KeyBoy Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Lang

en	998
zh	2

Land

us	998
hk	2

Skådespelare

KeyBoy	1
Zegost	1

Intressera

Typ

Not Defined	10
E-Commerce Management Software	6
Content Management System	2

Säljare

SourceCodester	6
TRENDnet	6
Orchard	2
TP-Link	2
Not Defined	2

Produkt

SourceCodester E-Commerce System	4
TRENDnet TEW-652BRP	4
SourceCodester Alphaware Simple E-Commerce System	2
Orchard CMS	2
TP-Link Archer C50	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	CTI	EPSS	CVE
1	TRENDnet TEW-652BRP Web Management Interface get_set.ccp privilegier eskalering	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00076	CVE-2023-0611
2	TRENDNet TEW-811DRU httpd guestnetwork.asp minneskorruption	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.10	0.00060	CVE-2023-0617
3	TRENDnet TEW-652BRP Web Service cfg_op.ccp minneskorruption	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00097	CVE-2023-0618
4	TRENDnet TEW-652BRP Web Interface ping.ccp privilegier eskalering	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.07	0.01049	CVE-2023-0640
5	TRENDnet TEW-811DRU Web Management Interface wan.asp minneskorruption	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00133	CVE-2023-0637
6	TRENDnet TEW-811DRU httpd security.asp minneskorruption	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00137	CVE-2023-0613
7	Netgear WNDR3700v2 Web Interface förnekande av tjänsten	4.3	4.2	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00135	CVE-2023-0850
8	TP-Link Archer C50 Web Management Interface förnekande av tjänsten	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00074	CVE-2023-0936
9	SourceCodester E-Commerce System cross site scripting	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00052	CVE-2023-1569
10	SourceCodester Alphaware Simple E-Commerce System sql injektion	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00152	CVE-2023-1504
11	Ubiquiti EdgeRouter X OSPF privilegier eskalering [Omstridd]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00651	CVE-2023-1458
12	SourceCodester E-Commerce System setDiscount.php sql injektion	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00152	CVE-2023-1505
13	SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injektion	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00152	CVE-2023-1502
14	SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injektion	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00152	CVE-2023-1503
15	Orchard CMS HTML Modal Dialog cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00051	CVE-2022-32173
16	PHPEMS Session Data session.cls.php privilegier eskalering	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00542	CVE-2023-6654
17	Tenda G1/G3 formSetDMZ privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00152	CVE-2022-24167

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	45.125.12.147	spk.cloudie.hk	KeyBoy	27/03/2022	verified	Hög
2	XXX.XX.XXX.XXX		Xxxxxx	27/03/2022	verified	Hög
3	XXX.XXX.XXX.XXX		Xxxxxx	27/03/2022	verified	Hög
4	XXX.XXX.XXX.XX		Xxxxxx	27/03/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1059.007	CWE-79	Cross Site Scripting	predictive	Hög
2	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/ecommerce/admin/settings/setDiscount.php	predictive	Hög
2	File	/wireless/guestnetwork.asp	predictive	Hög
3	File	/wireless/security.asp	predictive	Hög
4	File	xxxxx/xxxxx_xxxxx.xxx	predictive	Hög
5	File	xxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	Hög
6	File	xxx_xx.xxx	predictive	Medium
7	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	Hög
8	File	xxx_xxx.xxx	predictive	Medium
9	File	xxxx.xxx	predictive	Medium
10	File	xxx.xxx	predictive	Låg
11	Library	xxx/xxxxxxx.xxx.xxx	predictive	Hög
12	Argument	xxxx	predictive	Låg
13	Argument	xxxxxx_xxx_xx	predictive	Hög
14	Argument	xxxxxxxx	predictive	Medium
15	Argument	xxxxx/xxxxxxxx	predictive	Hög
16	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	Hög
17	Argument	xx	predictive	Låg
18	Argument	xxxxxxxx/xxxxxxxx	predictive	Hög
19	Argument	x_xxxx	predictive	Låg
20	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	Hög
21	Input Value	<xxxxxx>xxxxx('x')</xxxxxx>	predictive	Hög
22	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	Hög
23	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	Hög
24	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!