Hermit Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Язык

en	48
ru	14
it	2

Страна

ru	34
us	24
it	4
cn	2

Акторы

Hermit	4

Интерес

Тип

Not Defined	14
Web Server	4
Operating System	4
Virtualization Software	2
WordPress Plugin	2

Поставщик

Not Defined	22
Microsoft	6
Apache	4
Adobe	4
VMware	2

Продукт

Microsoft Windows	4
VMware ESXi	2
VMware Workstation	2
VMware Fusion	2
Mail Masta Plugin	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	1C:Enterprise URL Parameter раскрытие информации	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00168	0.06	CVE-2021-3131
2	Untangle NG Firewall эскалация привилегий	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00177	0.04	CVE-2019-18647
3	Moodle User Profile Field межсайтовый скриптинг	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00112	0.04	CVE-2022-45151
4	RouterOS DNS Cache Poisoning слабая аутентификация	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00690	0.00	CVE-2019-3978
5	Microsoft Windows Remote Desktop Service BlueKeep эскалация привилегий	9.8	9.7	$25k-$100k	$0-$5k	High	Official Fix	0.97529	0.00	CVE-2019-0708
6	Nagios XI update_banner_message sql-инъекция	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00089	0.04	CVE-2023-40933
7	CMS Made Simple Login Cache раскрытие информации	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00179	0.04	CVE-2017-17734
8	Mail Masta Plugin campaign_save.php sql-инъекция	6.7	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00316	0.03	CVE-2017-6098
9	WordPress Access Restriction user-new.php эскалация привилегий	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00372	0.03	CVE-2017-17091
10	HTTP/2 Header отказ в обслуживании	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00663	0.02	CVE-2019-9516
11	Agent Tesla Builder Web Panel sql-инъекция	6.3	5.6	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
12	ThinkPHP Language Pack pearcmd.php эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04153	0.04	CVE-2022-47945
13	Moodle sql-инъекция	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00120	0.02	CVE-2012-2363
14	Hisilicon HI3510 RTSP Stream/Web Portal эскалация привилегий	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00168	0.00	CVE-2019-10711
15	Dag.wieers dstat Local Privilege Escalation	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2009-4081
16	phpListPro addsite.php эскалация привилегий	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.07918	0.00	CVE-2006-1749
17	Microsoft Windows Mark of the Web неизвестная уязвимость	5.4	4.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00313	0.00	CVE-2022-41091
18	Moodle Administration Page sql-инъекция	7.2	7.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00151	0.00	CVE-2022-40315
19	PHP mysqli_real_escape_string повреждение памяти	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00932	0.04	CVE-2017-9120

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	2.228.150.86	2-228-150-86.ip192.fastwebnet.it	Hermit	30.07.2022	verified	Высокий
2	2.229.68.182	2-229-68-182.ip195.fastwebnet.it	Hermit	30.07.2022	verified	Высокий
3	XX.XXX.XX.XXX		Xxxxxx	30.07.2022	verified	Высокий
4	XX.XXX.XX.XX		Xxxxxx	04.08.2022	verified	Высокий
5	XX.XX.XXX.XXX	xx-xx-xxx-xxx.xxxx.xxxxxxxxxx.xx	Xxxxxx	30.07.2022	verified	Высокий
6	XX.XX.XX.XX	xx-xx-xx-xx.xxxxx.xxxxxxxxxx.xx	Xxxxxx	04.08.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CWE-94	Argument Injection	predictive	Высокий
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
11	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/admin/template.php	predictive	Высокий
2	File	/inc/campaign_save.php	predictive	Высокий
3	File	/src/helper.c	predictive	Высокий
4	File	/xxxxxxx/	predictive	Средний
5	File	xxxxxxx.xxx	predictive	Средний
6	File	xxxx_xxxx_xxxxxxxx.xxx	predictive	Высокий
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
8	File	xxxxxx/xxxxxxxx.x	predictive	Высокий
9	File	xxx_xxxxxxxx.x	predictive	Высокий
10	File	xxxxxxx.xxx	predictive	Средний
11	File	xxx/xxxxxxx.xxx	predictive	Высокий
12	File	xx-xxxxx/xxxx-xxx.xxx	predictive	Высокий
13	Argument	xx	predictive	Низкий
14	Argument	xx	predictive	Низкий
15	Argument	xxxx	predictive	Низкий
16	Argument	xxxx_xx	predictive	Низкий
17	Argument	xxxxx_xxxx	predictive	Средний
18	Argument	xxxxxxxx	predictive	Средний
19	Argument	xxxxxxxxxx	predictive	Средний
20	Argument	xxxxx	predictive	Низкий
21	Argument	xxxxx	predictive	Низкий
22	Argument	xxx	predictive	Низкий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!