Oto Gonderici 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

言語

en	62
de	4
ru	2
fr	2

国・地域

us	22
cz	4
ru	2
ir	2
fr	2

アクター

Oto Gonderici	4
Havoc	1
Alien	1
Xtreme RAT	1

関心

タイプ

Not Defined	28
Remote Access Software	6
Web Browser	6
Web Server	4
Smartphone Operating System	4

ベンダー

Not Defined	20
Microsoft	8
Google	4
Dell EMC	4
IBM	2

製品

Microsoft IIS	4
Google Chrome	4
Dell EMC iDRAC9	4
Backdoor.Win32.Agent.bjev	2
Kagemai	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	ABUS TVIP 20000-21150 Metacharacter wireless_mft 特権昇格	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01034	0.05	CVE-2023-26609
2	Free5gc NAS Message サービス拒否	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.00	CVE-2022-38871
3	Qualcomm Snapdragon Consumer IOT Meta Image メモリ破損	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.00	CVE-2021-1899
4	Qualcomm Snapdragon Auto Display メモリ破損	7.8	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2021-1900
5	IBM Cognos Analytics 未知の脆弱性	4.3	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00153	0.00	CVE-2021-38886
6	Huawei ACXXXX/SXXXX SSH Packet 特権昇格	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.07	CVE-2014-8572
7	Mambo CMS thumbs.php Path ディレクトリトラバーサル	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00120	0.02	CVE-2013-2565
8	Mutare Voice getfile.asp 特権昇格	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00616	0.00	CVE-2021-27236
9	Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility 弱い暗号化	1.9	1.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.04	CVE-2021-21547
10	Parallels Desktop Toolgate メモリ破損	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00050	0.00	CVE-2021-31420
11	Dell EMC iDRAC9 Configuration メモリ破損	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00158	0.00	CVE-2021-21540
12	Samsung SmartThings Port サービス拒否	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2021-25378
13	Cisco Small Business RV Series Router Link Layer Discovery Protocol メモリ破損	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00070	0.00	CVE-2021-1251
14	Kagemai クロスサイトスクリプティング	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00115	0.00	CVE-2021-20685
15	Qualcomm Snapdragon Auto RTCP Packet サービス拒否	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2020-11255
16	RTA 499ES EtherNet-IP Adaptor Source Code メモリ破損	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00489	0.00	CVE-2020-25159
17	Apple iOS/iPadOS CoreText 情報の漏洩	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.01679	0.00	CVE-2021-1792
18	Apple iOS/iPadOS サービス拒否	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00062	0.00	CVE-2021-1773
19	arenavec Crate default サービス拒否	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00162	0.00	CVE-2021-29930
20	Synology DiskStation Manager SYNO.Core.Network.PPPoE 特権昇格	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00072	0.02	CVE-2021-29083

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	51.15.225.63	63-225-15-51.instances.scw.cloud	Oto Gonderici	2021年05月31日	verified	高
2	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxxxxxx.xxx.xxxxx	Xxx Xxxxxxxxx	2021年05月31日	verified	高
3	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxx Xxxxxxxxx	2021年05月31日	verified	高
4	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxx Xxxxxxxxx	2021年05月31日	verified	高

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	T1068	CAPEC-122	CWE-269	Execution with Unnecessary Privileges	predictive	高
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
9	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
10	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
11	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
13	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
14	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/cgi-bin/mft/wireless_mft	predictive	高
2	File	/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php	predictive	高
3	File	audiohd.exe	predictive	中
4	File	C:\Windupdt	predictive	中
5	File	x:\x_xxxxxxx	predictive	中
6	File	xxx-xxx/xxxxxxx	predictive	高
7	File	xxxxxxxx.xxx/xxxxxxx_xxxxxx.xxx	predictive	高
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
9	File	xxx/xxxxxxxx/xxxx_xxxxx.x	predictive	高
10	File	xxxxxxx.xxx	predictive	中
11	File	xxxxxx	predictive	低
12	File	xxxxxx.xxx	predictive	中
13	File	xxx.x	predictive	低
14	Library	xxxxxxxxx.xxx	predictive	高
15	Library	xxxxxxxxxx.xxx	predictive	高
16	Argument	xx	predictive	低
17	Argument	xx	predictive	低
18	Argument	xxxxxxx	predictive	低
19	Argument	xxxx_xxxx	predictive	中
20	Argument	xxxxxxxx	predictive	中
21	Argument	xxxxxx	predictive	低
22	Input Value	%xxx%xxxxxxxxx%xxxxxxx(x)>%xx	predictive	高
23	Input Value	.x./	predictive	低
24	Input Value	::$xxxxx_xxxxxxxxxx	predictive	高
25	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!