Hexmen Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Язык

en	1000

Страна

us	1000

Акторы

Hexmen	1

Интерес

Тип

Not Defined	6
E-Commerce Management Software	6
Web Server	2
Digital Media Player	2
Router Operating System	2

Поставщик

SourceCodester	6
TRENDnet	4
TP-Link	2
Apache	2
Apple	2

Продукт

TRENDnet TEW-652BRP	4
SourceCodester Alphaware Simple E-Commerce System	4
TP-Link Archer C50	2
Apache HTTP Server	2
Apple tvOS	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	TRENDnet TEW-652BRP Web Interface ping.ccp эскалация привилегий	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.09	CVE-2023-0640
2	TRENDNet TEW-811DRU httpd guestnetwork.asp повреждение памяти	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00060	0.17	CVE-2023-0617
3	Netgear WNDR3700v2 Web Interface отказ в обслуживании	4.3	4.2	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00135	0.07	CVE-2023-0850
4	TRENDnet TEW-811DRU httpd security.asp повреждение памяти	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.04	CVE-2023-0613
5	TRENDnet TEW-652BRP Web Service cfg_op.ccp повреждение памяти	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.13	CVE-2023-0618
6	TRENDnet TEW-652BRP Web Management Interface get_set.ccp эскалация привилегий	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.22	CVE-2023-0611
7	TP-Link Archer C50 Web Management Interface отказ в обслуживании	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00074	0.04	CVE-2023-0936
8	TRENDnet TEW-811DRU Web Management Interface wan.asp повреждение памяти	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00133	0.04	CVE-2023-0637
9	SourceCodester Alphaware Simple E-Commerce System sql-инъекция	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.13	CVE-2023-1504
10	Ubiquiti EdgeRouter X OSPF эскалация привилегий [Спорный]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00934	0.30	CVE-2023-1458
11	SourceCodester Alphaware Simple E-Commerce System admin_index.php sql-инъекция	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.17	CVE-2023-1503
12	SourceCodester E-Commerce System setDiscount.php sql-инъекция	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.22	CVE-2023-1505
13	SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql-инъекция	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.09	CVE-2023-1502
14	SourceCodester E-Commerce System межсайтовый скриптинг	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.17	CVE-2023-1569
15	Apache HTTP Server mod_reqtimeout отказ в обслуживании	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01696	0.05	CVE-2007-6750
16	Apple tvOS WebKit повреждение памяти	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01416	0.00	CVE-2019-8673
17	Apple tvOS WebKit повреждение памяти	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96068	0.02	CVE-2019-8672
18	Oracle Database Server Core RDBMS Privilege Escalation	7.5	7.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00113	0.04	CVE-2011-2253

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	58.218.200.2		Hexmen	13.02.2022	verified	Высокий
2	103.42.180.113		Hexmen	13.02.2022	verified	Высокий
3	103.230.108.85		Hexmen	13.02.2022	verified	Высокий
4	114.115.209.191	ecs-114-115-209-191.compute.hwclouds-dns.com	Hexmen	13.02.2022	verified	Высокий
5	119.28.133.78		Hexmen	13.02.2022	verified	Высокий
6	119.249.54.119		Hexmen	13.02.2022	verified	Высокий
7	121.18.238.80	hebei.18.121.in-addr.arpa	Hexmen	13.02.2022	verified	Высокий
8	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13.02.2022	verified	Высокий
9	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13.02.2022	verified	Высокий
10	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13.02.2022	verified	Высокий
11	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13.02.2022	verified	Высокий
12	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13.02.2022	verified	Высокий
13	XXX.XXX.XX.XX	xxx-xxx-xxx-xx-xx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxx	13.02.2022	verified	Высокий
14	XXX.XX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
15	XXX.XXX.XXX.XX		Xxxxxx	13.02.2022	verified	Высокий
16	XXX.XX.XXX.XXX		Xxxxxx	13.02.2022	verified	Высокий
17	XXX.XX.XXX.XX		Xxxxxx	13.02.2022	verified	Высокий
18	XXX.XX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
19	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
20	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
21	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
22	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
23	XXX.XXX.X.XX		Xxxxxx	13.02.2022	verified	Высокий
24	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
25	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
26	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
27	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
28	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
29	XXX.XXX.XX.XXX		Xxxxxx	13.02.2022	verified	Высокий
30	XXX.XXX.XXX.XX		Xxxxxx	13.02.2022	verified	Высокий
31	XXX.XXX.XXX.XX		Xxxxxx	13.02.2022	verified	Высокий
32	XXX.XXX.XXX.XXX		Xxxxxx	13.02.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Высокий
2	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/ecommerce/admin/settings/setDiscount.php	predictive	Высокий
2	File	/wireless/guestnetwork.asp	predictive	Высокий
3	File	/wireless/security.asp	predictive	Высокий
4	File	xxxxx/xxxxx_xxxxx.xxx	predictive	Высокий
5	File	xxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	Высокий
6	File	xxx_xx.xxx	predictive	Средний
7	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	Высокий
8	File	xxx_xxx.xxx	predictive	Средний
9	File	xxxx.xxx	predictive	Средний
10	File	xxx.xxx	predictive	Низкий
11	Argument	xxxx	predictive	Низкий
12	Argument	xxxxxx_xxx_xx	predictive	Высокий
13	Argument	xxxxx/xxxxxxxx	predictive	Высокий
14	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	Высокий
15	Argument	xx	predictive	Низкий
16	Argument	xxxxxxxx/xxxxxxxx	predictive	Высокий
17	Argument	x_xxxx	predictive	Низкий
18	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	Высокий
19	Input Value	<xxxxxx>xxxxx('x')</xxxxxx>	predictive	Высокий
20	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	Высокий
21	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	Высокий
22	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	Высокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!