Omni Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (181)

Idioma

en	138
zh	34
ru	6
es	2
de	2

País

cn	68
us	28
ru	12
pw	10
gb	4

Actores

Omni	2
Conti	1
Silence	1
PsiXBot	1

Interesar

Escribe

Not Defined	66
Content Management System	26
Operating System	10
Firewall Software	8
Groupware Software	6

Proveedor

Not Defined	80
Microsoft	10
Apple	6
OpenCV	4
Google	4

Producto

WordPress	22
cPanel	4
OpenCV wechat_qrcode Module	4
Apple macOS	4
Google Chrome	4

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment denegación de servicio	5.6	5.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.09	CVE-2023-2617
2	Python mailcap Module escalada de privilegios	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00141	0.04	CVE-2015-20107
3	OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment denegación de servicio	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.04	CVE-2023-2618
4	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.17	CVE-2017-0055
5	Novel-Plus list sql injection	6.9	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.09	CVE-2024-0655
6	cPanel chkservd Test Credential divulgación de información	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00309	0.00	CVE-2020-26105
7	Popup Maker Plugin do_action escalada de privilegios	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.14161	0.02	CVE-2019-17574
8	ectd Gateway TLS Authentication discoverEndpoints autenticación débil	6.0	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00177	0.00	CVE-2020-15136
9	Microsoft ASP.NET Cryptographic Padding Oracle cifrado débil	4.8	4.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.96929	0.00	CVE-2010-3332
10	SourceCodester Online Pizza Ordering System index.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00148	0.00	CVE-2023-0883
11	pgAdmin Privilege Escalation	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.05	CVE-2023-5002
12	Redis desbordamiento de búfer	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00572	0.02	CVE-2021-21309
13	SentCMS upload escalada de privilegios	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.11839	0.04	CVE-2022-24651
14	PHPEMS Session Data session.cls.php escalada de privilegios	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00542	0.00	CVE-2023-6654
15	Synology BC500/TC500 CGI Format String	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00114	0.00	CVE-2023-5746
16	xxl-job-admin save Privilege Escalation	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.02	CVE-2023-48089
17	Apache Commons FileUpload Request Part denegación de servicio	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03359	0.00	CVE-2023-24998
18	Adminer adminer.php escalada de privilegios	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02092	0.04	CVE-2021-21311
19	TightVNC Files escalada de privilegios	8.4	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00172	0.03	CVE-2023-27830
20	EnterpriseDB Postgres Advanced Server _dbms_aq_move_to_exception_queue escalada de privilegios	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00050	0.02	CVE-2023-41119

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	51.15.106.135	135-106-15-51.instances.scw.cloud	Omni		2022-02-12	verified	Alto
2	XXX.XXX.XXX.XXX	xxxx.xx.xxxxxxxx.xxx	Xxxx		2022-02-12	verified	Alto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CWE-94	Argument Injection	predictive	Alto
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
14	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
16	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
17	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto
18	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
19	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/etc/skel	predictive	Medio
2	File	/novel/bookSetting/list	predictive	Alto
3	File	/php-opos/index.php	predictive	Alto
4	File	/rom-0	predictive	Bajo
5	File	/uncpath/	predictive	Medio
6	File	/uploads/tags.php	predictive	Alto
7	File	/user/upload/upload	predictive	Alto
8	File	/xxx-xxx-xxxxx/xxxxxxx/xxxx	predictive	Alto
9	File	xxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxx	predictive	Alto
10	File	xxxxxxx.xxx	predictive	Medio
11	File	xxxxxxxx\xxxxx.xxx	predictive	Alto
12	File	xxxxxx/xxxxxxx/xxxx/xxxxx.xxx	predictive	Alto
13	File	xxx.xxxxxxx.xxx	predictive	Alto
14	File	xxxxxxxxxxxxxxxxxx.xxx.xxx	predictive	Alto
15	File	xxxx.xx	predictive	Bajo
16	File	xxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.x	predictive	Alto
17	File	xxx_xxxx.x	predictive	Medio
18	File	xxxxxxxxxx.xxx	predictive	Alto
19	File	xxxxxxxxx.xxx	predictive	Alto
20	File	xxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxx	predictive	Alto
21	File	xxxxx.xxx.xxx	predictive	Alto
22	File	xx_xxx.x	predictive	Medio
23	File	xxx/xxxxxxxxx/x_xxxxxx.x	predictive	Alto
24	File	xxx_xxxxxx.x	predictive	Medio
25	File	xxx/xxxxx.xxxx	predictive	Alto
26	File	xxx-xxxxxxxx/xxx-xxxxxxxx.xxx	predictive	Alto
27	File	xxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxx	predictive	Alto
28	File	xxxxxxxxxxx.xxx	predictive	Alto
29	File	xxxxx/xxx/xxx/xxx_xxxx.x	predictive	Alto
30	File	xxxx.xxx	predictive	Medio
31	File	xxxxxxx/xxx/xxxxxxx	predictive	Alto
32	File	xx-xxx.xxx	predictive	Medio
33	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	Alto
34	File	xx-xxxxxxxx/xxxx.xxx	predictive	Alto
35	File	xx-xxxxx.xxx	predictive	Medio
36	File	xxxxxx.xxx	predictive	Medio
37	Library	xxx/xxxxxxx.xxx.xxx	predictive	Alto
38	Library	xxxxxxx.xxx	predictive	Medio
39	Argument	$xxx_xxxx)	predictive	Medio
40	Argument	xxxxxxx	predictive	Bajo
41	Argument	xxxxxx	predictive	Bajo
42	Argument	xxxx_xx	predictive	Bajo
43	Argument	xxxxxxxxxxxxx	predictive	Alto
44	Argument	xxxxxx	predictive	Bajo
45	Argument	xxxxxxxxx	predictive	Medio
46	Argument	xx	predictive	Bajo
47	Argument	xxxxxxxxx_xxxx	predictive	Alto
48	Argument	xxx	predictive	Bajo
49	Argument	xxxxxxx	predictive	Bajo
50	Argument	xxxxxxxxxxxxxxxxxxx	predictive	Alto
51	Argument	xxxxxxx	predictive	Bajo
52	Argument	xxxx	predictive	Bajo
53	Argument	xxxxxxxxx	predictive	Medio
54	Argument	xxx_xxxxx	predictive	Medio
55	Argument	xxx	predictive	Bajo
56	Network Port	xxx/xxx (xxxx)	predictive	Alto
57	Network Port	xxx xxxxxx xxxx	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!