OnePercent Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (187)

Временная шкала

Язык

en152
sv12
de8
es6
it4

Страна

us140
sv12
ir12
ru8
cn6

Акторы

OnePercent6
Stantinko1
Baldr1
Dridex1
Echobot1

Деятельность

Интерес

Временная шкала

Тип

Not Defined36
Content Management System16
Programming Language Software6
Operating System6
Web Server4

Поставщик

Not Defined46
Microsoft6
Apache4
Google2
Pivotal2

Продукт

PHP6
MediaWiki6
Microsoft Windows4
Apache Tomcat4
Google Chrome2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Tiki TikiWiki tiki-editpage.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.01194CVE-2004-1386
3WPS Hide Login Plugin Secret Login Page options.php эскалация привилегий6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.02933CVE-2021-24917
4Apple Mac OS X TCP/IP Stack отказ в обслуживании5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.03667CVE-2004-0171
5MGB OpenSource Guestbook email.php sql-инъекция7.37.3$0-$5k$0-$5kHighUnavailable0.970.01302CVE-2007-0354
6Zipato Zipabox Smart Home Controller раскрытие информации6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00423CVE-2018-15125
7Samsung SCX-6x55X Syncthru Web Service раскрытие информации4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.010.00145CVE-2021-42913
8DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.010.00943CVE-2010-0966
9OpenSSH Authentication Username раскрытие информации5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
10Microsoft IIS межсайтовый скриптинг5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
11Microsoft IIS IP/Domain Restriction эскалация привилегий6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.000.00817CVE-2014-4078
12PHP phpinfo межсайтовый скриптинг4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.230.02101CVE-2007-1287
13PHP phpinfo межсайтовый скриптинг6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.08985CVE-2006-0996
14Matt Martz & Andy Stratton Page Restrict Plugin неизвестная уязвимость4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.030.00043CVE-2024-24702
15nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.140.00241CVE-2020-12440
16Google Android Linkify.java addLinks эскалация привилегий7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00098CVE-2019-2003
17Adobe Magento Mage-Messages Cookie межсайтовый скриптинг2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00187CVE-2021-28556
18GitHub Enterprise Server GraphQL API эскалация привилегий8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00161CVE-2022-23739
19Mitsubishi Electric Factory Automation обход каталога7.37.2$0-$5k$0-$5kNot DefinedNot Defined0.000.01117CVE-2020-14523
20TP-Link WR886N httpd Service PingIframeRpm.htm повреждение памяти5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00069CVE-2021-44864

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
131.187.64.199sophia.onebusinessdesign.infoOnePercent26.08.2021verifiedВысокий
280.82.67.221OnePercent26.08.2021verifiedВысокий
3XXX.XXX.XXX.XXXxxxxxxxxx26.08.2021verifiedВысокий
4XXX.XXX.XXX.XXXXxxxxxxxxx26.08.2021verifiedВысокий
5XXX.XXX.XXX.XXXXxxxxxxxxx26.08.2021verifiedВысокий
6XXX.XX.XXX.XXXxxxxxxxxx26.08.2021verifiedВысокий
7XXX.XXX.XXX.XXXXxxxxxxxxx26.08.2021verifiedВысокий

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1059CWE-94Argument InjectionpredictiveВысокий
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/+CSCOE+/logon.htmlpredictiveВысокий
2File/downloadpredictiveСредний
3File/forum/away.phppredictiveВысокий
4File/port_3480/data_requestpredictiveВысокий
5File/uncpath/predictiveСредний
6File/userRpm/PingIframeRpm.htmpredictiveВысокий
7File/wp-admin/options.phppredictiveВысокий
8Fileadclick.phppredictiveСредний
9Filexxx_xxxxxxx.xxxpredictiveВысокий
10Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xpredictiveВысокий
11Filexxx.xxxpredictiveНизкий
12Filexxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
13Filexxxx-xxxx.xpredictiveСредний
14Filexxxxxxxxxxx.xxxpredictiveВысокий
15Filexxx.xxxpredictiveНизкий
16Filexxxxxxxxx-xxxxxxx.xxxpredictiveВысокий
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
18Filexxxxx.xpredictiveНизкий
19Filexxxxxxx/xxx/xxx/xxx_xxxx.xpredictiveВысокий
20Filexxxxx.xxxpredictiveСредний
21Filexxxx.xxxpredictiveСредний
22Filexxx/xxxxxx.xxxpredictiveВысокий
23Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxxpredictiveВысокий
24Filexxxxxxx.xxxxpredictiveСредний
25Filexxxxx.xxxpredictiveСредний
26FilexxxxpredictiveНизкий
27Filexxxx.xxxpredictiveСредний
28Filexxxxxxx.xxxpredictiveСредний
29Filexxxxxxx_xxxxxx.xxxpredictiveВысокий
30Filexxxxxxxx.xxpredictiveСредний
31Filexxxxxxxx_xxxxxx.xxxpredictiveВысокий
32Filexxxxx.xxxpredictiveСредний
33Filexxxxxx.xxxpredictiveСредний
34Filexxxxxxxxxxxx.xxxpredictiveВысокий
35Filexxxx-xxxxxxxx.xxxpredictiveВысокий
36Filexxxxxx.xxxpredictiveСредний
37Filexxxxxx.xxxpredictiveСредний
38Filexxxxxx.xxxpredictiveСредний
39Filexxxxx/xxxxxxxxpredictiveВысокий
40Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveВысокий
41Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveВысокий
42Filexx-xxxxxxxxx.xxxpredictiveВысокий
43Libraryxxxxxxxxxxxx.xxxpredictiveВысокий
44Libraryxxx/xxx.xpredictiveСредний
45Libraryxxx/xxx.xpredictiveСредний
46Libraryxxxxxxx.xxxpredictiveСредний
47Argumentxxxxx_xxxxxxxxpredictiveВысокий
48ArgumentxxxxxxxxpredictiveСредний
49ArgumentxxxxxpredictiveНизкий
50ArgumentxxxpredictiveНизкий
51ArgumentxxxxxxxxpredictiveСредний
52ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveВысокий
53ArgumentxxxxpredictiveНизкий
54Argumentxxxxxxxxx xxxxpredictiveВысокий
55ArgumentxxxxxxpredictiveНизкий
56ArgumentxxxxpredictiveНизкий
57ArgumentxxxxxxxxxpredictiveСредний
58ArgumentxxpredictiveНизкий
59ArgumentxxxxpredictiveНизкий
60ArgumentxxxxxxxpredictiveНизкий
61ArgumentxxxxxxxxpredictiveСредний
62Argumentxxxx_xxxxpredictiveСредний
63ArgumentxxxpredictiveНизкий
64Argumentxxxxxx_xxxxpredictiveСредний
65Argumentxx_xxpredictiveНизкий
66Argumentxxxxx_xxpredictiveСредний
67Argumentxxxxxxxx/xxxxpredictiveВысокий
68ArgumentxxxxxpredictiveНизкий
69Network Portxxx/xxx (xxx)predictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!