Oto Gonderici Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

Oś czasu

Język

en60
fr6
de2
ar2

Kraj

us22
fr4
cn2
ir2
cz2

Aktorzy

Oto Gonderici4
Havoc1
Xtreme RAT1
Alien1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined28
Programming Language Software6
Router Operating System6
Smartphone Operating System6
Remote Access Software6

Sprzedawca

Not Defined16
Samsung6
Dell EMC4
Microsoft4
FiberHome2

Produkt

PHP4
Dell EMC iDRAC94
FiberHome HG6245D2
OLIMPOKS2
NexusPHP2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1ABUS TVIP 20000-21150 Metacharacter wireless_mft privilege escalation6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.010340.05CVE-2023-26609
2Free5gc NAS Message denial of service6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-38871
3Qualcomm Snapdragon Consumer IOT Meta Image memory corruption4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2021-1899
4Qualcomm Snapdragon Auto Display memory corruption7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-1900
5IBM Cognos Analytics cross site request forgery4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001530.00CVE-2021-38886
6Huawei ACXXXX/SXXXX SSH Packet privilege escalation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.02CVE-2014-8572
7Mambo CMS thumbs.php Path directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001200.02CVE-2013-2565
8Mutare Voice getfile.asp privilege escalation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006160.00CVE-2021-27236
9Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility weak encryption1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2021-21547
10Parallels Desktop Toolgate memory corruption7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2021-31420
11Dell EMC iDRAC9 Configuration memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2021-21540
12Samsung SmartThings Port denial of service3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-25378
13Cisco Small Business RV Series Router Link Layer Discovery Protocol memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2021-1251
14Kagemai cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2021-20685
15Qualcomm Snapdragon Auto RTCP Packet denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2020-11255
16RTA 499ES EtherNet-IP Adaptor Source Code memory corruption8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004890.00CVE-2020-25159
17Apple iOS/iPadOS CoreText information disclosure6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.016790.00CVE-2021-1792
18Apple iOS/iPadOS denial of service6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000620.00CVE-2021-1773
19arenavec Crate default denial of service3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001620.00CVE-2021-29930
20Synology DiskStation Manager SYNO.Core.Network.PPPoE privilege escalation7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.02CVE-2021-29083

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
151.15.225.6363-225-15-51.instances.scw.cloudOto Gonderici2021-05-31verifiedWysoki
2XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxxx.xxx.xxxxxXxx Xxxxxxxxx2021-05-31verifiedWysoki
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxx Xxxxxxxxx2021-05-31verifiedWysoki
4XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxx Xxxxxxxxx2021-05-31verifiedWysoki

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
3T1068CWE-269Execution with Unnecessary PrivilegespredictiveWysoki
4TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveWysoki
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
10TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveWysoki

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/cgi-bin/mft/wireless_mftpredictiveWysoki
2File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictiveWysoki
3Fileaudiohd.exepredictiveMedium
4FileC:\WindupdtpredictiveMedium
5Filex:\x_xxxxxxxpredictiveMedium
6Filexxx-xxx/xxxxxxxpredictiveWysoki
7Filexxxxxxxx.xxx/xxxxxxx_xxxxxx.xxxpredictiveWysoki
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
9Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveWysoki
10Filexxxxxxx.xxxpredictiveMedium
11FilexxxxxxpredictiveNiski
12Filexxxxxx.xxxpredictiveMedium
13Filexxx.xpredictiveNiski
14Libraryxxxxxxxxx.xxxpredictiveWysoki
15Libraryxxxxxxxxxx.xxxpredictiveWysoki
16ArgumentxxpredictiveNiski
17ArgumentxxpredictiveNiski
18ArgumentxxxxxxxpredictiveNiski
19Argumentxxxx_xxxxpredictiveMedium
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxxpredictiveNiski
22Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveWysoki
23Input Value.x./predictiveNiski
24Input Value::$xxxxx_xxxxxxxxxxpredictiveWysoki
25Network Portxxx xxxxxx xxxxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you need the next level of professionalism?

Upgrade your account now!