KeyBoy Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en998
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us996
hk4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

TRENDnet TEW-652BRP4
SourceCodester E-Commerce System4
SourceCodester Alphaware Simple E-Commerce System4
PHPEMS2
TRENDnet TEW-811DRU2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection8.88.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00076CVE-2023-0611
2TRENDNet TEW-811DRU httpd guestnetwork.asp buffer overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00060CVE-2023-0617
3TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00097CVE-2023-0618
4TRENDnet TEW-652BRP Web Interface ping.ccp command injection8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01049CVE-2023-0640
5TRENDnet TEW-811DRU Web Management Interface wan.asp memory corruption6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.110.00133CVE-2023-0637
6TRENDnet TEW-811DRU httpd security.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00137CVE-2023-0613
7Netgear WNDR3700v2 Web Interface denial of service4.34.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.070.00135CVE-2023-0850
8TP-Link Archer C50 Web Management Interface denial of service6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00074CVE-2023-0936
9SourceCodester E-Commerce System cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00052CVE-2023-1569
10SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00152CVE-2023-1504
11Ubiquiti EdgeRouter X OSPF command injection [Disputed]8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00934CVE-2023-1458
12SourceCodester E-Commerce System setDiscount.php sql injection6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00152CVE-2023-1505
13SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00152CVE-2023-1502
14SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00152CVE-2023-1503
15Orchard CMS HTML Modal Dialog cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00051CVE-2022-32173
16PHPEMS Session Data session.cls.php deserialization7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00542CVE-2023-6654
17Tenda G1/G3 formSetDMZ command injection5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00152CVE-2022-24167

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.125.12.147spk.cloudie.hkKeyBoy03/27/2022verifiedHigh
2XXX.XX.XXX.XXXXxxxxx03/27/2022verifiedHigh
3XXX.XXX.XXX.XXXXxxxxx03/27/2022verifiedHigh
4XXX.XXX.XXX.XXXxxxxx03/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ecommerce/admin/settings/setDiscount.phppredictiveHigh
2File/wireless/guestnetwork.asppredictiveHigh
3File/wireless/security.asppredictiveHigh
4Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
5Filexxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveHigh
6Filexxx_xx.xxxpredictiveMedium
7Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
8Filexxx_xxx.xxxpredictiveMedium
9Filexxxx.xxxpredictiveMedium
10Filexxx.xxxpredictiveLow
11Libraryxxx/xxxxxxx.xxx.xxxpredictiveHigh
12ArgumentxxxxpredictiveLow
13Argumentxxxxxx_xxx_xxpredictiveHigh
14ArgumentxxxxxxxxpredictiveMedium
15Argumentxxxxx/xxxxxxxxpredictiveHigh
16Argumentxxxxxxxxx/xx/xxxxxxxxpredictiveHigh
17ArgumentxxpredictiveLow
18Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
19Argumentx_xxxxpredictiveLow
20Input Valuexxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)predictiveHigh
21Input Value<xxxxxx>xxxxx('x')</xxxxxx>predictiveHigh
22Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveHigh
23Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
24Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!