HenBox Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn20
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HenBox1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Operating System4
Groupware Software4
Smartphone Operating System4
Not Defined2
Application Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Google4
Linux2
Claymore2
Apache2
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
Linux Kernel2
Claymore Dual GPU Miner2
Apache Tomcat2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Drupal Database API sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005560.04CVE-2015-6659
2Tenda AC9/AC10 doSystemCmd os command injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003130.03CVE-2018-16334
3Google Android Kernel binder.c binder_release_work use after free7.87.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000420.00CVE-2020-0423
4Microsoft Outlook memory corruption7.77.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.157060.03CVE-2020-16947
5Microsoft Windows Hyper-V memory corruption7.36.6$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.002170.00CVE-2020-1047
6QEMU ATI VGA Device ati_2d.c ati_2d_blt denial of service4.54.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-24352
7Google Android Bluetooth Server gatt_cl.cc gatt_process_read_by_type_rsp out-of-bounds6.46.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000880.00CVE-2020-0377
8Apache Tomcat UTF-8 Decoder resource consumption6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.018300.03CVE-2018-1336
9Apache Tomcat VirtualDirContext Source information disclosure6.46.3$5k-$25k$0-$5kHighOfficial Fix0.925850.04CVE-2017-12616
10Genivia gSOAP XML Document soap_get integer overflow6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.225760.03CVE-2017-9765
11Francisco Burzi PHP-Nuke Downloads Module viewsdownload sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001870.00CVE-2005-0996
12Claymore Dual GPU Miner Remote Management Interface memory corruption8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.100100.00CVE-2017-16930
13Apple iOS HomeKit state issue7.47.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004360.00CVE-2017-13903
14Intel CPU information disclosure6.16.1$5k-$25k$0-$5kNot DefinedNot Defined0.003150.00CVE-2017-5925
15Telligent Systems Zimbra path traversal5.35.3$0-$5k$0-$5kHighNot Defined0.973370.01CVE-2013-7091
16Synacor Zimbra Collaboration cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001250.02CVE-2016-5721
17RoundCube Webmail Password Plugin access control7.56.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003380.00CVE-2017-8114
18Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.06
19Google Android Qualcomm GPU Driver access control7.87.8$25k-$100k$25k-$100kNot DefinedNot Defined0.001670.00CVE-2016-8479
20Linux Kernel IPv4 UDP Socket datagram.c ip4_datagram_release_cb use after free6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2014-9914

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
147.90.81.23HenBox03/16/2018verifiedHigh
2XX.XXX.XXX.XXXXxxxxx03/16/2018verifiedHigh
3XX.XXX.XX.XXXxxxxx03/16/2018verifiedHigh
4XXX.XXX.XXX.XXXxxxxx03/16/2018verifiedHigh
5XXX.XXX.XX.XXXxxxxx03/16/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebinder.cpredictiveMedium
2Filegatt_cl.ccpredictiveMedium
3Filexx/xxxxxxx/xxx_xx.xpredictiveHigh
4Filexxx/xxxx/xxxxxxxx.xpredictiveHigh
5ArgumentxxxpredictiveLow
6ArgumentxxxpredictiveLow
7ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!