Tomiris Анализ

IOB - Indicator of Behavior (34)

Временная шкала

Язык

en30
sv2
ja2

Страна

us18
ru4
gb4

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

Linux Kernel6
nginx2
ningzichun Student Management System2
Grafana2
Abstrium Pydio Cells2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1PRTG Network Monitor login.htm эскалация привилегий8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00288CVE-2018-19410
2Mikrotik RouterOS SNMP раскрытие информации8.07.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00307CVE-2022-45315
3nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.110.00241CVE-2020-12440
4Abstrium Pydio Cells Change Subscription эскалация привилегий6.36.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00061CVE-2023-2978
5ningzichun Student Management System Password Reset resetPassword.php эскалация привилегий7.67.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00294CVE-2023-3007
6Campcodes Online Thesis Archiving System manage_user.php sql-инъекция7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00073CVE-2023-2149
7Odoo Community/Enterprise Database Manager эскалация привилегий8.58.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00391CVE-2018-14885
81C:Enterprise URL Parameter раскрытие информации5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00168CVE-2021-3131
9Hikvision Wwireless Bridge Web Server эскалация привилегий7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00142CVE-2022-28173
10Microsoft Windows SMB раскрытие информации6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00876CVE-2021-36960
11Microsoft Windows SMB эскалация привилегий7.77.1$25k-$100k$0-$5kHighOfficial Fix0.000.97446CVE-2017-0144
12Microsoft Windows SMB Client Security Feature раскрытие информации4.33.8$25k-$100k$0-$5kUnprovenOfficial Fix0.000.00569CVE-2021-31205
13Synology DiskStation Manager Web Interface info.cgi Reflected межсайтовый скриптинг5.55.1$0-$5kРасчетProof-of-ConceptWorkaround0.030.00000
14Grafana Dashboard обход каталога3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00226CVE-2022-32275
15Online Student Admission sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00172CVE-2022-28467
16PHP EXIF exif_process_IFD_in_MAKERNOTE повреждение памяти7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00477CVE-2019-9639
17Mini-Inventory-and-Sales-Management-System Inventory неизвестная уязвимость3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00044CVE-2021-44321
18JFrog Artifactory upload эскалация привилегий8.57.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.10181CVE-2016-10036
19TightVNC InitialiseRFBConnection повреждение памяти8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01927CVE-2019-15679
20Linux Kernel Patch CVE-2020-14356 повреждение памяти6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00045CVE-2020-25220

Кампании (1)

These are the campaigns that can be associated with the actor:

  • Tomiris

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
151.195.68.217time1.lyhuao.comTomiris30.09.2021verifiedВысокий
2XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxx30.09.2021verifiedВысокий
3XXX.XXX.XXX.XXxxxx.xxXxxxxxx30.09.2021verifiedВысокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-23Path TraversalpredictiveВысокий
2T1059.007CWE-80Cross Site ScriptingpredictiveВысокий
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
5TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/admin/user/manage_user.phppredictiveВысокий
2File/cgi-bin/webadminget.cgipredictiveВысокий
3File/opt/teradata/gsctools/bin/t2a.plpredictiveВысокий
4File/xxxxxx/xxxxx.xxxpredictiveВысокий
5File/xxxxxx/xxxx.xxxpredictiveВысокий
6Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictiveВысокий
7Filexxxx.xxxpredictiveСредний
8Filexxx/xxxxx.xxxxpredictiveВысокий
9Filexxxxxxx.xxxpredictiveСредний
10Filexxxxxxxxxxxxx.xxxpredictiveВысокий
11Filexxxxxx.xpredictiveСредний
12Filexx/xxxxxxxx/xxxxxxpredictiveВысокий
13Argumentxxxx_xxxpredictiveСредний
14Argumentxxxx/xxxxxx/xxxpredictiveВысокий
15ArgumentxxpredictiveНизкий
16Argumentxxxxxxx_xxxpredictiveСредний
17ArgumentxxxpredictiveНизкий
18ArgumentxxxxxxxxxxxxxxxxpredictiveВысокий
19ArgumentxxxpredictiveНизкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!