Onyx Sleet Analysisinfo

IOB - Indicator of Behavior (149)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en98
zh28
es10
de4
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Fortinet FortiManager4
Fortinet FortiAnalyzer4
Fortinet FortiOS4
Unisoc T6104

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Linux Kernel Netlink Attribute nft_inner.c null pointer dereference7.37.3$5k-$10k$2k-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-5972
2SAP NetWeaver Visual Composer unrestricted upload9.29.0$10k-$25k$2k-$5kHighOfficial Fix0.921710.03CVE-2021-38163
3PHPUnit HTTP POST eval-stdin.php code injection8.58.4$1k-$2k$0-$1kHighOfficial Fix0.974790.29CVE-2017-9841
4Zabbix Monitoring Hosts Section code injection8.58.5$2k-$5k$2k-$5kNot DefinedNot Defined0.000430.06CVE-2024-22116
5GNU C Library __vsyslog_internal heap-based overflow7.87.8$1k-$2k$2k-$5kNot DefinedNot Defined0.010720.04CVE-2023-6246
6EMQ X Dashboard auth information disclosure4.44.2$0-$1k$0-$1kProof-of-ConceptOfficial Fix0.001100.05CVE-2021-46434
7DedeCMS unrestricted upload6.36.1$1k-$2k$1k-$2kNot DefinedNot Defined0.002470.00CVE-2023-36298
8Telegram access control5.55.5$1k-$2k$0-$1kNot DefinedNot Defined0.000430.04CVE-2023-26818
9Microsoft ASP.NET Cryptographic Padding Oracle cryptographic issues4.84.6$10k-$25k$0-$1kHighOfficial Fix0.969250.09CVE-2010-3332
10PhpIPAM edit-bgp-mapping-search.php sql injection4.34.1$1k-$2k$0-$1kNot DefinedOfficial Fix0.052910.00CVE-2022-23046
11LogicBoard CMS away.php redirect6.36.1$2k-$5k$0-$1kNot DefinedUnavailable0.000000.47
12OpenSSH Binary Packet Protocol Terrapin inadequate encryption5.75.6$10k-$25k$2k-$5kNot DefinedOfficial Fix0.962520.06CVE-2023-48795
13Keycloak cross site scripting3.53.5$0-$1k$0-$1kNot DefinedNot Defined0.001680.03CVE-2021-20323
14Fortinet FortiOS SSL-VPN out-of-bounds write9.89.6$100k and more$25k-$50kHighOfficial Fix0.018420.03CVE-2024-21762
15Slider Revolution Plugin Image File unrestricted upload7.57.4$1k-$2k$1k-$2kNot DefinedNot Defined0.001490.03CVE-2023-2359
16ThinkPHP unrestricted upload7.17.1$1k-$2k$0-$1kNot DefinedNot Defined0.000710.03CVE-2022-44289
17Adobe Experience Manager cross site scripting4.44.4$1k-$2k$0-$1kNot DefinedOfficial Fix0.000470.04CVE-2024-41841
18itsourcecode Laravel Property Management System DocumentsController.php UpdateDocumentsRequest unrestricted upload7.16.9$2k-$5k$0-$1kProof-of-ConceptNot Defined0.000800.03CVE-2024-7944
19SourceCodester Kortex Lite Advocate Office Management System delete_act.php sql injection7.57.3$1k-$2k$0-$1kProof-of-ConceptNot Defined0.001380.06CVE-2024-7639
20Zorlan SkyCaiji index.php pathname traversal4.34.3$1k-$2k$0-$1kNot DefinedNot Defined0.002640.00CVE-2020-18878

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.155.37.101Onyx SleetCVE-2023-4279310/21/2024verifiedVery High
251.81.168.157ip157.ip-51-81-168.usOnyx SleetPreft10/02/2024verifiedVery High
384.38.134.56ip-134-56.dataclub.infoOnyx SleetCVE-2023-4279310/21/2024verifiedVery High
4XXX.XXX.XXX.XXXXxxx XxxxxXxx-xxxx-xxxxx10/21/2024verifiedVery High
5XXX.XXX.XXX.XXXXxxx XxxxxXxxxx10/02/2024verifiedVery High
6XXX.XX.XXX.XXXXxxx XxxxxXxx-xxxx-xxxxx10/25/2023verifiedHigh
7XXX.XX.XX.XXXXxxx XxxxxXxx-xxxx-xxxxx10/25/2023verifiedHigh
8XXX.XX.XXX.XXXXxxx XxxxxXxxxx10/02/2024verifiedVery High
9XXX.XXX.XXX.XXXXxxx XxxxxXxx-xxxx-xxxxx10/21/2024verifiedVery High
10XXX.XXX.XXX.XXXXxxx XxxxxXxxxx10/02/2024verifiedVery High
11XXX.XXX.XXX.XXXXxxx XxxxxXxxxx10/02/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/Plugins/update.htmlpredictiveHigh
2File/api/blade-log/api/listpredictiveHigh
3File/api /v3/authpredictiveHigh
4File/classes/SystemSettings.php?f=update_settingspredictiveHigh
5File/data/removepredictiveMedium
6File/dede/file_manage_control.phppredictiveHigh
7File/files/list-filepredictiveHigh
8File/forum/away.phppredictiveHigh
9File/xxxxxx.xxxpredictiveMedium
10File/xxxxx.xxx?xxxx=xxxxxxxx_xxxpredictiveHigh
11File/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
12File/xxx-xxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxx-xxxx.xxxpredictiveHigh
15Filexxxxx/xxxxxxxxxx/xxxxxxx_xxxxxx.xxxpredictiveHigh
16Filexxx/xxxxx/xxxxxxx/xxxx-xxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
17Filexxxx-xxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxx.xxxpredictiveLow
20Filexxxx_xxxxxxx.xxxpredictiveHigh
21Filexxxxxx_xxx.xxxpredictiveHigh
22Filexxxx.xxx?xxx=xxxxpredictiveHigh
23Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxxx_xxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxxpredictiveMedium
27Filexxxxxxxxx.xxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxx.xxx?x=xxxxx&x=xxxx&x=xxx&xxxx=x%xx%xxxxxxxxxx%xxxxx%xxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx_xxxxxxxxxx.xpredictiveHigh
32Filexxx_xxxxx.xpredictiveMedium
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxx.xxxxxpredictiveMedium
36Filexxxxx.xxxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxxxxx.xxxxpredictiveMedium
41File\xxxxx\xxx\xxxxxxxx\xxxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Library/xxx/xxxxxx.xxxpredictiveHigh
43Argumentxxxxxxx xxxxx/xxxxxxx xxxxxxxpredictiveHigh
44Argumentxxx/xxxxpredictiveMedium
45ArgumentxxxxxxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48Argumentxxxx_xxpredictiveLow
49ArgumentxxxxpredictiveLow
50Argumentxxxx_xxxxxx_xxxxxxxxxpredictiveHigh
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54ArgumentxxxxpredictiveLow
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxpredictiveMedium
59Argumentxxxx_xxxxxpredictiveMedium
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxxpredictiveLow
63Argumentxxxxxx_xxxxpredictiveMedium
64Argumentxxxxxxxxx_xxpredictiveMedium
65ArgumentxxxxxpredictiveLow
66Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
67Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
68Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!