Handymanny Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (86)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en68
ru10
fr6
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
ru22
me8
pl6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Moobot_fbot_handymanny2
Muhstik1
Bashlite1
STRRAT1
Hakai & Yowai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Content Management System6
Web Server6
Operating System4
Multimedia Processing Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Linux4
Microsoft4
Unisoc4
Rocklobster2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
FFmpeg4
lighttpd4
Unisoc SC7731E4
Unisoc SC9832E4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Linux Kernel Netfilter nf_conntrack_irc.c nf_conntrack_irc communication channel to intended endpoints6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00207CVE-2022-2663
3systemd unit-name.c alloca allocation of resources6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00044CVE-2021-33910
4Citrix NetScaler ADC/NetScaler Gateway code injection9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.000.92538CVE-2023-3519
5HoYoVerse Genshin Impact Anti-Cheat Driver Function Call mhyprot2.sys Privilege Escalation7.77.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00177CVE-2020-36603
6SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00061CVE-2023-7155
7Totolink X2000R Gh formPasswordSetup stack-based overflow7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00082CVE-2023-51135
8Netmaker DNS hard-coded key6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00060CVE-2023-32077
9code-projects Water Billing System addbill.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00063CVE-2023-7097
10Gordon Böhme and Antonio Leutsch Structured Content wpsc Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2023-49820
11Manage Notification E-mails Plugin authorization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00052CVE-2023-6496
12Unisoc S8000 Wifi Service out-of-bounds write5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00042CVE-2022-48464
13Unisoc S8000 Telephony Service information disclosure4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00042CVE-2023-42715
14Apache DolphinScheduler information disclosure5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00056CVE-2023-48796
15Concrete CMS File Creation Mkdir permission8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00068CVE-2023-48648
16FFmpeg evc_ps.c ref_pic_list_struct buffer overflow6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00140CVE-2023-47470
17mooSocial mooDating URL ajax_invite cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00235CVE-2023-3845
18WP Discord Invite Plugin Setting cross-site request forgery4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00107CVE-2023-5006
19Samsung Exynos Auto T5123 RLC Module buffer overflow6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00046CVE-2023-41112
20Huawei EMUI QMI Service Module heap-based overflow6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00046CVE-2023-46772

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.112.82.89server-185-112-82-89.creanova.orgHandymanny02/11/2022verifiedHigh
2XXX.XXX.XX.XXXXxxxxxxxxx02/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/addbill.phppredictiveMedium
2File/ample/app/action/edit_product.phppredictiveHigh
3File/cfgpredictiveLow
4File/conf/predictiveLow
5File/controller/AdminController.phppredictiveHigh
6File/etc/quantum/quantum.confpredictiveHigh
7File/friends/ajax_invitepredictiveHigh
8File/xxxxx.xxxpredictiveMedium
9File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
10File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
11File/xxxxx/xxxxxx.xxxpredictiveHigh
12Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveHigh
13Filexxxxx/xxxx.xxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxx_xxxxx.xxxpredictiveHigh
16Filexx/xxxxxx_xxx.xxxpredictiveHigh
17Filexxxxx/xxxx-xxxx.xpredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxx_xxxx.xpredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
23Filexxxxxxxxxx/xxx_xx.xpredictiveHigh
24Filexxxxxxxxxxx/xxxxxxx.xpredictiveHigh
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxx_xxxxx_xxxxx.xpredictiveHigh
27Filexxx/xxxxxxxxx/xx_xxxxxxxxx_xxx.xpredictiveHigh
28Filexxx/xxxxx.xxxxpredictiveHigh
29Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxpredictiveHigh
32Filexxx/xxxxxxx.xpredictiveHigh
33Filexxxxxx.xpredictiveMedium
34Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHigh
35Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
36Libraryxxxxxxxx.xxxpredictiveMedium
37ArgumentxxxpredictiveLow
38Argumentxxxxx[]predictiveLow
39Argumentxxxxxx_xxxxxxxxxxpredictiveHigh
40ArgumentxxxxxxpredictiveLow
41ArgumentxxxpredictiveLow
42ArgumentxxxpredictiveLow
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxpredictiveLow
45ArgumentxxpredictiveLow
46ArgumentxxxxxpredictiveLow
47Argumentxxxxxx_xxpredictiveMedium
48ArgumentxxxpredictiveLow
49ArgumentxxxxxxxxxpredictiveMedium
50Argumentx[]predictiveLow
51Argumentxxxxxxx[]predictiveMedium
52ArgumentxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54Argumentxxxxxxxx/xxxxpredictiveHigh
55Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxpredictiveHigh
56Input Value..predictiveLow
57Input Value../predictiveLow
58Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
59Input Valuexxx=/&xxxpredictiveMedium
60Input ValuexxxpredictiveLow
61Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!