Omni Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (180)

Zeitverlauf

Sprache

en144
zh26
ru6
fr4

Land

cn50
us28
ru10
pw10
es6

Akteure

Omni2
Silence1
PsiXBot1
Conti1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined64
Content Management System24
Operating System12
Groupware Software8
Web Browser8

Hersteller

Not Defined76
Microsoft12
Apple6
Linux6
SAP4

Produkt

WordPress16
Linux Kernel6
Apple Safari4
Joomla CMS4
OpenCV wechat_qrcode Module4

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment Denial of Service5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.00052CVE-2023-2617
2Python mailcap Module erweiterte Rechte7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00141CVE-2015-20107
3OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment Denial of Service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00052CVE-2023-2618
4Microsoft IIS Cross Site Scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00548CVE-2017-0055
5Novel-Plus list SQL Injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00063CVE-2024-0655
6cPanel chkservd Test Credential Information Disclosure9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00309CVE-2020-26105
7Popup Maker Plugin do_action erweiterte Rechte8.28.0$0-$5kWird berechnetNot DefinedOfficial Fix0.020.14161CVE-2019-17574
8ectd Gateway TLS Authentication discoverEndpoints schwache Authentisierung6.05.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00177CVE-2020-15136
9Microsoft ASP.NET Cryptographic Padding Oracle Schwachstelle4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.96929CVE-2010-3332
10pgAdmin Privilege Escalation7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00054CVE-2023-5002
11Redis Pufferüberlauf8.58.2$0-$5kWird berechnetNot DefinedOfficial Fix0.020.00572CVE-2021-21309
12SentCMS upload erweiterte Rechte6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.11839CVE-2022-24651
13PHPEMS Session Data session.cls.php erweiterte Rechte7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.120.00542CVE-2023-6654
14Synology BC500/TC500 CGI Format String8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00114CVE-2023-5746
15xxl-job-admin save Privilege Escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00106CVE-2023-48089
16Apache Commons FileUpload Request Part Denial of Service5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.03359CVE-2023-24998
17Adminer adminer.php erweiterte Rechte7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02092CVE-2021-21311
18TightVNC Files erweiterte Rechte8.48.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00077CVE-2023-27830
19EnterpriseDB Postgres Advanced Server _dbms_aq_move_to_exception_queue erweiterte Rechte8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00050CVE-2023-41119
20Apple macOS File Pufferüberlauf6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00055CVE-2023-42904

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
151.15.106.135135-106-15-51.instances.scw.cloudOmni12.02.2022verifiziertHigh
2XXX.XXX.XXX.XXXxxxx.xx.xxxxxxxx.xxxXxxx12.02.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-21, CWE-22, CWE-23Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxprädiktivHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxprädiktivHigh
18TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/etc/skelprädiktivMedium
2File/novel/bookSetting/listprädiktivHigh
3File/rom-0prädiktivLow
4File/uncpath/prädiktivMedium
5File/uploads/tags.phpprädiktivHigh
6File/user/upload/uploadprädiktivHigh
7File/xxl-job-admin/jobcode/saveprädiktivHigh
8Filexxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxxprädiktivHigh
9Filexxxxxxx.xxxprädiktivMedium
10Filexxxxxxxx\xxxxx.xxxprädiktivHigh
11Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxprädiktivHigh
12Filexxx.xxxxxxx.xxxprädiktivHigh
13Filexxxxxxxxxxxxxxxxxx.xxx.xxxprädiktivHigh
14Filexxxx.xxprädiktivLow
15Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.xprädiktivHigh
16Filexxx_xxxx.xprädiktivMedium
17Filexxxxxxxxxx.xxxprädiktivHigh
18Filexxxxxxxxx.xxxprädiktivHigh
19Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxprädiktivHigh
20Filexxxxx.xxx.xxxprädiktivHigh
21Filexx_xxx.xprädiktivMedium
22Filexxx/xxxxxxxxx/x_xxxxxx.xprädiktivHigh
23Filexxx_xxxxxx.xprädiktivMedium
24Filexxx/xxxxx.xxxxprädiktivHigh
25Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxprädiktivHigh
26Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxprädiktivHigh
27Filexxxxxxxxxxx.xxxprädiktivHigh
28Filexxxxx/xxx/xxx/xxx_xxxx.xprädiktivHigh
29Filexxxx.xxxprädiktivMedium
30Filexxxxxxx/xxx/xxxxxxxprädiktivHigh
31Filexx-xxx.xxxprädiktivMedium
32Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxprädiktivHigh
33Filexx-xxxxxxxx/xxxx.xxxprädiktivHigh
34Filexx-xxxxx.xxxprädiktivMedium
35Filexxxxxx.xxxprädiktivMedium
36Libraryxxx/xxxxxxx.xxx.xxxprädiktivHigh
37Libraryxxxxxxx.xxxprädiktivMedium
38Argument$xxx_xxxx)prädiktivMedium
39ArgumentxxxxxxxprädiktivLow
40ArgumentxxxxxxprädiktivLow
41Argumentxxxx_xxprädiktivLow
42ArgumentxxxxxxxxxxxxxprädiktivHigh
43ArgumentxxxxxxprädiktivLow
44ArgumentxxxxxxxxxprädiktivMedium
45ArgumentxxprädiktivLow
46Argumentxxxxxxxxx_xxxxprädiktivHigh
47ArgumentxxxprädiktivLow
48ArgumentxxxxxxxprädiktivLow
49ArgumentxxxxxxxxxxxxxxxxxxxprädiktivHigh
50ArgumentxxxxxxxprädiktivLow
51ArgumentxxxxprädiktivLow
52ArgumentxxxxxxxxxprädiktivMedium
53Argumentxxx_xxxxxprädiktivMedium
54ArgumentxxxprädiktivLow
55Network Portxxx/xxx (xxxx)prädiktivHigh
56Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!