Omni Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en92
fr3
es1

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.02CVE-2017-0055
2Microsoft ASP.NET Cryptographic Padding Oracle cryptographic issues4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2010-3332
3Microsoft Windows Runtime Remote Code Execution8.17.4$100k and more$25k-$100kUnprovenOfficial Fix0.05CVE-2022-21971
4Palo Alto PAN-OS input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2019-1581
5ReFlex Gallery Plugin php.php unrestricted upload7.37.0$0-$5k$0-$5kHighOfficial Fix0.04CVE-2015-4133
6Eclipse Jetty FileSessionDataStore session fixiation7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-12538
7Huawei Berkeley Smart Phone Mali Driver double free5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.08CVE-2018-7899
8Microsoft Outlook Web App redir.aspx authentication spoofing5.35.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.36
9Moodle Search User information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-15110
10Linux Kernel USB Device technisat-usb2.c out-of-bounds read8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-15505
11Palo Alto PAN-OS Session memory corruption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-1582
12onesignal-free-web-push-notifications Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15827
13JIRA ViewLogging cross-site request forgery5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-11587
14WordPress Page Flip Image Gallery plugin getConfig.php path traversal5.35.3$0-$5k$0-$5kHighUnavailable0.05CVE-2008-5752
15wps-hide-login Plugin wp-login.php 7pk security7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-15826
16bold-page-builder Plugin Settings/Import access control7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.09CVE-2019-15821
17login-or-logout-menu-item Plugin lolmi_save_settings redirect6.66.3$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-15820
18Discuz! DiscuzX Access Restriction index.php access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2018-5377
19PostgreSQL Foreign Data Wrapper Password improper authorization7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2017-7547
20HP Router/Switch SNMP information disclosure3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2012-3268

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
151.15.106.135135-106-15-51.instances.scw.cloudOmniHigh
2XXX.XXX.XXX.XXXxxxx.xx.xxxxxxxx.xxxXxxxHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/etc/skelMedium
2File/rom-0Low
3File/uncpath/Medium
4Fileadmin/scripts/FileUploader/php.phpHigh
5Filearchiver\index.phpHigh
6Filexxx.xxxxxxx.xxxHigh
7Filexxxxxxxxxxxxxxxxxx.xxx.xxxHigh
8Filexxxx.xxLow
9Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.xHigh
10Filexxx_xxxx.xMedium
11Filexxxxxxxxxx.xxxHigh
12Filexxxxxxxxx.xxxHigh
13Filexxxxx.xxx.xxxHigh
14Filexx_xxx.xMedium
15Filexxx_xxxxxx.xMedium
16Filexxx/xxxxx.xxxxHigh
17Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxHigh
18Filexxxx.xxxMedium
19Filexx-xxx.xxxMedium
20Filexx-xxxxxxxx/xxxx.xxxHigh
21Filexx-xxxxx.xxxMedium
22Filexxxxxx.xxxMedium
23Argument$xxx_xxxx)Medium
24ArgumentxxxxxxxLow
25ArgumentxxxxxxLow
26Argumentxxxx_xxLow
27ArgumentxxxxxxLow
28ArgumentxxLow
29Argumentxxxxxxxxx_xxxxHigh
30ArgumentxxxLow
31ArgumentxxxxxxxLow
32ArgumentxxxxxxxLow
33ArgumentxxxxxxxxxMedium
34ArgumentxxxLow
35Network Portxxx/xxx (xxxx)High
36Network Portxxx xxxxxx xxxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!