Hexmen Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en36
zh3
ja2
es1
de1

Country

us36
cn8

Actors

Hexmen34
Groundhog11

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.83CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
3Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined2.48CVE-2009-2814
4Cisco Unified Contact Center Management Portal Web-based Management Interface access control8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-20658
5Extreme Networks ExtremeWireless Aerohive HiveOS/IQ Engine NetConfig UI Administrative Interface code injection8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2020-16152
6Linux Kernel fib6_rules.c fib6_rule_suppress release of resource6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-18198
7Linux Kernel ip6_fib.c fib6_rule_lookup exceptional condition4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-20422
8Open-Xchange OX AppSuite Backend server-side request forgery7.56.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.02CVE-2018-5752
9FreeBSD out-of-bounds read8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-15874
10FreeBSD TCP SYN-ACK Kernel Memory information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-7451
11Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP information disclosure5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-33880
12Microsoft Windows TCP/IP Remote Code Execution9.88.5$100k and more$25k-$100kUnprovenOfficial Fix0.03CVE-2021-24094
13Apache HTTP Server mod_cache null pointer dereference5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.08CVE-2013-4352
14PHP phpinfo cross site scriting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.62CVE-2007-1287
15HP Service Manager Web Tier cross site scripting4.34.1$5k-$25k$0-$5kHighOfficial Fix0.00CVE-2013-6198
16ZenPhoto export cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2013-7241
17phpMyAdmin Error Reporting Page php weakness4.34.1$5k-$25k$0-$5kHighOfficial Fix0.01CVE-2014-8960
18Microsoft Windows TCP/IP Stack information disclosure5.35.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.03CVE-2019-1324
19GNOME empathy empathy-theme-adium.c theme_adium_append_message cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2011-4170
20Secomea GateManager Header improper enforcement of message integrity4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2021-32004

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-284Execution with Unnecessary PrivilegesHigh
3T1499CWE-404Resource ConsumptionHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/secure/EditSubscription.jspaHigh
2Filedata/gbconfiguration.datHigh
3FileDIAE_HandlerAlarmGroup.ashxHigh
4Filexxxxxxx-xxxxx-xxxxx.xHigh
5Filexxx/xxxxxx.xxxHigh
6Filexxxxxxxx/xxx_xxxxx_xxxxxxx_xxxxxxx_xxxx.xxxHigh
7Filexxxxx/xxxxxxxxx/xxxxxxxxHigh
8Filexx.xxxxx.xxxxHigh
9Filexxx/xxxx/xxxx_xxxxx.xHigh
10Filexxx/xxxx/xxx_xxx.xHigh
11Filexxxxxx.xxxMedium
12Filexxxx-xxxxxxxx.xxxHigh
13Filexxxx.xxLow
14ArgumentxxxxxxxxMedium
15ArgumentxxxxxLow
16ArgumentxxxxLow
17ArgumentxxxxLow
18Argumentxxx_xxxxxx_x_xxx_xxxxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!