Oto Gonderici 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

语言

en	62
fr	4
ru	2
de	2

国家/地区

us	18
ru	2
fr	2
es	2
cz	2

演员

Oto Gonderici	3
Alien	1

利益

类型

Not Defined	34
Web Server	4
Web Browser	4
Smartphone Operating System	4
Firewall Software	4

供应商

Not Defined	16
Huawei	4
Microsoft	4
Google	4
Apple	4

产品

Microsoft IIS	4
Google Chrome	4
Apple iOS	4
Apple iPadOS	4
Dell EMC iDRAC9	4

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	ABUS TVIP 20000-21150 Metacharacter wireless_mft 权限升级	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01034	0.05	CVE-2023-26609
2	Free5gc NAS Message 拒绝服务	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.00	CVE-2022-38871
3	Qualcomm Snapdragon Consumer IOT Meta Image 内存损坏	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.00	CVE-2021-1899
4	Qualcomm Snapdragon Auto Display 内存损坏	7.8	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2021-1900
5	IBM Cognos Analytics 跨网站请求伪造	4.3	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00153	0.00	CVE-2021-38886
6	Huawei ACXXXX/SXXXX SSH Packet 权限升级	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.02	CVE-2014-8572
7	Mambo CMS thumbs.php Path 目录遍历	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00120	0.02	CVE-2013-2565
8	Mutare Voice getfile.asp 权限升级	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00616	0.00	CVE-2021-27236
9	Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility 弱加密	1.9	1.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2021-21547
10	Parallels Desktop Toolgate 内存损坏	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00050	0.00	CVE-2021-31420
11	Dell EMC iDRAC9 Configuration 内存损坏	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00158	0.00	CVE-2021-21540
12	Samsung SmartThings Port 拒绝服务	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2021-25378
13	Cisco Small Business RV Series Router Link Layer Discovery Protocol 内存损坏	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00070	0.00	CVE-2021-1251
14	Kagemai 跨网站脚本	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00115	0.00	CVE-2021-20685
15	Qualcomm Snapdragon Auto RTCP Packet 拒绝服务	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2020-11255
16	RTA 499ES EtherNet-IP Adaptor Source Code 内存损坏	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00489	0.00	CVE-2020-25159
17	Apple iOS/iPadOS CoreText 信息公开	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.01679	0.00	CVE-2021-1792
18	Apple iOS/iPadOS 拒绝服务	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00062	0.00	CVE-2021-1773
19	arenavec Crate default 拒绝服务	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00162	0.00	CVE-2021-29930
20	Synology DiskStation Manager SYNO.Core.Network.PPPoE 权限升级	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00072	0.02	CVE-2021-29083

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	51.15.225.63	63-225-15-51.instances.scw.cloud	Oto Gonderici	2021-05-31	verified	高
2	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxxxxxx.xxx.xxxxx	Xxx Xxxxxxxxx	2021-05-31	verified	高
3	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxx Xxxxxxxxx	2021-05-31	verified	高
4	XX.XX.XXX.XXX	xxxxx.xx-xx-xx-xxx.xx	Xxx Xxxxxxxxx	2021-05-31	verified	高

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	T1068	CWE-269	Execution with Unnecessary Privileges	predictive	高
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
10	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
12	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
13	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
14	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/cgi-bin/mft/wireless_mft	predictive	高
2	File	/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php	predictive	高
3	File	audiohd.exe	predictive	中
4	File	C:\Windupdt	predictive	中
5	File	x:\x_xxxxxxx	predictive	中
6	File	xxx-xxx/xxxxxxx	predictive	高
7	File	xxxxxxxx.xxx/xxxxxxx_xxxxxx.xxx	predictive	高
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
9	File	xxx/xxxxxxxx/xxxx_xxxxx.x	predictive	高
10	File	xxxxxxx.xxx	predictive	中
11	File	xxxxxx	predictive	低
12	File	xxxxxx.xxx	predictive	中
13	File	xxx.x	predictive	低
14	Library	xxxxxxxxx.xxx	predictive	高
15	Library	xxxxxxxxxx.xxx	predictive	高
16	Argument	xx	predictive	低
17	Argument	xx	predictive	低
18	Argument	xxxxxxx	predictive	低
19	Argument	xxxx_xxxx	predictive	中
20	Argument	xxxxxxxx	predictive	中
21	Argument	xxxxxx	predictive	低
22	Input Value	%xxx%xxxxxxxxx%xxxxxxx(x)>%xx	predictive	高
23	Input Value	.x./	predictive	低
24	Input Value	::$xxxxx_xxxxxxxxxx	predictive	高
25	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!