HyperBro Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (112)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en80
zh16
ru10
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us64
cn32
ru8
nl2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HyperBro11
Cobalt Strike4
RedLine Stealer2
IcedID2
Donot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Content Management System12
Groupware Software10
Operating System4
Connectivity Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft16
Synacor6
Foxit2
Signal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
OpenSSH4
WordPress4
Synacor Zimbra Collaboration Suite4
MinIO2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2MediaWiki Submission index.php cross site scripting5.85.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001760.00CVE-2012-4378
3RoundCube sql injection6.36.0$0-$5k$0-$5kHighOfficial Fix0.005960.04CVE-2021-44026
4Yoast SEO Plugin REST Endpoint posts information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.04CVE-2021-25118
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.28CVE-2016-6210
6Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974600.00CVE-2022-22954
7MinIO Admin API authentication bypass8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2020-11012
8Microsoft Windows MSHTML Remote Code Execution8.88.2$25k-$100k$5k-$25kHighOfficial Fix0.968210.00CVE-2021-40444
9Fortinet FortiMail/FortiVoiceEntreprise Password Change improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.020960.03CVE-2020-9294
10jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
11JFrog Artifactory input validation8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.21CVE-2024-4142
12Zimbra Collaboration Suite Document Endpoint cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2023-45206
13Fortinet FortiOS SSL-VPN out-of-bounds write9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.018420.04CVE-2024-21762
14Jitsi URL os command injection8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2022-43550
15Roundcube SVG Document rcube_washtml.php cross site scripting5.35.2$0-$5k$0-$5kHighOfficial Fix0.006800.05CVE-2023-5631
16Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2024-0939
17nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.01CVE-2020-12440
18Totolink LR1200GB cstecgi.cgi setIpPortFilterRules stack-based overflow9.18.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001090.08CVE-2024-0576
19OMGF GDPR Compliant, Faster Google Fonts Plugin authorization7.17.0$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2023-6600
20Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.04CVE-2023-27363

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
18.218.77.161HyperBro03/11/2023verifiedHigh
245.77.32.13945.77.32.139.vultrusercontent.comHyperBro03/29/2023verifiedHigh
345.77.250.14145.77.250.141.vultrusercontent.comHyperBro03/29/2023verifiedHigh
4XX.XX.XXX.XXXxx.xxx-x.xxXxxxxxxx03/30/2023verifiedHigh
5XX.XXX.XX.XXXXxxxxxxx04/01/2023verifiedHigh
6XX.XX.XXX.XXXXxxxxxxx03/30/2023verifiedHigh
7XXX.XX.XX.XXXXxxxxxxx03/29/2023verifiedHigh
8XXX.XX.XX.XXXxxxxxxx04/01/2023verifiedHigh
9XXX.XXX.XXX.XXXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxx03/31/2023verifiedHigh
10XXX.XXX.XXX.XXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx04/01/2023verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxXxxxxxxx04/01/2023verifiedHigh
12XXX.XX.XXX.XXXXxxxxxxx03/11/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx-xxx Xxxx Xxxxxxx XxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/cgi-bin/cstecgi.cgipredictiveHigh
3File/debug/pprofpredictiveMedium
4File/h/predictiveLow
5File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
6File/public/launchNewWindow.jsppredictiveHigh
7File/rapi/read_urlpredictiveHigh
8File/xxxx/xxxxxxxxxx.xxxpredictiveHigh
9File/xxxxxxx/predictiveMedium
10Filexxxxx/xxxxx_xxxx.xxxpredictiveHigh
11Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveHigh
12Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxxpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
20Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
21Filexxx/xxxx.xxxpredictiveMedium
22Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveHigh
27Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
28Filexxxx.xpredictiveLow
29Filexxxx-xxxxxx.xpredictiveHigh
30Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
31Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
32Filexx/xx/xxxxxpredictiveMedium
33File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveHigh
34Libraryxxxxx.xxxpredictiveMedium
35Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
36Argumentxxxx_xxpredictiveLow
37ArgumentxxxxxxxxpredictiveMedium
38ArgumentxxxxxxxxxpredictiveMedium
39ArgumentxxxxxxxxxxxpredictiveMedium
40Argumentxxxx_xxxxxxpredictiveMedium
41ArgumentxxxxxpredictiveLow
42ArgumentxxxxpredictiveLow
43ArgumentxxpredictiveLow
44ArgumentxxxpredictiveLow
45ArgumentxxxxxxxxxxpredictiveMedium
46Argumentxx_xxpredictiveLow
47ArgumentxxxxxxxxpredictiveMedium
48Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
49ArgumentxxxxxpredictiveLow
50ArgumentxxxxxxxpredictiveLow
51ArgumentxxxxxxxpredictiveLow
52ArgumentxxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
55Argument_xxx_xxxxxxxxxxx_predictiveHigh
56Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!