Hexmen Analiza

IOB - Indicator of Behavior (1000)

Oś czasu

Język

en996
zh4

Kraj

us996
cn4

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

SourceCodester Alphaware Simple E-Commerce System4
TRENDnet TEW-652BRP2
TRENDnet TEW-811DRU2
Netgear WNDR3700v22
Ubiquiti EdgeRouter X2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1TRENDnet TEW-652BRP Web Interface ping.ccp privilege escalation8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.01049CVE-2023-0640
2TRENDNet TEW-811DRU httpd guestnetwork.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00060CVE-2023-0617
3Netgear WNDR3700v2 Web Interface denial of service4.34.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.050.00135CVE-2023-0850
4TRENDnet TEW-811DRU httpd security.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00137CVE-2023-0613
5TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00097CVE-2023-0618
6TRENDnet TEW-652BRP Web Management Interface get_set.ccp privilege escalation8.88.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00076CVE-2023-0611
7TP-Link Archer C50 Web Management Interface denial of service6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00074CVE-2023-0936
8TRENDnet TEW-811DRU Web Management Interface wan.asp memory corruption6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00133CVE-2023-0637
9SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00152CVE-2023-1504
10Ubiquiti EdgeRouter X OSPF privilege escalation [Sporny]8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00651CVE-2023-1458
11SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00152CVE-2023-1503
12SourceCodester E-Commerce System setDiscount.php sql injection6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00152CVE-2023-1505
13SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00152CVE-2023-1502
14SourceCodester E-Commerce System cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00052CVE-2023-1569
15Apache HTTP Server mod_reqtimeout denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01696CVE-2007-6750
16Oracle Database Server Core RDBMS Privilege Escalation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00113CVE-2011-2253

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
158.218.200.2Hexmen2022-02-13verifiedWysoki
2103.42.180.113Hexmen2022-02-13verifiedWysoki
3103.230.108.85Hexmen2022-02-13verifiedWysoki
4114.115.209.191ecs-114-115-209-191.compute.hwclouds-dns.comHexmen2022-02-13verifiedWysoki
5119.28.133.78Hexmen2022-02-13verifiedWysoki
6119.249.54.119Hexmen2022-02-13verifiedWysoki
7121.18.238.80hebei.18.121.in-addr.arpaHexmen2022-02-13verifiedWysoki
8XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022-02-13verifiedWysoki
9XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022-02-13verifiedWysoki
10XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022-02-13verifiedWysoki
11XXX.XXX.XX.XXXxxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022-02-13verifiedWysoki
12XXX.XXX.XX.XXxxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022-02-13verifiedWysoki
13XXX.XXX.XX.XXxxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxx2022-02-13verifiedWysoki
14XXX.XX.XX.XXXXxxxxx2022-02-13verifiedWysoki
15XXX.XXX.XXX.XXXxxxxx2022-02-13verifiedWysoki
16XXX.XX.XXX.XXXXxxxxx2022-02-13verifiedWysoki
17XXX.XX.XXX.XXXxxxxx2022-02-13verifiedWysoki
18XXX.XX.XX.XXXXxxxxx2022-02-13verifiedWysoki
19XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
20XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
21XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
22XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
23XXX.XXX.X.XXXxxxxx2022-02-13verifiedWysoki
24XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
25XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
26XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
27XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
28XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
29XXX.XXX.XX.XXXXxxxxx2022-02-13verifiedWysoki
30XXX.XXX.XXX.XXXxxxxx2022-02-13verifiedWysoki
31XXX.XXX.XXX.XXXxxxxx2022-02-13verifiedWysoki
32XXX.XXX.XXX.XXXXxxxxx2022-02-13verifiedWysoki

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1059.007CWE-79Cross Site ScriptingpredictiveWysoki
2TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/ecommerce/admin/settings/setDiscount.phppredictiveWysoki
2File/wireless/guestnetwork.asppredictiveWysoki
3File/wireless/security.asppredictiveWysoki
4Filexxxxx/xxxxx_xxxxx.xxxpredictiveWysoki
5Filexxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveWysoki
6Filexxx_xx.xxxpredictiveMedium
7Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictiveWysoki
8Filexxx_xxx.xxxpredictiveMedium
9Filexxxx.xxxpredictiveMedium
10Filexxx.xxxpredictiveNiski
11ArgumentxxxxpredictiveNiski
12Argumentxxxxxx_xxx_xxpredictiveWysoki
13Argumentxxxxx/xxxxxxxxpredictiveWysoki
14Argumentxxxxxxxxx/xx/xxxxxxxxpredictiveWysoki
15ArgumentxxpredictiveNiski
16Argumentxxxxxxxx/xxxxxxxxpredictiveWysoki
17Argumentx_xxxxpredictiveNiski
18Input Valuexxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)predictiveWysoki
19Input Value<xxxxxx>xxxxx('x')</xxxxxx>predictiveWysoki
20Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveWysoki
21Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveWysoki
22Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!