Handymanny Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
fr8
ru8
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us28
ru10
me10
pl6
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Moobot_fbot_handymanny2
Muhstik1
Bashlite1
STRRAT1
Hakai & Yowai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined28
Content Management System10
Operating System8
WordPress Plugin6
Web Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Linux4
SourceCodester4
Gordon Böhme and Antonio Leutsch2
SonicWALL2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
lighttpd4
Linux Kernel4
Gordon Böhme and Antonio Leutsch Structured Conte ...2
Webmin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Linux Kernel Netfilter nf_conntrack_irc.c nf_conntrack_irc communication channel to intended endpoints6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002070.03CVE-2022-2663
3systemd unit-name.c alloca allocation of resources6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-33910
4Citrix NetScaler ADC/NetScaler Gateway code injection9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.911860.03CVE-2023-3519
5HoYoVerse Genshin Impact Anti-Cheat Driver Function Call mhyprot2.sys Privilege Escalation7.77.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001590.00CVE-2020-36603
6Bitrix xscan Module bitrix.xscan_worker.php path traversal4.74.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.024230.00CVE-2015-8357
7SourceCodester Free and Open Source Inventory Management System edit_product.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.00CVE-2023-7155
8Totolink X2000R Gh formPasswordSetup stack-based overflow7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001010.04CVE-2023-51135
9Netmaker DNS hard-coded key6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.097180.00CVE-2023-32077
10code-projects Water Billing System addbill.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.07CVE-2023-7097
11Gordon Böhme and Antonio Leutsch Structured Content wpsc Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-49820
12Manage Notification E-mails Plugin authorization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000520.07CVE-2023-6496
13Unisoc S8000 Wifi Service out-of-bounds write5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2022-48464
14Unisoc S8000 Telephony Service information disclosure4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-42715
15Apache DolphinScheduler information disclosure5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.04CVE-2023-48796
16Concrete CMS File Creation Mkdir permission8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.04CVE-2023-48648
17FFmpeg evc_ps.c ref_pic_list_struct buffer overflow6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001400.00CVE-2023-47470
18mooSocial mooDating URL ajax_invite cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002610.06CVE-2023-3845
19WP Discord Invite Plugin Setting cross-site request forgery4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001070.03CVE-2023-5006
20Samsung Exynos Auto T5123 RLC Module buffer overflow6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-41112

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.112.82.89server-185-112-82-89.creanova.orgHandymanny02/11/2022verifiedHigh
2XXX.XXX.XX.XXXXxxxxxxxxx02/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/addbill.phppredictiveMedium
2File/ample/app/action/edit_product.phppredictiveHigh
3File/cfgpredictiveLow
4File/conf/predictiveLow
5File/controller/AdminController.phppredictiveHigh
6File/etc/quantum/quantum.confpredictiveHigh
7File/friends/ajax_invitepredictiveHigh
8File/index.phppredictiveMedium
9File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
10File/xxxxxxxxxxx/xxxxx/xxxxxxxx_xxxx.xxxpredictiveHigh
11File/xxxxx/xxxxxx.xxxpredictiveHigh
12Filexxxxx.xxx?x=xxxxxx&x=xxxxxx&x=xxxxxxpredictiveHigh
13Filexxxxx/xxxxxx.xxxxx_xxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxx.xxxpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexxx_xxxxx.xxxpredictiveHigh
17Filexx/xxxxxx_xxx.xxxpredictiveHigh
18Filexxxxx/xxxx-xxxx.xpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxx_xxxx.xpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
24Filexxxxxxxxxx/xxx_xx.xpredictiveHigh
25Filexxxxxxxxxxx/xxxxxxx.xpredictiveHigh
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxx_xxxxx_xxxxx.xpredictiveHigh
28Filexxx/xxxxxxxxx/xx_xxxxxxxxx_xxx.xpredictiveHigh
29Filexxx/xxxxx.xxxxpredictiveHigh
30Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxpredictiveHigh
33Filexxx/xxxxxxx.xpredictiveHigh
34Filexxxxxx.xpredictiveMedium
35Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx-xxxxx.xxxpredictiveHigh
36Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
37Libraryxxxxxxxx.xxxpredictiveMedium
38ArgumentxxxpredictiveLow
39Argumentxxxxx[]predictiveLow
40Argumentxxxxxx_xxxxxxxxxxpredictiveHigh
41ArgumentxxxxxxpredictiveLow
42ArgumentxxxpredictiveLow
43ArgumentxxxpredictiveLow
44ArgumentxxxxpredictiveLow
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxpredictiveLow
47ArgumentxxpredictiveLow
48ArgumentxxxxxpredictiveLow
49Argumentxxxxxx_xxpredictiveMedium
50ArgumentxxxpredictiveLow
51ArgumentxxxxxxxxxpredictiveMedium
52Argumentx[]predictiveLow
53Argumentxxxxxxx[]predictiveMedium
54ArgumentxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxxxxxxx/xxxxpredictiveHigh
57Argument_xxxxx_xxxxxxx_xxxxxxxxx_xxxxxxx-xxxpredictiveHigh
58Input Value..predictiveLow
59Input Value../predictiveLow
60Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
61Input Valuexxx=/&xxxpredictiveMedium
62Input ValuexxxpredictiveLow
63Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!