Hermit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en46
ru14
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru32
us20
it8
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Hermit3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Web Server6
Firewall Software4
Learning Management Software4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Microsoft6
Untangle4
Adobe4
Nagios2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moodle4
Microsoft Windows4
Untangle NG Firewall2
nginx2
Nagios XI2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
11C:Enterprise URL Parameter information disclosure5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001680.06CVE-2021-3131
2Untangle NG Firewall injection6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.001770.04CVE-2019-18647
3Moodle User Profile Field cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001120.04CVE-2022-45151
4RouterOS DNS Cache Poisoning missing authentication6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.006900.00CVE-2019-3978
5Microsoft Windows Remote Desktop Service BlueKeep input validation9.89.7$25k-$100k$0-$5kHighOfficial Fix0.975090.00CVE-2019-0708
6Nagios XI update_banner_message sql injection7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000890.04CVE-2023-40933
7CMS Made Simple Login Cache information disclosure9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001850.04CVE-2017-17734
8Mail Masta Plugin campaign_save.php sql injection6.76.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.003160.03CVE-2017-6098
9WordPress Access Restriction user-new.php access control7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.03CVE-2017-17091
10HTTP/2 Header resource consumption6.86.7$5k-$25k$0-$5kNot DefinedWorkaround0.006630.02CVE-2019-9516
11Agent Tesla Builder Web Panel sql injection6.35.6$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
12ThinkPHP Language Pack pearcmd.php file inclusion8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.041530.05CVE-2022-47945
13Moodle sql injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001200.00CVE-2012-2363
14Hisilicon HI3510 RTSP Stream/Web Portal access control6.46.3$0-$5k$0-$5kNot DefinedWorkaround0.001680.00CVE-2019-10711
15Dag.wieers dstat Local Privilege Escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2009-4081
16phpListPro addsite.php privileges management5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.079180.00CVE-2006-1749
17Microsoft Windows Mark of the Web unknown vulnerability5.45.1$25k-$100k$5k-$25kHighOfficial Fix0.003430.00CVE-2022-41091
18Moodle Administration Page sql injection7.27.2$5k-$25k$5k-$25kNot DefinedNot Defined0.001570.00CVE-2022-40315
19PHP mysqli_real_escape_string integer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.04CVE-2017-9120

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.228.150.862-228-150-86.ip192.fastwebnet.itHermit07/30/2022verifiedHigh
22.229.68.1822-229-68-182.ip195.fastwebnet.itHermit07/30/2022verifiedHigh
3XX.XXX.XX.XXXXxxxxx07/30/2022verifiedHigh
4XX.XXX.XX.XXXxxxxx08/04/2022verifiedHigh
5XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxx.xxxxxxxxxx.xxXxxxxx07/30/2022verifiedHigh
6XX.XX.XX.XXxx-xx-xx-xx.xxxxx.xxxxxxxxxx.xxXxxxxx08/04/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-55CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/template.phppredictiveHigh
2File/inc/campaign_save.phppredictiveHigh
3File/src/helper.cpredictiveHigh
4File/xxxxxxx/predictiveMedium
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxx/xxxxxxxx.xpredictiveHigh
9Filexxx_xxxxxxxx.xpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11Filexxx/xxxxxxx.xxxpredictiveHigh
12Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
13ArgumentxxpredictiveLow
14ArgumentxxpredictiveLow
15ArgumentxxxxpredictiveLow
16Argumentxxxx_xxpredictiveLow
17Argumentxxxxx_xxxxpredictiveMedium
18ArgumentxxxxxxxxpredictiveMedium
19ArgumentxxxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveLow
21ArgumentxxxxxpredictiveLow
22ArgumentxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!