Handymanny تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (86)

التسلسل الزمني

اللغة

en72
fr6
sv4
ru4

البلد

us34
ru8
me8
pl6
fr4

الفاعلين

Moobot_fbot_handymanny2
Muhstik1
Bashlite1
STRRAT1
Hakai & Yowai1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined26
Content Management System8
Web Server8
Operating System8
Forum Software4

المجهز

Not Defined30
Microsoft8
Unisoc4
Linux4
Woltlab2

منتج

Unisoc SC7731E4
Unisoc SC9832E4
Unisoc SC9863A4
Unisoc T3104
Unisoc T6064

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Linux Kernel Netfilter nf_conntrack_irc.c nf_conntrack_irc Remote Code Execution6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00207CVE-2022-2663
3systemd unit-name.c alloca الحرمان من الخدمة6.56.2$0-$5kجاري الحسابNot DefinedOfficial Fix0.020.00044CVE-2021-33910
4Citrix NetScaler ADC/NetScaler Gateway تجاوز الصلاحيات9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.000.92538CVE-2023-3519
5HoYoVerse Genshin Impact Anti-Cheat Driver Function Call mhyprot2.sys Privilege Escalation7.77.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00177CVE-2020-36603
6SourceCodester Free and Open Source Inventory Management System edit_product.php حقن إس كيو إل7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.130.00061CVE-2023-7155
7Totolink X2000R Gh formPasswordSetup تلف الذاكرة7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00082CVE-2023-51135
8Netmaker DNS تشفير ضعيف6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00060CVE-2023-32077
9code-projects Water Billing System addbill.php حقن إس كيو إل7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00063CVE-2023-7097
10Gordon Böhme and Antonio Leutsch Structured Content wpsc Plugin سكربتات مشتركة5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00045CVE-2023-49820
11Manage Notification E-mails Plugin تجاوز الصلاحيات6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00052CVE-2023-6496
12Unisoc S8000 Wifi Service تلف الذاكرة5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00042CVE-2022-48464
13Unisoc S8000 Telephony Service الكشف عن المعلومات4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00042CVE-2023-42715
14Apache DolphinScheduler الكشف عن المعلومات5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00056CVE-2023-48796
15Concrete CMS File Creation Mkdir تجاوز الصلاحيات8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00068CVE-2023-48648
16FFmpeg evc_ps.c ref_pic_list_struct تلف الذاكرة6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00140CVE-2023-47470
17mooSocial mooDating URL ajax_invite سكربتات مشتركة4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00235CVE-2023-3845
18WP Discord Invite Plugin Setting طلب تزوير مشترك4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00107CVE-2023-5006
19Samsung Exynos Auto T5123 RLC Module تلف الذاكرة6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00046CVE-2023-41112
20Huawei EMUI QMI Service Module تلف الذاكرة6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00046CVE-2023-46772

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
1185.112.82.89server-185-112-82-89.creanova.orgHandymanny11/02/2022verifiedعالي
2XXX.XXX.XX.XXXXxxxxxxxxx11/02/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/addbill.phppredictiveمتوسط
2File/ample/app/action/edit_product.phppredictiveعالي
3File/cfgpredictiveواطئ
4File/conf/predictiveواطئ
5File/controller/AdminController.phppredictiveعالي
6File/etc/quantum/quantum.confpredictiveعالي
7File/friends/ajax_invitepredictiveعالي
8File/xxxxx.xxxpredictiveمتوسط
9File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveعالي
10File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveعالي
11File/xxxxx/xxxxxx.xxxpredictiveعالي
12Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveعالي
13Filexxxxx/xxxx.xxxpredictiveعالي
14Filexxxx.xxxpredictiveمتوسط
15Filexxx_xxxxx.xxxpredictiveعالي
16Filexx/xxxxxx_xxx.xxxpredictiveعالي
17Filexxxxx/xxxx-xxxx.xpredictiveعالي
18Filexxxxxxxx.xxxpredictiveمتوسط
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
20Filexxxx_xxxx.xpredictiveمتوسط
21Filexxxxx.xxxpredictiveمتوسط
22Filexxxxxx/xxxxxx/xxxx.xpredictiveعالي
23Filexxxxxxxxxx/xxx_xx.xpredictiveعالي
24Filexxxxxxxxxxx/xxxxxxx.xpredictiveعالي
25Filexxxxxxxx.xxxpredictiveمتوسط
26Filexxx_xxxxx_xxxxx.xpredictiveعالي
27Filexxx/xxxxxxxxx/xx_xxxxxxxxx_xxx.xpredictiveعالي
28Filexxx/xxxxx.xxxxpredictiveعالي
29Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveعالي
30Filexxxxxxxx.xxxpredictiveمتوسط
31Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxpredictiveعالي
32Filexxx/xxxxxxx.xpredictiveعالي
33Filexxxxxx.xpredictiveمتوسط
34Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveعالي
35Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveعالي
36Libraryxxxxxxxx.xxxpredictiveمتوسط
37Argumentxxxpredictiveواطئ
38Argumentxxxxx[]predictiveواطئ
39Argumentxxxxxx_xxxxxxxxxxpredictiveعالي
40Argumentxxxxxxpredictiveواطئ
41Argumentxxxpredictiveواطئ
42Argumentxxxpredictiveواطئ
43Argumentxxxxxxxxpredictiveمتوسط
44Argumentxxpredictiveواطئ
45Argumentxxpredictiveواطئ
46Argumentxxxxxpredictiveواطئ
47Argumentxxxxxx_xxpredictiveمتوسط
48Argumentxxxpredictiveواطئ
49Argumentxxxxxxxxxpredictiveمتوسط
50Argumentx[]predictiveواطئ
51Argumentxxxxxxx[]predictiveمتوسط
52Argumentxxxpredictiveواطئ
53Argumentxxxxxxxxpredictiveمتوسط
54Argumentxxxxxxxx/xxxxpredictiveعالي
55Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxpredictiveعالي
56Input Value..predictiveواطئ
57Input Value../predictiveواطئ
58Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveعالي
59Input Valuexxx=/&xxxpredictiveمتوسط
60Input Valuexxxpredictiveواطئ
61Network Portxxx/xxxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!