Tomiris Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	30
sv	2
ja	2

Country

us	24
ru	4

Actors

Nobelium	3
QNAPCrypt	1
Mirai	1
BianLian	1
Raccoon	1

Activities

Interest

Timeline

Type

Not Defined	12
Operating System	8
Web Server	4
Mail Server Software	2
Ticket Tracking Software	2

Vendor

Not Defined	12
Microsoft	6
Linux	4
Tim Kosse	2
Google	2

Product

Microsoft Windows	4
Linux Kernel	4
Exim	2
osTicket	2
Tim Kosse FileZilla	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	PRTG Network Monitor login.htm access control	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00288	0.04	CVE-2018-19410
2	Mikrotik RouterOS SNMP out-of-bounds	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00307	0.05	CVE-2022-45315
3	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	4.32	CVE-2020-12440
4	Abstrium Pydio Cells Change Subscription authorization	6.3	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00061	0.00	CVE-2023-2978
5	ningzichun Student Management System Password Reset resetPassword.php password recovery	7.6	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00273	0.00	CVE-2023-3007
6	Campcodes Online Thesis Archiving System manage_user.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00146	0.10	CVE-2023-2149
7	Odoo Community/Enterprise Database Manager access control	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00493	0.00	CVE-2018-14885
8	1C:Enterprise URL Parameter information disclosure	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00168	0.06	CVE-2021-3131
9	Hikvision Wwireless Bridge Web Server access control	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00142	0.05	CVE-2022-28173
10	Microsoft Windows SMB information disclosure	6.4	5.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00894	0.00	CVE-2021-36960
11	Microsoft Windows SMB input validation	7.7	7.5	$25k-$100k	$0-$5k	High	Official Fix	0.97427	0.05	CVE-2017-0144
12	Microsoft Windows SMB Client Security Feature information disclosure	4.3	3.8	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00539	0.00	CVE-2021-31205
13	Synology DiskStation Manager Web Interface info.cgi Reflected cross site scripting	5.5	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
14	Grafana Dashboard path traversal	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00226	0.03	CVE-2022-32275
15	Online Student Admission sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00172	0.04	CVE-2022-28467
16	PHP EXIF exif_process_IFD_in_MAKERNOTE memory corruption	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00477	0.00	CVE-2019-9639
17	Mini-Inventory-and-Sales-Management-System Inventory cross-site request forgery	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2021-44321
18	JFrog Artifactory upload unrestricted upload	8.5	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.11383	0.02	CVE-2016-10036
19	TightVNC InitialiseRFBConnection out-of-bounds write	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01927	0.02	CVE-2019-15679
20	Linux Kernel Patch CVE-2020-14356 use after free	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.01	CVE-2020-25220

Campaigns (1)

These are the campaigns that can be associated with the actor:

Tomiris

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	51.195.68.217	time1.lyhuao.com	Tomiris	09/30/2021	verified	High
2	XXX.XXX.XXX.XXX	xxxxxxxx.xxxx.xxxxxx.xxx	Xxxxxxx	09/30/2021	verified	High
3	XXX.XXX.XXX.XX	xxxx.xx	Xxxxxxx	09/30/2021	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-139	CWE-23	Path Traversal	predictive	High
2	T1059.007	CAPEC-18	CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/user/manage_user.php	predictive	High
2	File	/cgi-bin/webadminget.cgi	predictive	High
3	File	/opt/teradata/gsctools/bin/t2a.pl	predictive	High
4	File	/xxxxxx/xxxxx.xxx	predictive	High
5	File	/xxxxxx/xxxx.xxx	predictive	High
6	File	xxxxxxx/xxx/xxx/xxxx_xxxxxx.x	predictive	High
7	File	xxxx.xxx	predictive	Medium
8	File	xxx/xxxxx.xxxx	predictive	High
9	File	xxxxxxx.xxx	predictive	Medium
10	File	xxxxxxxxxxxxx.xxx	predictive	High
11	File	xxxxxx.x	predictive	Medium
12	File	xx/xxxxxxxx/xxxxxx	predictive	High
13	Argument	xxxx_xxx	predictive	Medium
14	Argument	xxxx/xxxxxx/xxx	predictive	High
15	Argument	xx	predictive	Low
16	Argument	xxxxxxx_xxx	predictive	Medium
17	Argument	xxx	predictive	Low
18	Argument	xxxxxxxxxxxxxxxx	predictive	High
19	Argument	xxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!