OnePercent 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (187)

タイムライン

言語

en148
sv14
de12
it6
fr6

国・地域

us142
sv14
ir8
ru8
it6

アクター

OnePercent5
RecordBreaker1
Stantinko1
Baldr1
Dridex1

アクティビティ

関心

タイムライン

タイプ

Not Defined30
Content Management System18
Programming Language Software8
Application Server Software6
Operating System6

ベンダー

Not Defined52
Apache4
Google4
Citrix4
Microsoft4

製品

PHP8
Apache Tomcat4
MediaWiki4
CMS Made Simple4
OpenSSH4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2Tiki TikiWiki tiki-editpage.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011940.03CVE-2004-1386
3WPS Hide Login Plugin Secret Login Page options.php 特権昇格6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.029330.07CVE-2021-24917
4Apple Mac OS X TCP/IP Stack サービス拒否5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.036670.03CVE-2004-0171
5MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.93CVE-2007-0354
6Zipato Zipabox Smart Home Controller 情報の漏洩6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.004230.00CVE-2018-15125
7Samsung SCX-6x55X Syncthru Web Service 情報の漏洩4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001450.01CVE-2021-42913
8DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
9OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.20CVE-2016-6210
10Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
11Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.28CVE-2014-4078
12PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
13PHP phpinfo クロスサイトスクリプティング6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
14Matt Martz & Andy Stratton Page Restrict Plugin 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.02CVE-2024-24702
15nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.27CVE-2020-12440
16Google Android Linkify.java addLinks 特権昇格7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000980.00CVE-2019-2003
17Adobe Magento Mage-Messages Cookie クロスサイトスクリプティング2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001870.03CVE-2021-28556
18GitHub Enterprise Server GraphQL API 特権昇格8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001830.03CVE-2022-23739
19Mitsubishi Electric Factory Automation ディレクトリトラバーサル7.37.2$0-$5k$0-$5kNot DefinedNot Defined0.011170.00CVE-2020-14523
20TP-Link WR886N httpd Service PingIframeRpm.htm メモリ破損5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000690.04CVE-2021-44864

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.187.64.199sophia.onebusinessdesign.infoOnePercent2021年08月26日verified
280.82.67.221OnePercent2021年08月26日verified
3XXX.XXX.XXX.XXXxxxxxxxxx2021年08月26日verified
4XXX.XXX.XXX.XXXXxxxxxxxxx2021年08月26日verified
5XXX.XXX.XXX.XXXXxxxxxxxxx2021年08月26日verified
6XXX.XX.XXX.XXXxxxxxxxxx2021年08月26日verified
7XXX.XXX.XXX.XXXXxxxxxxxxx2021年08月26日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/+CSCOE+/logon.htmlpredictive
2File/downloadpredictive
3File/forum/away.phppredictive
4File/port_3480/data_requestpredictive
5File/uncpath/predictive
6File/userRpm/PingIframeRpm.htmpredictive
7File/wp-admin/options.phppredictive
8Fileadclick.phppredictive
9Filexxx_xxxxxxx.xxxpredictive
10Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xpredictive
11Filexxx.xxxpredictive
12Filexxxxxxxxxxxxxxxxx.xxxpredictive
13Filexxxx-xxxx.xpredictive
14Filexxxxxxxxxxx.xxxpredictive
15Filexxx.xxxpredictive
16Filexxxxxxxxx-xxxxxxx.xxxpredictive
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
18Filexxxxx.xpredictive
19Filexxxxxxx/xxx/xxx/xxx_xxxx.xpredictive
20Filexxxxx.xxxpredictive
21Filexxxx.xxxpredictive
22Filexxx/xxxxxx.xxxpredictive
23Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxxpredictive
24Filexxxxxxx.xxxxpredictive
25Filexxxxx.xxxpredictive
26Filexxxxpredictive
27Filexxxx.xxxpredictive
28Filexxxxxxx.xxxpredictive
29Filexxxxxxx_xxxxxx.xxxpredictive
30Filexxxxxxxx.xxpredictive
31Filexxxxxxxx_xxxxxx.xxxpredictive
32Filexxxxx.xxxpredictive
33Filexxxxxx.xxxpredictive
34Filexxxxxxxxxxxx.xxxpredictive
35Filexxxx-xxxxxxxx.xxxpredictive
36Filexxxxxx.xxxpredictive
37Filexxxxxx.xxxpredictive
38Filexxxxxx.xxxpredictive
39Filexxxxx/xxxxxxxxpredictive
40Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
41Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictive
42Filexx-xxxxxxxxx.xxxpredictive
43Libraryxxxxxxxxxxxx.xxxpredictive
44Libraryxxx/xxx.xpredictive
45Libraryxxx/xxx.xpredictive
46Libraryxxxxxxx.xxxpredictive
47Argumentxxxxx_xxxxxxxxpredictive
48Argumentxxxxxxxxpredictive
49Argumentxxxxxpredictive
50Argumentxxxpredictive
51Argumentxxxxxxxxpredictive
52Argumentxxxxxxxxxxxxxxxxxxxxxpredictive
53Argumentxxxxpredictive
54Argumentxxxxxxxxx xxxxpredictive
55Argumentxxxxxxpredictive
56Argumentxxxxpredictive
57Argumentxxxxxxxxxpredictive
58Argumentxxpredictive
59Argumentxxxxpredictive
60Argumentxxxxxxxpredictive
61Argumentxxxxxxxxpredictive
62Argumentxxxx_xxxxpredictive
63Argumentxxxpredictive
64Argumentxxxxxx_xxxxpredictive
65Argumentxx_xxpredictive
66Argumentxxxxx_xxpredictive
67Argumentxxxxxxxx/xxxxpredictive
68Argumentxxxxxpredictive
69Network Portxxx/xxx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!