KeyBoy 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

言語

en	994
zh	6

国・地域

us	988
hk	12

アクター

KeyBoy	1
Zegost	1
Purple Fox	1

関心

タイプ

Not Defined	12
Content Management System	4
Smartphone Operating System	4
Router Operating System	2
E-Commerce Management Software	2

ベンダー

Not Defined	6
TRENDnet	4
Google	4
Ubiquiti	2
SourceCodester	2

製品

Google Android	4
Ubiquiti EdgeRouter X	2
SourceCodester Alphaware Simple E-Commerce System	2
PbootCMS	2
PHPEMS	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	TRENDnet TEW-652BRP Web Management Interface get_set.ccp 特権昇格	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.12	CVE-2023-0611
2	TRENDNet TEW-811DRU httpd guestnetwork.asp メモリ破損	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00060	0.12	CVE-2023-0617
3	TRENDnet TEW-652BRP Web Service cfg_op.ccp メモリ破損	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.08	CVE-2023-0618
4	TRENDnet TEW-652BRP Web Interface ping.ccp 特権昇格	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.04	CVE-2023-0640
5	TRENDnet TEW-811DRU Web Management Interface wan.asp メモリ破損	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00133	0.07	CVE-2023-0637
6	TRENDnet TEW-811DRU httpd security.asp メモリ破損	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.04	CVE-2023-0613
7	Netgear WNDR3700v2 Web Interface サービス拒否	4.3	4.2	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00135	0.16	CVE-2023-0850
8	TP-Link Archer C50 Web Management Interface サービス拒否	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00074	0.05	CVE-2023-0936
9	SourceCodester E-Commerce System クロスサイトスクリプティング	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.04	CVE-2023-1569
10	SourceCodester Alphaware Simple E-Commerce System SQLインジェクション	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.04	CVE-2023-1504
11	Ubiquiti EdgeRouter X OSPF 特権昇格 [係争状態]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.00	CVE-2023-1458
12	SourceCodester E-Commerce System setDiscount.php SQLインジェクション	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.08	CVE-2023-1505
13	SourceCodester Alphaware Simple E-Commerce System edit_customer.php SQLインジェクション	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.08	CVE-2023-1502
14	SourceCodester Alphaware Simple E-Commerce System admin_index.php SQLインジェクション	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.04	CVE-2023-1503
15	OpenStack Nova noVNC Redirect	4.9	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.92596	0.04	CVE-2021-3654
16	Google Android U-Boot Privilege Escalation	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00083	0.04	CVE-2023-48425
17	Google Android メモリ破損	3.9	3.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00000	0.00
18	RaidenMAILD Mail Server ディレクトリトラバーサル	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.03	CVE-2024-32399
19	PbootCMS クロスサイトスクリプティング	3.6	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.20	CVE-2024-1018
20	WordPress SQLインジェクション	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.125.12.147	spk.cloudie.hk	KeyBoy	2022年03月27日	verified	高
2	XXX.XX.XXX.XXX		Xxxxxx	2022年03月27日	verified	高
3	XXX.XXX.XXX.XXX		Xxxxxx	2022年03月27日	verified	高
4	XXX.XXX.XXX.XX		Xxxxxx	2022年03月27日	verified	高

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
3	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/admin.php?p=/Area/index#tab=t2	predictive	高
2	File	/ecommerce/admin/settings/setDiscount.php	predictive	高
3	File	/webeditor/	predictive	中
4	File	/wireless/guestnetwork.asp	predictive	高
5	File	/xxxxxxxx/xxxxxxxx.xxx	predictive	高
6	File	xxxxx/xxxxx_xxxxx.xxx	predictive	高
7	File	xxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	高
8	File	xxx_xx.xxx	predictive	中
9	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	高
10	File	xxx_xxx.xxx	predictive	中
11	File	xxxx.xxx	predictive	中
12	File	xxx.xxx	predictive	低
13	Library	xxx/xxxxxxx.xxx.xxx	predictive	高
14	Argument	xxxx	predictive	低
15	Argument	xxxxxx_xxx_xx	predictive	高
16	Argument	xxxxxxxx	predictive	中
17	Argument	xxxxx/xxxxxxxx	predictive	高
18	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	高
19	Argument	xx	predictive	低
20	Argument	xxxx	predictive	低
21	Argument	xxxxxxxx/xxxxxxxx	predictive	高
22	Argument	x_xxxx	predictive	低
23	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	高
24	Input Value	<xxxxxx>xxxxx('x')</xxxxxx>	predictive	高
25	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	高
26	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	高
27	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!