OnePercent تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (187)

التسلسل الزمني

اللغة

en162
sv14
de8
it2
es2

البلد

us144
sv14
ru8
ir8
it4

الفاعلين

OnePercent6
RecordBreaker1
Stantinko1
Baldr1
Dridex1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined36
Content Management System14
Operating System12
Programming Language Software6
Programming Tool Software4

المجهز

Not Defined44
Microsoft8
Google4
Cisco4
F-Secure2

منتج

Microsoft Windows6
PHP6
SWFTools4
Cisco ASA4
Adult Script Pro2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Tiki TikiWiki tiki-editpage.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.01194CVE-2004-1386
3WPS Hide Login Plugin Secret Login Page options.php تجاوز الصلاحيات6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.02933CVE-2021-24917
4Apple Mac OS X TCP/IP Stack الحرمان من الخدمة5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.03667CVE-2004-0171
5MGB OpenSource Guestbook email.php حقن إس كيو إل7.37.3$0-$5k$0-$5kHighUnavailable0.930.01302CVE-2007-0354
6Zipato Zipabox Smart Home Controller الكشف عن المعلومات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00423CVE-2018-15125
7Samsung SCX-6x55X Syncthru Web Service الكشف عن المعلومات4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.010.00145CVE-2021-42913
8DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.630.00943CVE-2010-0966
9OpenSSH Authentication Username الكشف عن المعلومات5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
10Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
11Microsoft IIS IP/Domain Restriction تجاوز الصلاحيات6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.120.00817CVE-2014-4078
12PHP phpinfo سكربتات مشتركة4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.02101CVE-2007-1287
13PHP phpinfo سكربتات مشتركة6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.08985CVE-2006-0996
14Matt Martz & Andy Stratton Page Restrict Plugin طلب تزوير مشترك4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.030.00043CVE-2024-24702
15nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.070.00241CVE-2020-12440
16Google Android Linkify.java addLinks تجاوز الصلاحيات7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00098CVE-2019-2003
17Adobe Magento Mage-Messages Cookie سكربتات مشتركة2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00187CVE-2021-28556
18GitHub Enterprise Server GraphQL API تجاوز الصلاحيات8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00161CVE-2022-23739
19Mitsubishi Electric Factory Automation اجتياز الدليل7.37.2$0-$5k$0-$5kNot DefinedNot Defined0.000.01117CVE-2020-14523
20TP-Link WR886N httpd Service PingIframeRpm.htm تلف الذاكرة5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00069CVE-2021-44864

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
131.187.64.199sophia.onebusinessdesign.infoOnePercent26/08/2021verifiedعالي
280.82.67.221OnePercent26/08/2021verifiedعالي
3XXX.XXX.XXX.XXXxxxxxxxxx26/08/2021verifiedعالي
4XXX.XXX.XXX.XXXXxxxxxxxxx26/08/2021verifiedعالي
5XXX.XXX.XXX.XXXXxxxxxxxxx26/08/2021verifiedعالي
6XXX.XX.XXX.XXXxxxxxxxxx26/08/2021verifiedعالي
7XXX.XXX.XXX.XXXXxxxxxxxxx26/08/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
7TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/+CSCOE+/logon.htmlpredictiveعالي
2File/downloadpredictiveمتوسط
3File/forum/away.phppredictiveعالي
4File/port_3480/data_requestpredictiveعالي
5File/uncpath/predictiveمتوسط
6File/userRpm/PingIframeRpm.htmpredictiveعالي
7File/wp-admin/options.phppredictiveعالي
8Fileadclick.phppredictiveمتوسط
9Filexxx_xxxxxxx.xxxpredictiveعالي
10Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xpredictiveعالي
11Filexxx.xxxpredictiveواطئ
12Filexxxxxxxxxxxxxxxxx.xxxpredictiveعالي
13Filexxxx-xxxx.xpredictiveمتوسط
14Filexxxxxxxxxxx.xxxpredictiveعالي
15Filexxx.xxxpredictiveواطئ
16Filexxxxxxxxx-xxxxxxx.xxxpredictiveعالي
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
18Filexxxxx.xpredictiveواطئ
19Filexxxxxxx/xxx/xxx/xxx_xxxx.xpredictiveعالي
20Filexxxxx.xxxpredictiveمتوسط
21Filexxxx.xxxpredictiveمتوسط
22Filexxx/xxxxxx.xxxpredictiveعالي
23Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxxpredictiveعالي
24Filexxxxxxx.xxxxpredictiveمتوسط
25Filexxxxx.xxxpredictiveمتوسط
26Filexxxxpredictiveواطئ
27Filexxxx.xxxpredictiveمتوسط
28Filexxxxxxx.xxxpredictiveمتوسط
29Filexxxxxxx_xxxxxx.xxxpredictiveعالي
30Filexxxxxxxx.xxpredictiveمتوسط
31Filexxxxxxxx_xxxxxx.xxxpredictiveعالي
32Filexxxxx.xxxpredictiveمتوسط
33Filexxxxxx.xxxpredictiveمتوسط
34Filexxxxxxxxxxxx.xxxpredictiveعالي
35Filexxxx-xxxxxxxx.xxxpredictiveعالي
36Filexxxxxx.xxxpredictiveمتوسط
37Filexxxxxx.xxxpredictiveمتوسط
38Filexxxxxx.xxxpredictiveمتوسط
39Filexxxxx/xxxxxxxxpredictiveعالي
40Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveعالي
41Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveعالي
42Filexx-xxxxxxxxx.xxxpredictiveعالي
43Libraryxxxxxxxxxxxx.xxxpredictiveعالي
44Libraryxxx/xxx.xpredictiveمتوسط
45Libraryxxx/xxx.xpredictiveمتوسط
46Libraryxxxxxxx.xxxpredictiveمتوسط
47Argumentxxxxx_xxxxxxxxpredictiveعالي
48Argumentxxxxxxxxpredictiveمتوسط
49Argumentxxxxxpredictiveواطئ
50Argumentxxxpredictiveواطئ
51Argumentxxxxxxxxpredictiveمتوسط
52Argumentxxxxxxxxxxxxxxxxxxxxxpredictiveعالي
53Argumentxxxxpredictiveواطئ
54Argumentxxxxxxxxx xxxxpredictiveعالي
55Argumentxxxxxxpredictiveواطئ
56Argumentxxxxpredictiveواطئ
57Argumentxxxxxxxxxpredictiveمتوسط
58Argumentxxpredictiveواطئ
59Argumentxxxxpredictiveواطئ
60Argumentxxxxxxxpredictiveواطئ
61Argumentxxxxxxxxpredictiveمتوسط
62Argumentxxxx_xxxxpredictiveمتوسط
63Argumentxxxpredictiveواطئ
64Argumentxxxxxx_xxxxpredictiveمتوسط
65Argumentxx_xxpredictiveواطئ
66Argumentxxxxx_xxpredictiveمتوسط
67Argumentxxxxxxxx/xxxxpredictiveعالي
68Argumentxxxxxpredictiveواطئ
69Network Portxxx/xxx (xxx)predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!