KeyBoy 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

语言

en	998
zh	2

国家/地区

us	998
hk	2

演员

KeyBoy	1
Zegost	1

利益

类型

Not Defined	8
E-Commerce Management Software	6
Content Management System	4
Router Operating System	2

供应商

SourceCodester	6
TRENDnet	4
Not Defined	4
Ubiquiti	2
TRENDNet	2

产品

SourceCodester Alphaware Simple E-Commerce System	4
TRENDnet TEW-652BRP	2
PHPEMS	2
WordPress	2
SourceCodester E-Commerce System	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	TRENDnet TEW-652BRP Web Management Interface get_set.ccp 权限升级	8.8	8.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.04	CVE-2023-0611
2	TRENDNet TEW-811DRU httpd guestnetwork.asp 内存损坏	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00060	0.05	CVE-2023-0617
3	TRENDnet TEW-652BRP Web Service cfg_op.ccp 内存损坏	7.5	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.07	CVE-2023-0618
4	TRENDnet TEW-652BRP Web Interface ping.ccp 权限升级	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.05	CVE-2023-0640
5	TRENDnet TEW-811DRU Web Management Interface wan.asp 内存损坏	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00133	0.03	CVE-2023-0637
6	TRENDnet TEW-811DRU httpd security.asp 内存损坏	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.07	CVE-2023-0613
7	Netgear WNDR3700v2 Web Interface 拒绝服务	4.3	4.2	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00135	0.05	CVE-2023-0850
8	TP-Link Archer C50 Web Management Interface 拒绝服务	6.5	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00074	0.02	CVE-2023-0936
9	SourceCodester E-Commerce System 跨网站脚本	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.06	CVE-2023-1569
10	SourceCodester Alphaware Simple E-Commerce System SQL注入	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.07	CVE-2023-1504
11	Ubiquiti EdgeRouter X OSPF 权限升级 [有争议]	8.1	7.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00934	0.05	CVE-2023-1458
12	SourceCodester E-Commerce System setDiscount.php SQL注入	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.02	CVE-2023-1505
13	SourceCodester Alphaware Simple E-Commerce System edit_customer.php SQL注入	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.04	CVE-2023-1502
14	SourceCodester Alphaware Simple E-Commerce System admin_index.php SQL注入	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.03	CVE-2023-1503
15	PbootCMS 跨网站脚本	3.6	3.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00052	0.07	CVE-2024-1018
16	WordPress SQL注入	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.00	CVE-2022-21664
17	Orchard CMS HTML Modal Dialog 跨网站脚本	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00051	0.02	CVE-2022-32173
18	PHPEMS Session Data session.cls.php 权限升级	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00542	0.18	CVE-2023-6654
19	Tenda G1/G3 formSetDMZ 权限升级	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00152	0.04	CVE-2022-24167

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	45.125.12.147	spk.cloudie.hk	KeyBoy	2022-03-27	verified	高
2	XXX.XX.XXX.XXX		Xxxxxx	2022-03-27	verified	高
3	XXX.XXX.XXX.XXX		Xxxxxx	2022-03-27	verified	高
4	XXX.XXX.XXX.XX		Xxxxxx	2022-03-27	verified	高

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1059.007	CWE-79	Cross Site Scripting	predictive	高
2	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/admin.php?p=/Area/index#tab=t2	predictive	高
2	File	/ecommerce/admin/settings/setDiscount.php	predictive	高
3	File	/wireless/guestnetwork.asp	predictive	高
4	File	/wireless/security.asp	predictive	高
5	File	xxxxx/xxxxx_xxxxx.xxx	predictive	高
6	File	xxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxx	predictive	高
7	File	xxx_xx.xxx	predictive	中
8	File	xxxxxxxx/xxxx_xxxxxxxx.xxx	predictive	高
9	File	xxx_xxx.xxx	predictive	中
10	File	xxxx.xxx	predictive	中
11	File	xxx.xxx	predictive	低
12	Library	xxx/xxxxxxx.xxx.xxx	predictive	高
13	Argument	xxxx	predictive	低
14	Argument	xxxxxx_xxx_xx	predictive	高
15	Argument	xxxxxxxx	predictive	中
16	Argument	xxxxx/xxxxxxxx	predictive	高
17	Argument	xxxxxxxxx/xx/xxxxxxxx	predictive	高
18	Argument	xx	predictive	低
19	Argument	xxxx	predictive	低
20	Argument	xxxxxxxx/xxxxxxxx	predictive	高
21	Argument	x_xxxx	predictive	低
22	Input Value	xxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)	predictive	高
23	Input Value	<xxxxxx>xxxxx('x')</xxxxxx>	predictive	高
24	Input Value	x' xxxxx xxxxx(x) xxx 'xxxx'='xxxx	predictive	高
25	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	高
26	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!