Oto Gonderici Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

Cronología

Idioma

en64
de4
ru2

País

us26
ru2
cn2

Actores

Oto Gonderici4
Alien1
Havoc1
Xtreme RAT1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined30
Chip Software6
Smartphone Operating System6
Web Server4
Remote Access Software4

Proveedor

Not Defined16
Qualcomm6
Microsoft6
Dell EMC4
Google4

Producto

Qualcomm Snapdragon Consumer IOT6
Qualcomm Snapdragon Industrial IOT6
Qualcomm Snapdragon Mobile6
Qualcomm Snapdragon Wearables6
Qualcomm Snapdragon Auto4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1ABUS TVIP 20000-21150 Metacharacter wireless_mft escalada de privilegios6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.010340.05CVE-2023-26609
2Free5gc NAS Message denegación de servicio6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-38871
3Qualcomm Snapdragon Consumer IOT Meta Image desbordamiento de búfer4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2021-1899
4Qualcomm Snapdragon Auto Display desbordamiento de búfer7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-1900
5IBM Cognos Analytics cross site request forgery4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001530.00CVE-2021-38886
6Huawei ACXXXX/SXXXX SSH Packet escalada de privilegios7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
7Mambo CMS thumbs.php Path directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001200.02CVE-2013-2565
8Mutare Voice getfile.asp escalada de privilegios8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006160.00CVE-2021-27236
9Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cifrado débil1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-21547
10Parallels Desktop Toolgate desbordamiento de búfer7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2021-31420
11Dell EMC iDRAC9 Configuration desbordamiento de búfer6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2021-21540
12Samsung SmartThings Port denegación de servicio3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-25378
13Cisco Small Business RV Series Router Link Layer Discovery Protocol desbordamiento de búfer6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2021-1251
14Kagemai cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2021-20685
15Qualcomm Snapdragon Auto RTCP Packet denegación de servicio7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2020-11255
16RTA 499ES EtherNet-IP Adaptor Source Code desbordamiento de búfer8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004890.00CVE-2020-25159
17Apple iOS/iPadOS CoreText divulgación de información6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.016790.00CVE-2021-1792
18Apple iOS/iPadOS denegación de servicio6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000620.00CVE-2021-1773
19arenavec Crate default denegación de servicio3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001620.00CVE-2021-29930
20Synology DiskStation Manager SYNO.Core.Network.PPPoE escalada de privilegios7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.02CVE-2021-29083

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
151.15.225.6363-225-15-51.instances.scw.cloudOto Gonderici2021-05-31verifiedAlto
2XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxxx.xxx.xxxxxXxx Xxxxxxxxx2021-05-31verifiedAlto
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxx Xxxxxxxxx2021-05-31verifiedAlto
4XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxx Xxxxxxxxx2021-05-31verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3T1068CWE-269Execution with Unnecessary PrivilegespredictiveAlto
4TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/cgi-bin/mft/wireless_mftpredictiveAlto
2File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictiveAlto
3Fileaudiohd.exepredictiveMedio
4FileC:\WindupdtpredictiveMedio
5Filex:\x_xxxxxxxpredictiveMedio
6Filexxx-xxx/xxxxxxxpredictiveAlto
7Filexxxxxxxx.xxx/xxxxxxx_xxxxxx.xxxpredictiveAlto
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
9Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveAlto
10Filexxxxxxx.xxxpredictiveMedio
11FilexxxxxxpredictiveBajo
12Filexxxxxx.xxxpredictiveMedio
13Filexxx.xpredictiveBajo
14Libraryxxxxxxxxx.xxxpredictiveAlto
15Libraryxxxxxxxxxx.xxxpredictiveAlto
16ArgumentxxpredictiveBajo
17ArgumentxxpredictiveBajo
18ArgumentxxxxxxxpredictiveBajo
19Argumentxxxx_xxxxpredictiveMedio
20ArgumentxxxxxxxxpredictiveMedio
21ArgumentxxxxxxpredictiveBajo
22Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveAlto
23Input Value.x./predictiveBajo
24Input Value::$xxxxx_xxxxxxxxxxpredictiveAlto
25Network Portxxx xxxxxx xxxxpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!