Hexmen 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en996
zh4

国・地域

us998
cn2

アクター

Hexmen2

アクティビティ

関心

タイムライン

タイプ

Not Defined12
E-Commerce Management Software4
Database Software2

ベンダー

TRENDnet8
SourceCodester4
TRENDNet2
TP-Link2
Oracle2

製品

TRENDnet TEW-811DRU4
TRENDnet TEW-652BRP4
SourceCodester E-Commerce System2
TRENDNet TEW-811DRU2
TP-Link Archer C502

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1TRENDnet TEW-652BRP Web Interface ping.ccp 特権昇格8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.04CVE-2023-0640
2TRENDNet TEW-811DRU httpd guestnetwork.asp メモリ破損7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000600.00CVE-2023-0617
3Netgear WNDR3700v2 Web Interface サービス拒否4.34.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.001350.04CVE-2023-0850
4TRENDnet TEW-811DRU httpd security.asp メモリ破損7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.04CVE-2023-0613
5TRENDnet TEW-652BRP Web Service cfg_op.ccp メモリ破損7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000970.04CVE-2023-0618
6TRENDnet TEW-652BRP Web Management Interface get_set.ccp 特権昇格8.88.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.04CVE-2023-0611
7TP-Link Archer C50 Web Management Interface サービス拒否6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000740.04CVE-2023-0936
8TRENDnet TEW-811DRU Web Management Interface wan.asp メモリ破損6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001330.09CVE-2023-0637
9SourceCodester Alphaware Simple E-Commerce System SQLインジェクション7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.04CVE-2023-1504
10Ubiquiti EdgeRouter X OSPF 特権昇格 [係争状態]8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.009340.09CVE-2023-1458
11SourceCodester Alphaware Simple E-Commerce System admin_index.php SQLインジェクション7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.04CVE-2023-1503
12SourceCodester E-Commerce System setDiscount.php SQLインジェクション6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.00CVE-2023-1505
13SourceCodester Alphaware Simple E-Commerce System edit_customer.php SQLインジェクション7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.00CVE-2023-1502
14SourceCodester E-Commerce System クロスサイトスクリプティング4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.04CVE-2023-1569
15Apache HTTP Server mod_reqtimeout サービス拒否5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.04CVE-2007-6750
16Apple tvOS WebKit メモリ破損7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.014160.00CVE-2019-8673
17Apple tvOS WebKit メモリ破損7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.960680.02CVE-2019-8672
18Oracle Database Server Core RDBMS Privilege Escalation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001130.04CVE-2011-2253

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
158.218.200.2Hexmen2022年02月13日verified
2103.42.180.113Hexmen2022年02月13日verified
3103.230.108.85Hexmen2022年02月13日verified
4114.115.209.191ecs-114-115-209-191.compute.hwclouds-dns.comHexmen2022年02月13日verified
5119.28.133.78Hexmen2022年02月13日verified
6119.249.54.119Hexmen2022年02月13日verified
7121.18.238.80hebei.18.121.in-addr.arpaHexmen2022年02月13日verified
8XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022年02月13日verified
9XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022年02月13日verified
10XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022年02月13日verified
11XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022年02月13日verified
12XXX.XXX.XX.XXxxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022年02月13日verified
13XXX.XXX.XX.XXxxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022年02月13日verified
14XXX.XX.XX.XXXXxxxxx2022年02月13日verified
15XXX.XXX.XXX.XXXxxxxx2022年02月13日verified
16XXX.XX.XXX.XXXXxxxxx2022年02月13日verified
17XXX.XX.XXX.XXXxxxxx2022年02月13日verified
18XXX.XX.XX.XXXXxxxxx2022年02月13日verified
19XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
20XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
21XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
22XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
23XXX.XXX.X.XXXxxxxx2022年02月13日verified
24XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
25XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
26XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
27XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
28XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
29XXX.XXX.XX.XXXXxxxxx2022年02月13日verified
30XXX.XXX.XXX.XXXxxxxx2022年02月13日verified
31XXX.XXX.XXX.XXXxxxxx2022年02月13日verified
32XXX.XXX.XXX.XXXXxxxxx2022年02月13日verified

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1059.007CWE-79Cross Site Scriptingpredictive
2TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
3TXXXXCWE-XXXxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ecommerce/admin/settings/setDiscount.phppredictive
2File/wireless/guestnetwork.asppredictive
3File/wireless/security.asppredictive
4Filexxxxx/xxxxx_xxxxx.xxxpredictive
5Filexxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictive
6Filexxx_xx.xxxpredictive
7Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictive
8Filexxx_xxx.xxxpredictive
9Filexxxx.xxxpredictive
10Filexxx.xxxpredictive
11Argumentxxxxpredictive
12Argumentxxxxxx_xxx_xxpredictive
13Argumentxxxxx/xxxxxxxxpredictive
14Argumentxxxxxxxxx/xx/xxxxxxxxpredictive
15Argumentxxpredictive
16Argumentxxxxxxxx/xxxxxxxxpredictive
17Argumentx_xxxxpredictive
18Input Valuexxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)predictive
19Input Value<xxxxxx>xxxxx('x')</xxxxxx>predictive
20Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictive
21Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
22Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!