Hermit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (75)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
ru16
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru34
us26
it12
cn2
kz2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Hermit4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Content Management System8
Firewall Software4
Operating System4
Programming Language Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Untangle4
Microsoft4
Hisilicon2
Adobe2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Untangle NG Firewall4
Microsoft Windows4
WordPress4
PHP4
Truecrypt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
11C:Enterprise URL Parameter information disclosure5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001680.03CVE-2021-3131
2Untangle NG Firewall injection6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.001770.04CVE-2019-18647
3ImageMagick Engine Plugin cross-site request forgery6.56.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.025550.00CVE-2022-2441
4WordPress Scheduled Task wp-cron.php resource consumption6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000960.00CVE-2023-22622
5Moodle User Profile Field cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001120.04CVE-2022-45151
6RouterOS DNS Cache Poisoning missing authentication6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.006900.00CVE-2019-3978
7Microsoft Windows Remote Desktop Service BlueKeep input validation9.89.7$25k-$100k$0-$5kHighOfficial Fix0.974990.00CVE-2019-0708
8Joomla CMS sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001960.03CVE-2020-10243
9ImageMagick Engine Plugin deserialization7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2022-3568
10Flower Worker Name cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2019-16926
11Apache Airflow Celery Provider default_celery.py _get_celery_ssl_active log file5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005470.00CVE-2023-46215
12Apache RabbitMQ Redis/RabbitMQ os command injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.933150.04CVE-2020-11981
13Redis Lua sandbox6.36.3$0-$5k$0-$5kHighNot Defined0.971140.00CVE-2022-0543
14Fortinet FortiAuthenticator Reset-Password Page cross site scripting4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000910.00CVE-2022-35850
15Nagios XI update_banner_message sql injection7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000890.04CVE-2023-40933
16CMS Made Simple Login Cache information disclosure9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001850.03CVE-2017-17734
17Mail Masta Plugin campaign_save.php sql injection6.76.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.003160.08CVE-2017-6098
18WordPress Access Restriction user-new.php access control7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003720.05CVE-2017-17091
19HTTP/2 Header resource consumption6.86.7$5k-$25k$0-$5kNot DefinedWorkaround0.006630.02CVE-2019-9516

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.228.150.862-228-150-86.ip192.fastwebnet.itHermit07/30/2022verifiedHigh
22.229.68.1822-229-68-182.ip195.fastwebnet.itHermit07/30/2022verifiedHigh
3XX.XXX.XX.XXXXxxxxx07/30/2022verifiedHigh
4XX.XXX.XX.XXXxxxxx08/04/2022verifiedHigh
5XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxx.xxxxxxxxxx.xxXxxxxx07/30/2022verifiedHigh
6XX.XX.XX.XXxx-xx-xx-xx.xxxxx.xxxxxxxxxx.xxXxxxxx08/04/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-55CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/template.phppredictiveHigh
2File/inc/campaign_save.phppredictiveHigh
3File/src/helper.cpredictiveHigh
4File/uncpath/predictiveMedium
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxxxxx/xxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxx_xxxxxx.xxpredictiveHigh
7Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxx/xxxxxxxx.xpredictiveHigh
10Filexxx_xxxxxxxx.xpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxx/xxxxxxx.xxxpredictiveHigh
13Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
14Filexx-xxxx.xxxpredictiveMedium
15Argumentxxx_xxxxpredictiveMedium
16ArgumentxxpredictiveLow
17ArgumentxxpredictiveLow
18ArgumentxxxxpredictiveLow
19Argumentxxxx_xxpredictiveLow
20Argumentxxxxx_xxxxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxxxxxxxxxpredictiveMedium
23ArgumentxxxxxpredictiveLow
24ArgumentxxxxxpredictiveLow
25ArgumentxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!