Handymanny Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en44
fr4
es1

Country

us16
ru11
pl5
fr3
cn1

Actors

Handymanny49

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2Zen Cart ajax.php path traversal8.18.1$0-$5k$0-$5kHighNot Defined0.00CVE-2015-8352
3lighttpd Log File mod_mysql_vhost.c injection6.45.5$0-$5k$0-$5kUnprovenOfficial Fix0.05CVE-2015-3200
4WordPress Network Settings Page cross site scripting6.15.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2016-6634
5WordPress class-wp-posts-list-table.php access control5.44.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2012-6635
6WPML Plugin menus-sync.php sync access control6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2015-2791
7Microsoft Office Object data processing7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2017-8570
8GNU wget HTTP Redirect File 7pk security6.86.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2016-4971
9Microsoft Office RTF memory corruption7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-0797
10Dropbear SSH input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2016-7406
11lighttpd mod_evhost/mod_simple_vhost path traversal5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2013-2324
12lighttpd request.c http_request_split_value resource management7.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2012-5533
13lighttpd Log File http_auth.c injection7.56.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2015-3200
14Apple macOS WindowServer Keylogger 7pk security6.05.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2018-4131
15Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.88CVE-2014-4078
16Rocklobster Contact Form 7 access control5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2014-2265
17WordPress Press This class-wp-press-this.php information disclosure6.36.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2017-5610
18ViewVC cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.01CVE-2017-5938
19Linux Kernel offset2lib Patch execve access control6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2017-1000370
20Ocean12 Technologies Calendar Manager Pro main.asp sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.07CVE-2006-2264

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
1185.112.82.89server-185-112-82-89.creanova.orgHigh
2185.244.25.200High

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1211CWE-2547PK Security FeaturesHigh

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/cfgLow
2File/etc/quantum/quantum.confHigh
3File/index.phpMedium
4File/iwguestbook/admin/badwords_edit.aspHigh
5File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxHigh
6Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxHigh
7Filexxxxx/xxxx.xxxHigh
8Filexxxx.xxxMedium
9Filexx/xxxxxx_xxx.xxxHigh
10Filexxxxxxxx.xxxMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
12Filexxxx_xxxx.xMedium
13Filexxxxx.xxxMedium
14Filexxxxxxxxxxx/xxxxxxx.xHigh
15Filexxx_xxxxx_xxxxx.xHigh
16Filexxx/xxxxx.xxxxHigh
17Filexxxxxxxx.xxxMedium
18Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxHigh
19Filexxx/xxxxxxx.xHigh
20Filexxxxxx.xMedium
21Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxHigh
22Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxHigh
23ArgumentxxxLow
24Argumentxxxxx[]Low
25ArgumentxxxLow
26ArgumentxxxxxxxxMedium
27ArgumentxxLow
28ArgumentxxxxxLow
29ArgumentxxxLow
30ArgumentxxxxxxxxxMedium
31Argumentx[]Low
32Argumentxxxxxxx[]Medium
33ArgumentxxxLow
34Argumentxxxxxxxx/xxxxHigh
35Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxHigh
36Input Value..Low
37Input Value../Low
38Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#High
39Input Valuexxx=/&xxxMedium
40Input ValuexxxLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!