Tomiris Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

Idioma

en	32
sv	2

País

us	26
gb	4
ru	4

Actores

Nobelium	3
QNAPCrypt	1
Mirai	1
BianLian	1
Raccoon	1

Interesar

Escribe

Not Defined	10
Operating System	6
Router Operating System	2
Groupware Software	2
Network Management Software	2

Proveedor

Not Defined	10
Linux	4
Microsoft	4
Mikrotik	2
Hikvision	2

Producto

Linux Kernel	4
Mikrotik RouterOS	2
TightVNC	2
Microsoft Outlook Web App	2
PRTG Network Monitor	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	PRTG Network Monitor login.htm escalada de privilegios	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00288	0.04	CVE-2018-19410
2	Mikrotik RouterOS SNMP divulgación de información	8.0	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00307	0.04	CVE-2022-45315
3	nginx escalada de privilegios	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	2.01	CVE-2020-12440
4	Abstrium Pydio Cells Change Subscription escalada de privilegios	6.3	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00073	0.04	CVE-2023-2978
5	ningzichun Student Management System Password Reset resetPassword.php escalada de privilegios	7.6	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00313	0.04	CVE-2023-3007
6	Campcodes Online Thesis Archiving System manage_user.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00146	0.04	CVE-2023-2149
7	Odoo Community/Enterprise Database Manager escalada de privilegios	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00680	0.04	CVE-2018-14885
8	1C:Enterprise URL Parameter divulgación de información	5.9	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00168	0.06	CVE-2021-3131
9	Hikvision Wwireless Bridge Web Server escalada de privilegios	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00142	0.00	CVE-2022-28173
10	Microsoft Windows SMB divulgación de información	6.4	5.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00894	0.00	CVE-2021-36960
11	Microsoft Windows SMB escalada de privilegios	7.7	7.5	$25k-$100k	$0-$5k	High	Official Fix	0.97418	0.04	CVE-2017-0144
12	Microsoft Windows SMB Client Security Feature divulgación de información	4.3	3.8	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00539	0.00	CVE-2021-31205
13	Synology DiskStation Manager Web Interface info.cgi Reflected cross site scripting	5.5	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
14	Grafana Dashboard directory traversal	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00226	0.06	CVE-2022-32275
15	Online Student Admission sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00172	0.04	CVE-2022-28467
16	PHP EXIF exif_process_IFD_in_MAKERNOTE desbordamiento de búfer	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00477	0.00	CVE-2019-9639
17	Mini-Inventory-and-Sales-Management-System Inventory cross site request forgery	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2021-44321
18	JFrog Artifactory upload escalada de privilegios	8.5	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.11383	0.00	CVE-2016-10036
19	TightVNC InitialiseRFBConnection desbordamiento de búfer	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01927	0.00	CVE-2019-15679
20	Linux Kernel Patch CVE-2020-14356 desbordamiento de búfer	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.01	CVE-2020-25220

Campañas (1)

These are the campaigns that can be associated with the actor:

Tomiris

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	51.195.68.217	time1.lyhuao.com	Tomiris	2021-09-30	verified	Alto
2	XXX.XXX.XXX.XXX	xxxxxxxx.xxxx.xxxxxx.xxx	Xxxxxxx	2021-09-30	verified	Alto
3	XXX.XXX.XXX.XX	xxxx.xx	Xxxxxxx	2021-09-30	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-139	CWE-23	Path Traversal	predictive	Alto
2	T1059.007	CAPEC-18	CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/admin/user/manage_user.php	predictive	Alto
2	File	/cgi-bin/webadminget.cgi	predictive	Alto
3	File	/opt/teradata/gsctools/bin/t2a.pl	predictive	Alto
4	File	/xxxxxx/xxxxx.xxx	predictive	Alto
5	File	/xxxxxx/xxxx.xxx	predictive	Alto
6	File	xxxxxxx/xxx/xxx/xxxx_xxxxxx.x	predictive	Alto
7	File	xxxx.xxx	predictive	Medio
8	File	xxx/xxxxx.xxxx	predictive	Alto
9	File	xxxxxxx.xxx	predictive	Medio
10	File	xxxxxxxxxxxxx.xxx	predictive	Alto
11	File	xxxxxx.x	predictive	Medio
12	File	xx/xxxxxxxx/xxxxxx	predictive	Alto
13	Argument	xxxx_xxx	predictive	Medio
14	Argument	xxxx/xxxxxx/xxx	predictive	Alto
15	Argument	xx	predictive	Bajo
16	Argument	xxxxxxx_xxx	predictive	Medio
17	Argument	xxx	predictive	Bajo
18	Argument	xxxxxxxxxxxxxxxx	predictive	Alto
19	Argument	xxx	predictive	Bajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!