OnePercent Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (187)

Idioma

en	156
sv	12
de	6
it	6
fr	4

País

us	138
ir	16
sv	12
ru	8
it	6

Actores

OnePercent	6
Stantinko	1
Baldr	1
Dridex	1
Echobot	1

Interesse

Tipo

Content Management System	20
Not Defined	16
Operating System	10
Router Operating System	6
Web Server	6

Fabricante

Not Defined	48
Microsoft	10
Cisco	4
Citrix	4
RAD	2

Produto

MediaWiki	6
Microsoft Windows	6
PHP	4
Microsoft IIS	4
CMS Made Simple	4

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Tiki TikiWiki tiki-editpage.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01194	0.03	CVE-2004-1386
3	WPS Hide Login Plugin Secret Login Page options.php direitos alargados	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02933	0.04	CVE-2021-24917
4	Apple Mac OS X TCP/IP Stack Negação de Serviço	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03667	0.03	CVE-2004-0171
5	MGB OpenSource Guestbook email.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.80	CVE-2007-0354
6	Zipato Zipabox Smart Home Controller Divulgação de Informação	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00423	0.00	CVE-2018-15125
7	Samsung SCX-6x55X Syncthru Web Service Divulgação de Informação	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00145	0.01	CVE-2021-42913
8	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.05	CVE-2010-0966
9	OpenSSH Authentication Username Divulgação de Informação	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.13	CVE-2016-6210
10	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.17	CVE-2017-0055
11	Microsoft IIS IP/Domain Restriction direitos alargados	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.25	CVE-2014-4078
12	PHP phpinfo Roteiro Cruzado de Sítios	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
13	PHP phpinfo Roteiro Cruzado de Sítios	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08985	0.08	CVE-2006-0996
14	Matt Martz & Andy Stratton Page Restrict Plugin Falsificação de Pedido Cross Site	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.02	CVE-2024-24702
15	nginx direitos alargados	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.73	CVE-2020-12440
16	Google Android Linkify.java addLinks direitos alargados	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00098	0.00	CVE-2019-2003
17	Adobe Magento Mage-Messages Cookie Roteiro Cruzado de Sítios	2.4	2.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00187	0.03	CVE-2021-28556
18	GitHub Enterprise Server GraphQL API direitos alargados	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00161	0.03	CVE-2022-23739
19	Mitsubishi Electric Factory Automation Directório Traversal	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01117	0.00	CVE-2020-14523
20	TP-Link WR886N httpd Service PingIframeRpm.htm Excesso de tampão	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00069	0.04	CVE-2021-44864

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	31.187.64.199	sophia.onebusinessdesign.info	OnePercent	26/08/2021	verified	Alto
2	80.82.67.221		OnePercent	26/08/2021	verified	Alto
3	XXX.XXX.XXX.XX		Xxxxxxxxxx	26/08/2021	verified	Alto
4	XXX.XXX.XXX.XXX		Xxxxxxxxxx	26/08/2021	verified	Alto
5	XXX.XXX.XXX.XXX		Xxxxxxxxxx	26/08/2021	verified	Alto
6	XXX.XX.XXX.XX		Xxxxxxxxxx	26/08/2021	verified	Alto
7	XXX.XXX.XXX.XXX		Xxxxxxxxxx	26/08/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/+CSCOE+/logon.html	predictive	Alto
2	File	/download	predictive	Médio
3	File	/forum/away.php	predictive	Alto
4	File	/port_3480/data_request	predictive	Alto
5	File	/uncpath/	predictive	Médio
6	File	/userRpm/PingIframeRpm.htm	predictive	Alto
7	File	/wp-admin/options.php	predictive	Alto
8	File	adclick.php	predictive	Médio
9	File	xxx_xxxxxxx.xxx	predictive	Alto
10	File	xxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=x	predictive	Alto
11	File	xxx.xxx	predictive	Baixo
12	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Alto
13	File	xxxx-xxxx.x	predictive	Médio
14	File	xxxxxxxxxxx.xxx	predictive	Alto
15	File	xxx.xxx	predictive	Baixo
16	File	xxxxxxxxx-xxxxxxx.xxx	predictive	Alto
17	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
18	File	xxxxx.x	predictive	Baixo
19	File	xxxxxxx/xxx/xxx/xxx_xxxx.x	predictive	Alto
20	File	xxxxx.xxx	predictive	Médio
21	File	xxxx.xxx	predictive	Médio
22	File	xxx/xxxxxx.xxx	predictive	Alto
23	File	xxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxx	predictive	Alto
24	File	xxxxxxx.xxxx	predictive	Médio
25	File	xxxxx.xxx	predictive	Médio
26	File	xxxx	predictive	Baixo
27	File	xxxx.xxx	predictive	Médio
28	File	xxxxxxx.xxx	predictive	Médio
29	File	xxxxxxx_xxxxxx.xxx	predictive	Alto
30	File	xxxxxxxx.xx	predictive	Médio
31	File	xxxxxxxx_xxxxxx.xxx	predictive	Alto
32	File	xxxxx.xxx	predictive	Médio
33	File	xxxxxx.xxx	predictive	Médio
34	File	xxxxxxxxxxxx.xxx	predictive	Alto
35	File	xxxx-xxxxxxxx.xxx	predictive	Alto
36	File	xxxxxx.xxx	predictive	Médio
37	File	xxxxxx.xxx	predictive	Médio
38	File	xxxxxx.xxx	predictive	Médio
39	File	xxxxx/xxxxxxxx	predictive	Alto
40	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	Alto
41	File	xx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxx	predictive	Alto
42	File	xx-xxxxxxxxx.xxx	predictive	Alto
43	Library	xxxxxxxxxxxx.xxx	predictive	Alto
44	Library	xxx/xxx.x	predictive	Médio
45	Library	xxx/xxx.x	predictive	Médio
46	Library	xxxxxxx.xxx	predictive	Médio
47	Argument	xxxxx_xxxxxxxx	predictive	Alto
48	Argument	xxxxxxxx	predictive	Médio
49	Argument	xxxxx	predictive	Baixo
50	Argument	xxx	predictive	Baixo
51	Argument	xxxxxxxx	predictive	Médio
52	Argument	xxxxxxxxxxxxxxxxxxxxx	predictive	Alto
53	Argument	xxxx	predictive	Baixo
54	Argument	xxxxxxxxx xxxx	predictive	Alto
55	Argument	xxxxxx	predictive	Baixo
56	Argument	xxxx	predictive	Baixo
57	Argument	xxxxxxxxx	predictive	Médio
58	Argument	xx	predictive	Baixo
59	Argument	xxxx	predictive	Baixo
60	Argument	xxxxxxx	predictive	Baixo
61	Argument	xxxxxxxx	predictive	Médio
62	Argument	xxxx_xxxx	predictive	Médio
63	Argument	xxx	predictive	Baixo
64	Argument	xxxxxx_xxxx	predictive	Médio
65	Argument	xx_xx	predictive	Baixo
66	Argument	xxxxx_xx	predictive	Médio
67	Argument	xxxxxxxx/xxxx	predictive	Alto
68	Argument	xxxxx	predictive	Baixo
69	Network Port	xxx/xxx (xxx)	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!