Hidden Bee Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (32)

Idioma

en	14
zh	12
sv	6

País

cn	16
us	10
io	6

Actores

Hidden Bee	3

Interesse

Tipo

Not Defined	12
Multimedia Processing Software	4
WordPress Plugin	2
Cloud Software	2
Application Server Software	2

Fabricante

Not Defined	12
Pivotal	2
Microsoft	2
DZCP	2
Apache	2

Produto

FFmpeg	4
User Profile	2
Membership Plugin	2
Metabase	2
Pivotal Spring Framework	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Simple Machines Forum querystring.php Fraca autenticação	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.01081	0.00	CVE-2006-7013
2	User Profile / Membership Plugin Roteiro Cruzado de Sítios	4.1	4.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.00	CVE-2018-10234
3	Apache Tomcat JsonErrorReportValve direitos alargados	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00475	0.04	CVE-2022-45143
4	Microsoft Exchange Server Privilege Escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01502	0.03	CVE-2022-23277
5	Microsoft Office Word Remote Code Execution	7.3	6.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00150	0.00	CVE-2022-41031
6	ThinkPHP Adapter.php direitos alargados	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00389	0.04	CVE-2021-36564
7	Microsoft Azure Pack Rollup Roteiro Cruzado de Sítios	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2018-8652
8	Spring Framework STOMP direitos alargados	8.5	8.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.84814	0.00	CVE-2018-1270
9	Metabase Custom GeoJSON Map direitos alargados	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.95479	0.00	CVE-2021-41277
10	XmlMapper in the Data format Extension DTD XML External Entity	8.4	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00189	0.00	CVE-2016-7051
11	Pivotal Spring Framework ResourceServlet Directório Traversal	7.0	6.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00344	0.02	CVE-2016-9878
12	Spring Framework XML Document XML External Entity	7.0	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00181	0.00	CVE-2014-0225
13	Jenkins Subversion Plugin Subversion Key File Directório Traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00230	0.02	CVE-2021-21698
14	SuiteCRM Log File Name Setting direitos alargados	7.5	7.4	$0-$5k	$0-$5k	High	Official Fix	0.07327	0.00	CVE-2021-42840
15	Grafana AngularJS Rendering Roteiro Cruzado de Sítios	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96407	0.03	CVE-2021-41174
16	NVIDIA Windows GPU Display Driver Control Panel direitos alargados	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.05	CVE-2020-5957
17	Gigabyte App Center GPCIDrv/GDrv direitos alargados	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00405	0.00	CVE-2018-19322
18	typora File Roteiro Cruzado de Sítios	7.1	7.1	$0-$5k	Calculado	Not Defined	Official Fix	0.00461	0.00	CVE-2019-20374
19	Cisco AMP Threat Grid API Key Generation direitos alargados	4.3	4.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00094	0.00	CVE-2019-1657
20	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	67.198.208.110	graft9.firsttaskintheoffice.com	Hidden Bee	27/07/2018	verified	Alto
2	XXX.XX.XX.XXX		Xxxxxx Xxx	27/07/2018	verified	Alto
3	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxx.x.xxxx.xxxxxx.xxxxx.xx	Xxxxxx Xxx	27/07/2018	verified	Alto
4	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxx	27/07/2018	verified	Alto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-0	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	inc/config.php	predictive	Alto
2	File	libavcodec/cdxl.c	predictive	Alto
3	File	xxxxxxxxxxx.xxx	predictive	Alto
4	File	xxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxx.xxx	predictive	Alto
5	File	xx-xxxxx/xxxxx.xxx?xxxx=xx_xxxxxxx/xxxxxxx=xxxxxxx	predictive	Alto
6	Argument	xxxxxxxx	predictive	Médio
7	Argument	xxxxxx_xxxx_xxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!