OnionDog 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

言語

en	52
ko	2

国・地域

us	30
kr	24

アクター

OnionDog	3

関心

タイプ

Not Defined	10
Operating System	6
Smartphone Operating System	6
Web Browser	6
Chip Software	4

ベンダー

Microsoft	8
Not Defined	8
D-Link	4
Linux	4
Google	4

製品

D-Link DIR-850L	4
Linux Kernel	4
Microsoft Word	2
Microsoft Access	2
Ipswitch WhatsUp Professional	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Adobe Acrobat Reader Image Conversion メモリ破損	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01971	0.00	CVE-2018-4916
2	Huawei HG8245H URL 情報の漏洩	7.4	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00167	0.04	CVE-2017-15328
3	Google Chrome v8 特権昇格	7.5	7.1	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.23564	0.00	CVE-2016-9651
4	CPU Speculative Execution Meltdown 情報の漏洩	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97384	0.04	CVE-2017-5754
5	Mozilla Firefox WebRTC 特権昇格	5.3	4.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00461	0.00	CVE-2014-1586
6	Nexacro rename 特権昇格	7.7	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.04	CVE-2021-26613
7	Tobesoft NEXACRO17 execDefaultBrowser 特権昇格	7.7	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00528	0.00	CVE-2021-26607
8	JetBrains IntelliJ IDEA Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00221	0.04	CVE-2021-45977
9	Oracle Communications Network Charging and Control Common サービス拒否	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00254	0.00	CVE-2022-35737
10	TeamViewer TVS File Parser 情報の漏洩	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00184	0.00	CVE-2021-34858
11	logback Configuration File 特権昇格	5.3	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01555	0.00	CVE-2021-42550
12	Combodo iTop Configuration File 特権昇格	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00652	0.09	CVE-2019-11215
13	Artifex MuPDF PDF File pdf-xref.c pdf_read_new_xref メモリ破損	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00269	0.00	CVE-2018-6192
14	VMware ESXi/Workstation/Fusion SVGA 情報の漏洩	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00077	0.03	CVE-2018-6974
15	PHP 404 Error Page phar_object.c Reflected クロスサイトスクリプティング	5.2	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03788	0.05	CVE-2018-10547
16	CPUID CPU-Z Kernel-Mode Driver メモリ破損	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2017-15303
17	Microsoft Access メモリ破損	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.29279	0.00	CVE-2018-0903
18	Wind River VxWorks TCP Initial Sequence Number 特権昇格	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02370	0.05	CVE-2015-3963
19	Oracle VM VirtualBox 特権昇格	8.6	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00082	0.00	CVE-2018-2690
20	Adobe Flash Player 情報の漏洩	6.9	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00569	0.05	CVE-2018-4871

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	アクター	Identified	タイプ	信頼度
1	112.169.154.65	OnionDog	2020年12月23日	verified	高
2	121.133.8.2	OnionDog	2020年12月23日	verified	高
3	XXX.XXX.XXX.X	Xxxxxxxx	2020年12月23日	verified	高
4	XXX.XXX.XXX.XXX	Xxxxxxxx	2020年12月23日	verified	高
5	XXX.XXX.XXX.X	Xxxxxxxx	2020年12月23日	verified	高
6	XXX.XXX.XXX.XX	Xxxxxxxx	2020年12月23日	verified	高
7	XXX.XX.XXX.X	Xxxxxxxx	2020年12月23日	verified	高
8	XXX.XXX.XX.XXX	Xxxxxxxx	2020年12月23日	verified	高
9	XXX.XXX.XXX.X	Xxxxxxxx	2020年12月23日	verified	高
10	XXX.XXX.XXX.XX	Xxxxxxxx	2020年12月23日	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/proc/<pid>/status	predictive	高
2	File	/var/passwd	predictive	中
3	File	ext/phar/phar_object.c	predictive	高
4	File	xxxxxx/xxx/xxxxxxx.xxx	predictive	高
5	File	xxxxxx/xxxxxx/xxxx.x	predictive	高
6	File	xxxx.xxx	predictive	中
7	File	xxxxxxxxx/xxxxx.xxx	predictive	高
8	File	xxx/xxx-xxxx.x	predictive	高
9	File	xxxx.xxx	predictive	中
10	Argument	xxxxxx	predictive	低
11	Argument	xxxxxxx_x	predictive	中
12	Argument	xx	predictive	低
13	Argument	xxxxxxxx	predictive	中
14	Input Value	xxxxxxx_xxxxx.xxxxxxx_xxxxxxx	predictive	高
15	Network Port	xxx/xx (xxxxxx)	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!