OnionDog Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Язык

en	54

Страна

kr	32
us	22

Акторы

OnionDog	1

Интерес

Тип

Smartphone Operating System	12
Not Defined	10
Operating System	8
Web Browser	6
Virtualization Software	4

Поставщик

Google	12
Microsoft	6
Linux	4
Huawei	4
Adobe	4

Продукт

Google Android	10
Linux Kernel	4
Microsoft Windows	4
Microsoft Internet Explorer	2
Microsoft Edge	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Adobe Acrobat Reader Image Conversion повреждение памяти	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01971	0.00	CVE-2018-4916
2	Huawei HG8245H URL раскрытие информации	7.4	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00167	0.05	CVE-2017-15328
3	Google Chrome v8 эскалация привилегий	7.5	7.1	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.23564	0.02	CVE-2016-9651
4	CPU Speculative Execution Meltdown раскрытие информации	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97384	0.03	CVE-2017-5754
5	Mozilla Firefox WebRTC эскалация привилегий	5.3	4.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00461	0.00	CVE-2014-1586
6	Tobesoft NEXACRO17 execDefaultBrowser эскалация привилегий	7.7	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00528	0.03	CVE-2021-26607
7	JetBrains IntelliJ IDEA Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00221	0.04	CVE-2021-45977
8	Oracle Communications Network Charging and Control Common отказ в обслуживании	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00254	0.00	CVE-2022-35737
9	TeamViewer TVS File Parser раскрытие информации	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00184	0.00	CVE-2021-34858
10	logback Configuration File эскалация привилегий	5.3	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01555	0.00	CVE-2021-42550
11	Combodo iTop Configuration File эскалация привилегий	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00652	0.09	CVE-2019-11215
12	Artifex MuPDF PDF File pdf-xref.c pdf_read_new_xref повреждение памяти	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00269	0.00	CVE-2018-6192
13	VMware ESXi/Workstation/Fusion SVGA раскрытие информации	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00077	0.03	CVE-2018-6974
14	PHP 404 Error Page phar_object.c Reflected межсайтовый скриптинг	5.2	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03788	0.00	CVE-2018-10547
15	CPUID CPU-Z Kernel-Mode Driver повреждение памяти	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2017-15303
16	Microsoft Access повреждение памяти	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.29279	0.00	CVE-2018-0903
17	Wind River VxWorks TCP Initial Sequence Number эскалация привилегий	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02370	0.05	CVE-2015-3963
18	Oracle VM VirtualBox эскалация привилегий	8.6	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00082	0.00	CVE-2018-2690
19	Adobe Flash Player раскрытие информации	6.9	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00569	0.05	CVE-2018-4871
20	Google Android System эскалация привилегий	7.0	6.3	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00306	0.07	CVE-2017-13209

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Актор	Identified	Тип	Уверенность
1	112.169.154.65	OnionDog	23.12.2020	verified	Высокий
2	121.133.8.2	OnionDog	23.12.2020	verified	Высокий
3	XXX.XXX.XXX.X	Xxxxxxxx	23.12.2020	verified	Высокий
4	XXX.XXX.XXX.XXX	Xxxxxxxx	23.12.2020	verified	Высокий
5	XXX.XXX.XXX.X	Xxxxxxxx	23.12.2020	verified	Высокий
6	XXX.XXX.XXX.XX	Xxxxxxxx	23.12.2020	verified	Высокий
7	XXX.XX.XXX.X	Xxxxxxxx	23.12.2020	verified	Высокий
8	XXX.XXX.XX.XXX	Xxxxxxxx	23.12.2020	verified	Высокий
9	XXX.XXX.XXX.X	Xxxxxxxx	23.12.2020	verified	Высокий
10	XXX.XXX.XXX.XX	Xxxxxxxx	23.12.2020	verified	Высокий

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Высокий
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Высокий
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
4	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
5	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/proc/<pid>/status	predictive	Высокий
2	File	/var/passwd	predictive	Средний
3	File	ext/phar/phar_object.c	predictive	Высокий
4	File	xxxxxx/xxx/xxxxxxx.xxx	predictive	Высокий
5	File	xxxxxx/xxxxxx/xxxx.x	predictive	Высокий
6	File	xxxx.xxx	predictive	Средний
7	File	xxxxxxxxx/xxxxx.xxx	predictive	Высокий
8	File	xxx/xxx-xxxx.x	predictive	Высокий
9	File	xxxx.xxx	predictive	Средний
10	Argument	xxxxxx	predictive	Низкий
11	Argument	xxxxxxx_x	predictive	Средний
12	Argument	xx	predictive	Низкий
13	Argument	xxxxxxxx	predictive	Средний
14	Input Value	xxxxxxx_xxxxx.xxxxxxx_xxxxxxx	predictive	Высокий
15	Network Port	xxx/xx (xxxxxx)	predictive	Высокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!