KeyBoy Analysis

IOB - Indicator of Behavior (112)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en88
zh24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

hk88
cn20
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

KeyBoy4
Zegost1
xStart1
Panda1
Purple Fox1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Content Management System12
WordPress Plugin6
Application Server Software4
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
F54
Oracle4
Citrix4
GNU4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress8
cPanel4
GNU Mailman4
Extreme EXOS4
QNAP NAS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1F5 BIG-IP Advanced WAF/BIG-IP ASM MySQL Database resource consumption3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-23053
2Extreme EXOS access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2017-14330
3D-Link DAP-1360 Telnet Service authorization8.58.3$5k-$25k$0-$5kNot DefinedWorkaround0.010.01136CVE-2019-18666
4Joomla CMS denial of service5.34.6$5k-$25kCalculatingProof-of-ConceptOfficial Fix0.030.00885CVE-2014-7229
5Mailman input validation6.56.2$0-$5kCalculatingNot DefinedOfficial Fix0.010.01018CVE-2018-13796
6Allegro RomPager Cookie code7.36.4$0-$5k$0-$5kHighOfficial Fix0.000.71190CVE-2014-9222
7nginx Error Page request smuggling6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01537CVE-2019-20372
8urllib3 Authority incorrect regex3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01108CVE-2021-33503
9Host Discard Service privileges management7.37.1$0-$5k$0-$5kHighWorkaround0.060.00885CVE-1999-0636
10Apache XML Graphics Batik JAR URL server-side request forgery6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.09029CVE-2022-40146
11Parse Server Download Request input validation6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-39313
12TP-Link Tapo C200 uhttpd command injection9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.070.23848CVE-2021-4045
13ZKTeco ZKBiosecurity baseOpLog.do sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00890CVE-2022-36635
14Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.38457CVE-2017-9833
15kkFileview pathname traversal3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2021-43734
16kkFileView URL Parameter OnlinePreviewController.java cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-29349
17Oracle MySQL Server OpenSSL buffer overflow9.89.6$100k and more$5k-$25kNot DefinedOfficial Fix0.060.04720CVE-2021-3711
18Oracle MySQL Server curl use after free8.17.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.09801CVE-2021-22901
19Apache HTTP Server HTTP2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.070.05242CVE-2020-9490

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.125.12.147spk.cloudie.hkKeyBoyverifiedHigh
2XXX.XX.XXX.XXXXxxxxxverifiedHigh
3XXX.XXX.XXX.XXXXxxxxxverifiedHigh
4XXX.XXX.XXX.XXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.ssh/authorized_keyspredictiveHigh
2File/baseOpLog.dopredictiveHigh
3File/cgi-bin/api-get_line_statuspredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/controller/OnlinePreviewController.javapredictiveHigh
6File/exportpredictiveLow
7File/xxxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
8Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
9Filexxxx.xpredictiveLow
10Filexxx/xxxxxxx.xxpredictiveHigh
11Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
12Filexxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxx/xxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
16Filexxxxxxx/xxxxx/xx/xxxxx.xxxpredictiveHigh
17Filexxxxxxxxx.xxxpredictiveHigh
18Filexxx_xxxxxxxx.xpredictiveHigh
19Filexx-xxxxxxx/xx-xxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxxxx.xxpredictiveHigh
21Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
22FilexxxxxxpredictiveLow
23Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
24Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveHigh
25Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
26Filexx-xxxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Library/xxx/xxx/xxxx.xxxpredictiveHigh
29Libraryxxxxxxxx.xxx.xxxxxxxxx.xxxxxx()predictiveHigh
30ArgumentxxxxpredictiveLow
31Argumentxxxxxxxxxx_xxxxpredictiveHigh
32Argumentxxx_xxpredictiveLow
33ArgumentxxxxxxxpredictiveLow
34ArgumentxxxxxpredictiveLow
35ArgumentxxxxxxxxxxpredictiveMedium
36ArgumentxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxpredictiveLow
38ArgumentxxxxxpredictiveLow
39ArgumentxxxxpredictiveLow
40Argumentxxxxxxxxxxx/xxxxxxxxxpredictiveHigh
41ArgumentxxxpredictiveLow
42ArgumentxxxpredictiveLow
43ArgumentxxxxxxxxpredictiveMedium
44Input Value../..predictiveLow
45Input Value/%xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!