KeyBoy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en994
zh6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us990
hk10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

KeyBoy1
Zegost1
Gh0stRAT1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

E-Commerce Management Software8
Not Defined8
Content Management System2
Cloud Software2
Wireless LAN Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

SourceCodester8
Not Defined4
OpenStack2
TRENDNet2
Netgear2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Alphaware Simple E-Commerce System4
SourceCodester E-Commerce System4
WordPress2
OpenStack Nova2
TRENDNet TEW-811DRU2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TRENDnet TEW-652BRP Web Management Interface get_set.ccp command injection8.88.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.04CVE-2023-0611
2TRENDNet TEW-811DRU httpd guestnetwork.asp buffer overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000600.04CVE-2023-0617
3TRENDnet TEW-652BRP Web Service cfg_op.ccp memory corruption7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000970.00CVE-2023-0618
4TRENDnet TEW-652BRP Web Interface ping.ccp command injection8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.04CVE-2023-0640
5TRENDnet TEW-811DRU Web Management Interface wan.asp memory corruption6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001330.03CVE-2023-0637
6TRENDnet TEW-811DRU httpd security.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.00CVE-2023-0613
7Netgear WNDR3700v2 Web Interface denial of service4.34.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.001350.00CVE-2023-0850
8TP-Link Archer C50 Web Management Interface denial of service6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000740.06CVE-2023-0936
9SourceCodester E-Commerce System cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.03CVE-2023-1569
10SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001710.00CVE-2023-1504
11Ubiquiti EdgeRouter X OSPF command injection [Disputed]8.17.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.04CVE-2023-1458
12SourceCodester E-Commerce System setDiscount.php sql injection6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001710.08CVE-2023-1505
13SourceCodester Alphaware Simple E-Commerce System edit_customer.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001710.04CVE-2023-1502
14SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001710.08CVE-2023-1503
15OpenStack Nova noVNC redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.925960.00CVE-2021-3654
16Google Android U-Boot Privilege Escalation7.67.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000830.04CVE-2023-48425
17Google Android memory corruption3.93.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.000000.00
18RaidenMAILD Mail Server path traversal4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000530.04CVE-2024-32399
19PbootCMS cross site scripting3.63.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.08CVE-2024-1018
20WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.125.12.147spk.cloudie.hkKeyBoy03/27/2022verifiedHigh
2XXX.XX.XXX.XXXXxxxxx03/27/2022verifiedHigh
3XXX.XXX.XXX.XXXXxxxxx03/27/2022verifiedHigh
4XXX.XXX.XXX.XXXxxxxx03/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/Area/index#tab=t2predictiveHigh
2File/ecommerce/admin/settings/setDiscount.phppredictiveHigh
3File/webeditor/predictiveMedium
4File/wireless/guestnetwork.asppredictiveHigh
5File/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
6Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
7Filexxxxx/xxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxpredictiveHigh
8Filexxx_xx.xxxpredictiveMedium
9Filexxxxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
10Filexxx_xxx.xxxpredictiveMedium
11Filexxxx.xxxpredictiveMedium
12Filexxx.xxxpredictiveLow
13Libraryxxx/xxxxxxx.xxx.xxxpredictiveHigh
14ArgumentxxxxpredictiveLow
15Argumentxxxxxx_xxx_xxpredictiveHigh
16ArgumentxxxxxxxxpredictiveMedium
17Argumentxxxxx/xxxxxxxxpredictiveHigh
18Argumentxxxxxxxxx/xx/xxxxxxxxpredictiveHigh
19ArgumentxxpredictiveLow
20ArgumentxxxxpredictiveLow
21Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
22Argumentx_xxxxpredictiveLow
23Input Valuexxxxxx xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)predictiveHigh
24Input Value<xxxxxx>xxxxx('x')</xxxxxx>predictiveHigh
25Input Valuex' xxxxx xxxxx(x) xxx 'xxxx'='xxxxpredictiveHigh
26Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
27Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!