Handymanny 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (86)

タイムライン

言語

en72
ru10
fr4

国・地域

us26
ru18
me10
fr4
pl2

アクター

Moobot_fbot_handymanny2
Muhstik1
Bashlite1
STRRAT1
Hakai & Yowai1

アクティビティ

関心

タイムライン

タイプ

Not Defined30
Web Server6
Operating System6
Forum Software4
Content Management System4

ベンダー

Not Defined36
Linux4
XiongMai2
Unisoc2
Matt Wright2

製品

lighttpd4
Linux Kernel4
ViewVC2
XiongMai uc-httpd2
Unisoc SC7731E2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.02CVE-2007-1192
2Linux Kernel Netfilter nf_conntrack_irc.c nf_conntrack_irc Remote Code Execution6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002070.04CVE-2022-2663
3systemd unit-name.c alloca サービス拒否6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2021-33910
4Citrix NetScaler ADC/NetScaler Gateway 特権昇格9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.911860.07CVE-2023-3519
5HoYoVerse Genshin Impact Anti-Cheat Driver Function Call mhyprot2.sys Privilege Escalation7.77.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001590.04CVE-2020-36603
6SourceCodester Free and Open Source Inventory Management System edit_product.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.03CVE-2023-7155
7Totolink X2000R Gh formPasswordSetup メモリ破損7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2023-51135
8Netmaker DNS 弱い暗号化6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.068230.03CVE-2023-32077
9code-projects Water Billing System addbill.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2023-7097
10Gordon Böhme and Antonio Leutsch Structured Content wpsc Plugin クロスサイトスクリプティング5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-49820
11Manage Notification E-mails Plugin 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000520.07CVE-2023-6496
12Unisoc S8000 Wifi Service メモリ破損5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2022-48464
13Unisoc S8000 Telephony Service 情報の漏洩4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-42715
14Apache DolphinScheduler 情報の漏洩5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2023-48796
15Concrete CMS File Creation Mkdir 特権昇格8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2023-48648
16FFmpeg evc_ps.c ref_pic_list_struct メモリ破損6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001400.02CVE-2023-47470
17mooSocial mooDating URL ajax_invite クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002350.04CVE-2023-3845
18WP Discord Invite Plugin Setting 未知の脆弱性4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001070.03CVE-2023-5006
19Samsung Exynos Auto T5123 RLC Module メモリ破損6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000460.02CVE-2023-41112
20Huawei EMUI QMI Service Module メモリ破損6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000460.00CVE-2023-46772

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1185.112.82.89server-185-112-82-89.creanova.orgHandymanny2022年02月11日verified
2XXX.XXX.XX.XXXXxxxxxxxxx2022年02月11日verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/addbill.phppredictive
2File/ample/app/action/edit_product.phppredictive
3File/cfgpredictive
4File/conf/predictive
5File/controller/AdminController.phppredictive
6File/etc/quantum/quantum.confpredictive
7File/friends/ajax_invitepredictive
8File/xxxxx.xxxpredictive
9File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictive
10File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictive
11File/xxxxx/xxxxxx.xxxpredictive
12Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictive
13Filexxxxx/xxxx.xxxpredictive
14Filexxxx.xxxpredictive
15Filexxx_xxxxx.xxxpredictive
16Filexx/xxxxxx_xxx.xxxpredictive
17Filexxxxx/xxxx-xxxx.xpredictive
18Filexxxxxxxx.xxxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxx_xxxx.xpredictive
21Filexxxxx.xxxpredictive
22Filexxxxxx/xxxxxx/xxxx.xpredictive
23Filexxxxxxxxxx/xxx_xx.xpredictive
24Filexxxxxxxxxxx/xxxxxxx.xpredictive
25Filexxxxxxxx.xxxpredictive
26Filexxx_xxxxx_xxxxx.xpredictive
27Filexxx/xxxxxxxxx/xx_xxxxxxxxx_xxx.xpredictive
28Filexxx/xxxxx.xxxxpredictive
29Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
30Filexxxxxxxx.xxxpredictive
31Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxpredictive
32Filexxx/xxxxxxx.xpredictive
33Filexxxxxx.xpredictive
34Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictive
35Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
36Libraryxxxxxxxx.xxxpredictive
37Argumentxxxpredictive
38Argumentxxxxx[]predictive
39Argumentxxxxxx_xxxxxxxxxxpredictive
40Argumentxxxxxxpredictive
41Argumentxxxpredictive
42Argumentxxxpredictive
43Argumentxxxxxxxxpredictive
44Argumentxxpredictive
45Argumentxxpredictive
46Argumentxxxxxpredictive
47Argumentxxxxxx_xxpredictive
48Argumentxxxpredictive
49Argumentxxxxxxxxxpredictive
50Argumentx[]predictive
51Argumentxxxxxxx[]predictive
52Argumentxxxpredictive
53Argumentxxxxxxxxpredictive
54Argumentxxxxxxxx/xxxxpredictive
55Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxpredictive
56Input Value..predictive
57Input Value../predictive
58Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictive
59Input Valuexxx=/&xxxpredictive
60Input Valuexxxpredictive
61Network Portxxx/xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!