KeyBoy Analysisinfo

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en982
zh18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

TRENDnet TEW-652BRP6
SourceCodester Alphaware Simple E-Commerce System4
aaPanel2
OpenStack Nova2
Microsoft Skype for Business Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TRENDNet TEW-811DRU httpd guestnetwork.asp buffer overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000860.09CVE-2023-0617
2TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection8.88.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.008400.08CVE-2023-0611
3TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption7.56.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.07CVE-2023-0618
4TRENDnet TEW-811DRU Web Management Interface wan.asp memory corruption6.56.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000660.09CVE-2023-0637
5TRENDnet TEW-652BRP Web Interface ping.ccp command injection8.17.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.006900.07CVE-2023-0640
6TRENDnet TEW-811DRU httpd security.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.09CVE-2023-0613
7Netgear WNDR3700v2 Web Interface denial of service4.34.2$5k-$25k$0-$5kProof-of-ConceptNot defined 0.000340.09CVE-2023-0850
8TP-Link Archer C50 Web Management Interface denial of service6.56.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000340.09CVE-2023-0936
9SourceCodester E-Commerce System controller.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000590.07CVE-2023-1569
10Ubiquiti EdgeRouter X OSPF command injection [Disputed]8.17.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.005110.07CVE-2023-1458
11SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.07CVE-2023-1504
12SourceCodester E-Commerce System setDiscount.php sql injection6.66.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.07CVE-2023-1505
13SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.00CVE-2023-1502
14SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.07CVE-2023-1503
15OpenStack Nova noVNC redirect4.94.7$0-$5k$0-$5kNot definedOfficial fixexpected0.905490.08CVE-2021-3654
16Adobe Commerce/Magento Open Source unrestricted upload8.58.3$5k-$25k$0-$5kNot definedOfficial fix 0.028250.08CVE-2024-39397
17aaPanel Websocket webssh os command injection4.64.6$0-$5k$0-$5kNot definedNot defined 0.003970.04CVE-2021-37840
18Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure6.05.9$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.938880.07CVE-2024-0305
19Microsoft Skype for Business Server information disclosure5.24.8$5k-$25k$0-$5kUnprovenOfficial fix 0.001340.00CVE-2024-20695
20aaPanel SSH Key pathname traversal3.53.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.031210.00CVE-2022-26252

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.125.12.147spk.cloudie.hkKeyBoy03/27/2022verifiedVery Low
2XXX.XX.XXX.XXXXxxxxx03/27/2022verifiedLow
3XXX.XXX.XXX.XXXXxxxxx03/27/2022verifiedLow
4XXX.XXX.XXX.XXXxxxxx03/27/2022verifiedLow

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/Area/index#tab=t2predictiveHigh
2File/api/upload.phppredictiveHigh
3File/ecommerce/admin/settings/setDiscount.phppredictiveHigh
4File/manage/IPSetup.phppredictiveHigh
5File/xxxxxxxxx/predictiveMedium
6File/xxxxxxpredictiveLow
7File/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
8File/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
9Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
10Filexxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveHigh
11Filexxx_xx.xxxpredictiveMedium
12Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
13Filexxx_xxx.xxxpredictiveMedium
14Filexxxx.xxxpredictiveMedium
15Filexxx.xxxpredictiveLow
16Libraryxxx/xxxxxxx.xxx.xxxpredictiveHigh
17ArgumentxxxxpredictiveLow
18Argumentxxxxxx_xxx_xxpredictiveHigh
19ArgumentxxxxxxxxpredictiveMedium
20Argumentxxxxx/xxxxxxxxpredictiveHigh
21Argumentxxxxxxxxx/xx/xxxxxxxxpredictiveHigh
22ArgumentxxxxpredictiveLow
23ArgumentxxpredictiveLow
24ArgumentxxxxpredictiveLow
25Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
26Argumentx_xxxxpredictiveLow
27Argumentxxxx->xxxxxxxpredictiveHigh
28Input Valuexxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)predictiveHigh
29Input Value<xxxxxx>xxxxx('x')</xxxxxx>predictiveHigh
30Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveHigh
31Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
32Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!