Hworm Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
ru12
ko2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Hworm1
HawkEye1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Router Operating System6
Operating System4
Programming Tool Software2
Automation Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

D-Link8
Linux2
Microsoft2
GNU2
Samsung2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

D-Link DIR-868L2
Linux Kernel2
Microsoft Windows2
GNU Binutils2
Samsung Exynos Modem 51232

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Netgear R6700/R6700v3/R6900 fwSchedule.cgi buffer overflow8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.003070.07CVE-2023-30280
2codeprojects Pharmacy Management System Avatar Image add.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2023-0918
3Rockwell Automation FactoryTalk View Site Edition denial of service7.57.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2023-46289
4Node.js Uint8Array path traversal7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2023-39332
5NVIDIA GeForce Now Game Launcher implicit intent4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2023-31014
6NVIDIA DGX H100 BMC Host KVM Daemon memory corruption7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000420.05CVE-2023-25527
7GNU Binutils compare_symbols denial of service5.65.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.03CVE-2022-47696
8Keycloak cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001730.04CVE-2021-20323
9Kofax Power PDF File Parser memory corruption6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2023-42037
10Asus RT-AX55 command injection7.17.0$0-$5k$0-$5kNot DefinedNot Defined0.002470.04CVE-2023-39780
11D-Link DAP-2622 DDP Service stack-based overflow8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.00CVE-2023-35730
12D-Link DIR-868L FUN_0000acb4 buffer overflow7.67.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000630.03CVE-2023-39667
13Juniper Junos OS bbe-smgd unusual condition6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2023-28974
14TOTOLINK CP300+ HTTP Packet NTPSyncWithHostof command injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.058940.00CVE-2023-31856
15D-Link DCS-936L info.cgi information disclosure6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006210.04CVE-2018-18441
16Samsung Exynos Auto T5123 SIP Status Line memory corruption6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2023-29085
17SourceCodester Lost and Found Information System GET Parameter sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.06CVE-2023-2699
18NTP refclock_palisade.c praecis_parse out-of-bounds write5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2023-26555
19NTP mstolfp.c mstolfp out-of-bounds write5.55.4$0-$5k$0-$5kNot DefinedNot Defined0.000700.00CVE-2023-26553
20Linux Kernel Performance Events System core.c perf_group_detach use after free7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.01CVE-2023-2235

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
152.42.161.75ec2-52-42-161-75.us-west-2.compute.amazonaws.comHworm12/23/2020verifiedMedium
2XX.XX.XX.XXxxxxxx.xx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx12/23/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/common/info.cgipredictiveHigh
2Fileadd.phppredictiveLow
3Filexxxxx/?xxxx=xxxxx/xxxx_xxxxpredictiveHigh
4Filexx/xxxxxx/xxxxxxx.xpredictiveHigh
5Filexxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
7Filexxxxxx/xxxxxxx.xpredictiveHigh
8Filexxxx/xxxxxxxx_xxxxxxxx.xpredictiveHigh
9Filexxx_xxxxxx_xxx.xpredictiveHigh
10FilexxxxxxpredictiveLow
11ArgumentxxxxxxxxxxxxpredictiveMedium
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxpredictiveLow
14Argumentxxxxx_xpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!