Hermit Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Tidslinje

Lang

en46
ru14
it4

Land

ru32
us18
it8
cn6

Skådespelare

Hermit4

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined10
Web Server4
Content Management System4
Firewall Software4
Mailing List Software4

Säljare

Not Defined28
Microsoft4
Untangle4
Apache2
Thomas R. Pasawicz2

Produkt

PHP4
Apache HTTP Server2
Microsoft IIS2
CMS Made Simple2
CentOS Web Panel2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
11C:Enterprise URL Parameter informationsgivning5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001680.06CVE-2021-3131
2Untangle NG Firewall privilegier eskalering6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.001770.04CVE-2019-18647
3Moodle User Profile Field cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001120.04CVE-2022-45151
4RouterOS DNS Cache Poisoning svag autentisering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.006900.00CVE-2019-3978
5Microsoft Windows Remote Desktop Service BlueKeep privilegier eskalering9.89.7$25k-$100k$0-$5kHighOfficial Fix0.975290.00CVE-2019-0708
6Nagios XI update_banner_message sql injektion7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000890.04CVE-2023-40933
7CMS Made Simple Login Cache informationsgivning9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001790.04CVE-2017-17734
8Mail Masta Plugin campaign_save.php sql injektion6.76.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.003160.03CVE-2017-6098
9WordPress Access Restriction user-new.php privilegier eskalering7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
10HTTP/2 Header förnekande av tjänsten6.86.7$5k-$25k$0-$5kNot DefinedWorkaround0.006630.02CVE-2019-9516
11Agent Tesla Builder Web Panel sql injektion6.35.6$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
12ThinkPHP Language Pack pearcmd.php privilegier eskalering8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.041530.04CVE-2022-47945
13Moodle sql injektion6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001200.02CVE-2012-2363
14Hisilicon HI3510 RTSP Stream/Web Portal privilegier eskalering6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.001680.00CVE-2019-10711
15Dag.wieers dstat Local Privilege Escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2009-4081
16phpListPro addsite.php privilegier eskalering5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.079180.00CVE-2006-1749
17Microsoft Windows Mark of the Web okänd sårbarhet5.44.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.003430.00CVE-2022-41091
18Moodle Administration Page sql injektion7.27.2$5k-$25k$5k-$25kNot DefinedNot Defined0.001570.00CVE-2022-40315
19PHP mysqli_real_escape_string minneskorruption8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.04CVE-2017-9120

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
12.228.150.862-228-150-86.ip192.fastwebnet.itHermit30/07/2022verifiedHög
22.229.68.1822-229-68-182.ip195.fastwebnet.itHermit30/07/2022verifiedHög
3XX.XXX.XX.XXXXxxxxx30/07/2022verifiedHög
4XX.XXX.XX.XXXxxxxx04/08/2022verifiedHög
5XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxx.xxxxxxxxxx.xxXxxxxx30/07/2022verifiedHög
6XX.XX.XX.XXxx-xx-xx-xx.xxxxx.xxxxxxxxxx.xxXxxxxx04/08/2022verifiedHög

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-73, CWE-119, CWE-122, CWE-189, CWE-190, CWE-287, CWE-306, CWE-399, CWE-400, CWE-401, CWE-404, CWE-416, CWE-444, CWE-787Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
4TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
10TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
11TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
12TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/template.phppredictiveHög
2File/inc/campaign_save.phppredictiveHög
3File/src/helper.cpredictiveHög
4File/xxxxxxx/predictiveMedium
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHög
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
8Filexxxxxx/xxxxxxxx.xpredictiveHög
9Filexxx_xxxxxxxx.xpredictiveHög
10Filexxxxxxx.xxxpredictiveMedium
11Filexxx/xxxxxxx.xxxpredictiveHög
12Filexx-xxxxx/xxxx-xxx.xxxpredictiveHög
13ArgumentxxpredictiveLåg
14ArgumentxxpredictiveLåg
15ArgumentxxxxpredictiveLåg
16Argumentxxxx_xxpredictiveLåg
17Argumentxxxxx_xxxxpredictiveMedium
18ArgumentxxxxxxxxpredictiveMedium
19ArgumentxxxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveLåg
21ArgumentxxxxxpredictiveLåg
22ArgumentxxxpredictiveLåg

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!