Handymanny Analysis

IOB - Indicator of Behavior (57)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52
ru4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30
ru12
pl4
cn2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Handymanny1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Web Server8
Operating System4
Content Management System4
Network Camera Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Microsoft8
Seafile2
Google2
Tencent2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

lighttpd4
Seafile Server2
Seafile Server Professional Edition2
Wireless IP Camera WIFICAM2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2HoYoVerse Genshin Impact Anti-Cheat Driver Function Call mhyprot2.sys Privilege Escalation7.77.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.01365CVE-2020-36603
3Wireless IP Camera WIFICAM RTSP Server improper authentication6.46.2$0-$5k$0-$5kNot DefinedWorkaround0.040.00885CVE-2017-8223
4XiongMai uc-httpd memory corruption8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.08382CVE-2018-10088
5Amazon Web Services FreeRTOS ARP Packet eARPProcessPacket information disclosure5.75.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2018-16600
6Oracle Fusion Middleware MapViewer Apache Batik input validation6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.03032CVE-2020-11987
7Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2019-12215
8Microsoft Windows BitLocker Local Privilege Escalation6.15.3$25k-$100k$0-$5kUnprovenOfficial Fix0.060.02427CVE-2021-38632
9Zen Cart ajax.php path traversal8.18.1$0-$5kCalculatingHighNot Defined0.050.08382CVE-2015-8352
10Email Subscribers / Newsletters Administrative Dashboard wp_ajax privileges management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2019-19980
11OpenStack Dashboard Package quantum.conf Password information disclosure4.44.4$0-$5kCalculatingNot DefinedNot Defined0.030.00890CVE-2012-5476
12ReviewBoard unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01440CVE-2013-4796
13SonicWALL Viewpoint Security Dashboard Reflected cross site scripting3.53.2$0-$5kCalculatingNot DefinedOfficial Fix0.000.00000
14Woltlab Burning Board Path information disclosure4.33.9$0-$5kCalculatingProof-of-ConceptNot Defined0.040.00000
15Forumer / IPB Board Show Topic index.php sql injection7.37.1$0-$5kCalculatingNot DefinedNot Defined0.010.00000
16IW Guestbook messages_edit.asp sql injection6.35.7$0-$5kCalculatingProof-of-ConceptNot Defined0.010.00000
17IW Guestbook badwords_edit.asp sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
18OmniSecure AddUrlShield index.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00000
19nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined6.850.00000CVE-2020-12440
20Auto-Surf Traffic Exchange Script register.php cross site scripting3.53.5$0-$5kCalculatingNot DefinedNot Defined0.080.00000

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1185.112.82.89server-185-112-82-89.creanova.orgHandymannyverifiedHigh
2XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cfgpredictiveLow
2File/etc/quantum/quantum.confpredictiveHigh
3File/index.phppredictiveMedium
4File/iwguestbook/admin/badwords_edit.asppredictiveHigh
5File/iwguestbook/admin/messages_edit.asppredictiveHigh
6Fileadmin.php?m=backup&c=backup&a=dobackpredictiveHigh
7Filexxxxx/xxxx.xxxpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexx/xxxxxx_xxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxx_xxxx.xpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxxxx/xxxxxxx.xpredictiveHigh
15Filexxx_xxxxx_xxxxx.xpredictiveHigh
16Filexxx/xxxxx.xxxxpredictiveHigh
17Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxpredictiveHigh
20Filexxx/xxxxxxx.xpredictiveHigh
21Filexxxxxx.xpredictiveMedium
22Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHigh
23Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
24Libraryxxxxxxxx.xxxpredictiveMedium
25ArgumentxxxpredictiveLow
26Argumentxxxxx[]predictiveLow
27ArgumentxxxpredictiveLow
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxpredictiveLow
30ArgumentxxxxxpredictiveLow
31ArgumentxxxpredictiveLow
32ArgumentxxxxxxxxxpredictiveMedium
33Argumentx[]predictiveLow
34Argumentxxxxxxx[]predictiveMedium
35ArgumentxxxpredictiveLow
36Argumentxxxxxxxx/xxxxpredictiveHigh
37Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxpredictiveHigh
38Input Value..predictiveLow
39Input Value../predictiveLow
40Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
41Input Valuexxx=/&xxxpredictiveMedium
42Input ValuexxxpredictiveLow
43Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!