Omni Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (181)

Sequenza temporale

Linguaggio

en136
zh40
ru4
fr2

Nazione

cn58
us36
ru10
es4
ir4

Attori

Omni2
Conti1
Silence1
PsiXBot1

Attività

Interesse

Sequenza temporale

Genere

Not Defined78
Content Management System26
Programming Language Software6
Operating System6
Database Software4

Fornitore

Not Defined88
Microsoft12
Joomla4
VMware4
Oracle2

Prodotto

WordPress20
Joomla CMS4
Moodle4
Microsoft Windows4
PostgreSQL2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment denial of service5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.06CVE-2023-2617
2Python mailcap Module escalazione di privilegi7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.04CVE-2015-20107
3OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment denial of service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.19CVE-2023-2618
4Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.13CVE-2017-0055
5Novel-Plus list sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.06CVE-2024-0655
6cPanel chkservd Test Credential rivelazione di un 'informazione9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003090.00CVE-2020-26105
7Popup Maker Plugin do_action escalazione di privilegi8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.141610.02CVE-2019-17574
8ectd Gateway TLS Authentication discoverEndpoints autenticazione debole6.05.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001770.00CVE-2020-15136
9Microsoft ASP.NET Cryptographic Padding Oracle crittografia debole4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.969290.00CVE-2010-3332
10SourceCodester Online Pizza Ordering System index.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.06CVE-2023-0883
11pgAdmin Privilege Escalation7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.05CVE-2023-5002
12Redis buffer overflow8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.005720.04CVE-2021-21309
13SentCMS upload escalazione di privilegi6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.118390.04CVE-2022-24651
14PHPEMS Session Data session.cls.php escalazione di privilegi7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.005420.04CVE-2023-6654
15Synology BC500/TC500 CGI Format String8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001140.03CVE-2023-5746
16xxl-job-admin save Privilege Escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2023-48089
17Apache Commons FileUpload Request Part denial of service5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.033590.00CVE-2023-24998
18Adminer adminer.php escalazione di privilegi7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020920.05CVE-2021-21311
19TightVNC Files escalazione di privilegi8.48.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001720.05CVE-2023-27830
20EnterpriseDB Postgres Advanced Server _dbms_aq_move_to_exception_queue escalazione di privilegi8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.02CVE-2023-41119

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
151.15.106.135135-106-15-51.instances.scw.cloudOmni12/02/2022verifiedAlto
2XXX.XXX.XXX.XXXxxxx.xx.xxxxxxxx.xxxXxxx12/02/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/etc/skelpredictiveMedia
2File/novel/bookSetting/listpredictiveAlto
3File/php-opos/index.phppredictiveAlto
4File/rom-0predictiveBasso
5File/uncpath/predictiveMedia
6File/uploads/tags.phppredictiveAlto
7File/user/upload/uploadpredictiveAlto
8File/xxx-xxx-xxxxx/xxxxxxx/xxxxpredictiveAlto
9Filexxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxxpredictiveAlto
10Filexxxxxxx.xxxpredictiveMedia
11Filexxxxxxxx\xxxxx.xxxpredictiveAlto
12Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveAlto
13Filexxx.xxxxxxx.xxxpredictiveAlto
14Filexxxxxxxxxxxxxxxxxx.xxx.xxxpredictiveAlto
15Filexxxx.xxpredictiveBasso
16Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.xpredictiveAlto
17Filexxx_xxxx.xpredictiveMedia
18Filexxxxxxxxxx.xxxpredictiveAlto
19Filexxxxxxxxx.xxxpredictiveAlto
20Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveAlto
21Filexxxxx.xxx.xxxpredictiveAlto
22Filexx_xxx.xpredictiveMedia
23Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveAlto
24Filexxx_xxxxxx.xpredictiveMedia
25Filexxx/xxxxx.xxxxpredictiveAlto
26Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveAlto
27Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveAlto
28Filexxxxxxxxxxx.xxxpredictiveAlto
29Filexxxxx/xxx/xxx/xxx_xxxx.xpredictiveAlto
30Filexxxx.xxxpredictiveMedia
31Filexxxxxxx/xxx/xxxxxxxpredictiveAlto
32Filexx-xxx.xxxpredictiveMedia
33Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
34Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
35Filexx-xxxxx.xxxpredictiveMedia
36Filexxxxxx.xxxpredictiveMedia
37Libraryxxx/xxxxxxx.xxx.xxxpredictiveAlto
38Libraryxxxxxxx.xxxpredictiveMedia
39Argument$xxx_xxxx)predictiveMedia
40ArgumentxxxxxxxpredictiveBasso
41ArgumentxxxxxxpredictiveBasso
42Argumentxxxx_xxpredictiveBasso
43ArgumentxxxxxxxxxxxxxpredictiveAlto
44ArgumentxxxxxxpredictiveBasso
45ArgumentxxxxxxxxxpredictiveMedia
46ArgumentxxpredictiveBasso
47Argumentxxxxxxxxx_xxxxpredictiveAlto
48ArgumentxxxpredictiveBasso
49ArgumentxxxxxxxpredictiveBasso
50ArgumentxxxxxxxxxxxxxxxxxxxpredictiveAlto
51ArgumentxxxxxxxpredictiveBasso
52ArgumentxxxxpredictiveBasso
53ArgumentxxxxxxxxxpredictiveMedia
54Argumentxxx_xxxxxpredictiveMedia
55ArgumentxxxpredictiveBasso
56Network Portxxx/xxx (xxxx)predictiveAlto
57Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!