Hexmen Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Idioma

en	996
zh	4

País

us	996
cn	4

Actores

Hexmen	2

Interesse

Tipo

E-Commerce Management Software	6
Digital Media Player	4
Not Defined	4
Router Operating System	2
Web Server	2

Fabricante

SourceCodester	6
Apple	4
Ubiquiti	2
TRENDnet	2
TRENDNet	2

Produto

Apple tvOS	4
SourceCodester Alphaware Simple E-Commerce System	4
Ubiquiti EdgeRouter X	2
TRENDnet TEW-811DRU	2
TRENDNet TEW-811DRU	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	TRENDnet TEW-652BRP Web Interface ping.ccp direitos alargados	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.07	CVE-2023-0640
2	TRENDNet TEW-811DRU httpd guestnetwork.asp Excesso de tampão	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00060	0.17	CVE-2023-0617
3	Netgear WNDR3700v2 Web Interface Negação de Serviço	4.3	4.2	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00135	0.07	CVE-2023-0850
4	TRENDnet TEW-811DRU httpd security.asp Excesso de tampão	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.04	CVE-2023-0613
5	TRENDnet TEW-652BRP Web Service cfg_op.ccp Excesso de tampão	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.13	CVE-2023-0618
6	TRENDnet TEW-652BRP Web Management Interface get_set.ccp direitos alargados	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.13	CVE-2023-0611
7	TP-Link Archer C50 Web Management Interface Negação de Serviço	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00074	0.04	CVE-2023-0936
8	TRENDnet TEW-811DRU Web Management Interface wan.asp Excesso de tampão	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00133	0.04	CVE-2023-0637
9	SourceCodester Alphaware Simple E-Commerce System Injecção SQL	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.07	CVE-2023-1504
10	Ubiquiti EdgeRouter X OSPF direitos alargados [Questionado]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00934	0.30	CVE-2023-1458
11	SourceCodester Alphaware Simple E-Commerce System admin_index.php Injecção SQL	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.22	CVE-2023-1503
12	SourceCodester E-Commerce System setDiscount.php Injecção SQL	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.22	CVE-2023-1505
13	SourceCodester Alphaware Simple E-Commerce System edit_customer.php Injecção SQL	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.09	CVE-2023-1502
14	SourceCodester E-Commerce System Roteiro Cruzado de Sítios	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.09	CVE-2023-1569
15	Apache HTTP Server mod_reqtimeout Negação de Serviço	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01696	0.05	CVE-2007-6750
16	Apple tvOS WebKit Excesso de tampão	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01416	0.00	CVE-2019-8673
17	Apple tvOS WebKit Excesso de tampão	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96068	0.02	CVE-2019-8672
18	Oracle Database Server Core RDBMS Privilege Escalation	7.5	7.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00113	0.04	CVE-2011-2253

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	58.218.200.2		Hexmen	13/02/2022	verified	Alto
2	103.42.180.113		Hexmen	13/02/2022	verified	Alto
3	103.230.108.85		Hexmen	13/02/2022	verified	Alto
4	114.115.209.191	ecs-114-115-209-191.compute.hwclouds-dns.com	Hexmen	13/02/2022	verified	Alto
5	119.28.133.78		Hexmen	13/02/2022	verified	Alto
6	119.249.54.119		Hexmen	13/02/2022	verified	Alto
7	121.18.238.80	hebei.18.121.in-addr.arpa	Hexmen	13/02/2022	verified	Alto
8	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
9	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
10	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
11	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
12	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
13	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13/02/2022	verified	Alto
14	XXX.XX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
15	XXX.XXX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
16	XXX.XX.XXX.XXX		Xxxxxx	13/02/2022	verified	Alto
17	XXX.XX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
18	XXX.XX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
19	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
20	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
21	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
22	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
23	XXX.XXX.X.XX		Xxxxxx	13/02/2022	verified	Alto
24	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
25	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
26	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
27	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
28	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
29	XXX.XXX.XX.XXX		Xxxxxx	13/02/2022	verified	Alto
30	XXX.XXX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
31	XXX.XXX.XXX.XX		Xxxxxx	13/02/2022	verified	Alto
32	XXX.XXX.XXX.XXX		Xxxxxx	13/02/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
2	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/ecommerce/admin/settings/setDiscount.php	predictive	Alto
2	File	/wireless/guestnetwork.asp	predictive	Alto
3	File	/wireless/security.asp	predictive	Alto
4	File	xxxxx/xxxxx_xxxxx.xxx	predictive	Alto
5	File	xxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	Alto
6	File	xxx_xx.xxx	predictive	Médio
7	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	Alto
8	File	xxx_xxx.xxx	predictive	Médio
9	File	xxxx.xxx	predictive	Médio
10	File	xxx.xxx	predictive	Baixo
11	Argument	xxxx	predictive	Baixo
12	Argument	xxxxxx_xxx_xx	predictive	Alto
13	Argument	xxxxx/xxxxxxxx	predictive	Alto
14	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	Alto
15	Argument	xx	predictive	Baixo
16	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
17	Argument	x_xxxx	predictive	Baixo
18	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	Alto
19	Input Value	<xxxxxx>xxxxx('x')</xxxxxx>	predictive	Alto
20	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	Alto
21	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	Alto
22	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!