KeyBoy Analyse

IOB - Indicator of Behavior (1000)

Chronologie

Langue

en998
zh2

De campagne

us998
hk2

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

TRENDnet TEW-652BRP4
Tenda G12
Tenda G32
SourceCodester Alphaware Simple E-Commerce System2
Netgear WNDR3700v22

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1TRENDnet TEW-652BRP Web Management Interface get_set.ccp elévation de privilèges8.88.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00076CVE-2023-0611
2TRENDNet TEW-811DRU httpd guestnetwork.asp buffer overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00054CVE-2023-0617
3TRENDnet TEW-652BRP Web Service cfg_op.ccp buffer overflow7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00097CVE-2023-0618
4TRENDnet TEW-652BRP Web Interface ping.ccp elévation de privilèges8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00934CVE-2023-0640
5TRENDnet TEW-811DRU Web Management Interface wan.asp buffer overflow6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00133CVE-2023-0637
6TRENDnet TEW-811DRU httpd security.asp buffer overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00097CVE-2023-0613
7Netgear WNDR3700v2 Web Interface dénie de service4.34.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.050.00062CVE-2023-0850
8TP-Link Archer C50 Web Management Interface dénie de service6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00052CVE-2023-0936
9SourceCodester E-Commerce System cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00045CVE-2023-1569
10SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00100CVE-2023-1504
11Ubiquiti EdgeRouter X OSPF elévation de privilèges [Contesté]8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00591CVE-2023-1458
12SourceCodester E-Commerce System setDiscount.php sql injection6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00100CVE-2023-1505
13SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00100CVE-2023-1502
14SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00100CVE-2023-1503
15PHPEMS Session Data session.cls.php elévation de privilèges7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.630.00530CVE-2023-6654
16Tenda G1/G3 formSetDMZ elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00152CVE-2022-24167

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.125.12.147spk.cloudie.hkKeyBoy27/03/2022verifiedÉlevé
2XXX.XX.XXX.XXXXxxxxx27/03/2022verifiedÉlevé
3XXX.XXX.XXX.XXXXxxxxx27/03/2022verifiedÉlevé
4XXX.XXX.XXX.XXXxxxxx27/03/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1059.007CWE-79Cross Site ScriptingpredictiveÉlevé
2TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveÉlevé
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/ecommerce/admin/settings/setDiscount.phppredictiveÉlevé
2File/wireless/guestnetwork.asppredictiveÉlevé
3File/wireless/security.asppredictiveÉlevé
4Filexxxxx/xxxxx_xxxxx.xxxpredictiveÉlevé
5Filexxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveÉlevé
6Filexxx_xx.xxxpredictiveMoyen
7Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictiveÉlevé
8Filexxx_xxx.xxxpredictiveMoyen
9Filexxxx.xxxpredictiveMoyen
10Filexxx.xxxpredictiveFaible
11Libraryxxx/xxxxxxx.xxx.xxxpredictiveÉlevé
12ArgumentxxxxpredictiveFaible
13Argumentxxxxxx_xxx_xxpredictiveÉlevé
14ArgumentxxxxxxxxpredictiveMoyen
15Argumentxxxxx/xxxxxxxxpredictiveÉlevé
16Argumentxxxxxxxxx/xx/xxxxxxxxpredictiveÉlevé
17ArgumentxxpredictiveFaible
18Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
19Argumentx_xxxxpredictiveFaible
20Input Valuexxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)predictiveÉlevé
21Input Value<xxxxxx>xxxxx('x')</xxxxxx>predictiveÉlevé
22Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveÉlevé
23Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveÉlevé
24Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!