx.xxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxx/xx/xxxx_xxxxxx.xxpredictiveHigh
27Filexxx/xxxxxxx/xxx/xxxxxx/xxxxxxx/xxx.xxx.xxxxxxxxxxxxxx.xxxxx.xxxxxxxpredictiveHigh
28Filexxx.xxxpredictiveLow
29Filexxxxxxxx.xpredictiveMedium
30Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
31Filexxxxx.xxxxpredictiveMedium
32Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxx/xxxxxx/xxxxxxpredictiveHigh
35Filexxxxxxxx.xpredictiveMedium
36Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
37Filexxx_xxxxx_xxx.xpredictiveHigh
38Filexxx.xxxpredictiveLow
39Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
40Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxx.xxxxx.xxxxxxpredictiveHigh
43Filexxxxx-xxxxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
46Libraryxxxxx.xxxpredictiveMedium
47Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxxx.xxpredictiveHigh
48Libraryxxxx.xxxxxpredictiveMedium
49Argument$xxxxxx/$xxxxxxxxxxx_xxxx/$xxxxx_xxxxx/$xxxxx_xxxxpredictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxx_xxpredictiveLow
53ArgumentxxxxxxxxxxpredictiveMedium
54ArgumentxxxxpredictiveLow
55ArgumentxxpredictiveLow
56ArgumentxxxxxxxxxxxxxpredictiveHigh
57ArgumentxxpredictiveLow
58Argumentxxxx_xxpredictiveLow
59Argumentxxx-xx-xxxxxxxx-xxxxxpredictiveHigh
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxxxxxpredictiveMedium
62ArgumentxxxxpredictiveLow
63Argumentxxxxxxx_xxxxpredictiveMedium
64Argumentxxxx_xxpredictiveLow
65ArgumentxxxxxxpredictiveLow
66Argumentxxxxxx_xxxxpredictiveMedium
67ArgumentxxxxxpredictiveLow
68Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
69Input ValuexxxxxxpredictiveLow
70Pattern|xx|xx|xx|predictiveMedium
71Network Portxxx/xxxxpredictiveMedium
72Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!