Omni Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (182)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en144
zh26
ru6
fr4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn52
us24
ru12
pw8
ir4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Omni2
Conti1
Silence1
PsiXBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined74
Content Management System22
Web Browser10
Operating System8
WordPress Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined78
Microsoft12
Apple8
VMware4
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress18
Apple Safari6
Linux Kernel4
Joomla CMS4
Ansible4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2023-2617
2Python mailcap Module os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.28CVE-2015-20107
3OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeHanziSegment memory leak6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.06CVE-2023-2618
4Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.12CVE-2017-0055
5Novel-Plus list sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.08CVE-2024-0655
6cPanel chkservd Test Credential insufficiently protected credentials9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003090.00CVE-2020-26105
7Popup Maker Plugin do_action authorization8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.112020.02CVE-2019-17574
8ectd Gateway TLS Authentication discoverEndpoints improper authentication6.05.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001770.00CVE-2020-15136
9Microsoft ASP.NET Cryptographic Padding Oracle cryptographic issues4.84.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.969290.00CVE-2010-3332
10Secomea SiteManager-Embedded use after free6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-2912
11SourceCodester Online Pizza Ordering System index.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2023-0883
12pgAdmin Privilege Escalation7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.05CVE-2023-5002
13Redis integer overflow8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.005720.04CVE-2021-21309
14SentCMS upload unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.118390.04CVE-2022-24651
15PHPEMS Session Data session.cls.php deserialization7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.005420.06CVE-2023-6654
16Synology BC500/TC500 CGI format string8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001140.00CVE-2023-5746
17xxl-job-admin save Privilege Escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2023-48089
18Apache Commons FileUpload Request Part allocation of resources5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.033590.09CVE-2023-24998
19Adminer adminer.php server-side request forgery7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020920.05CVE-2021-21311
20TightVNC Files privileges management8.48.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001720.05CVE-2023-27830

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.15.106.135135-106-15-51.instances.scw.cloudOmni02/12/2022verifiedHigh
2XXX.XXX.XXX.XXXxxxx.xx.xxxxxxxx.xxxXxxx02/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/skelpredictiveMedium
2File/novel/bookSetting/listpredictiveHigh
3File/php-opos/index.phppredictiveHigh
4File/rom-0predictiveLow
5File/uncpath/predictiveMedium
6File/uploads/tags.phppredictiveHigh
7File/user/upload/uploadpredictiveHigh
8File/xxx-xxx-xxxxx/xxxxxxx/xxxxpredictiveHigh
9Filexxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxxpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxxx\xxxxx.xxxpredictiveHigh
12Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
13Filexxx.xxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxxxxxxxx.xxx.xxxpredictiveHigh
15Filexxxx.xxpredictiveLow
16Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.xpredictiveHigh
17Filexxx_xxxx.xpredictiveMedium
18Filexxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxx.xxxpredictiveHigh
20Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictiveHigh
21Filexxxxx.xxx.xxxpredictiveHigh
22Filexx_xxx.xpredictiveMedium
23Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
24Filexxx_xxxxxx.xpredictiveMedium
25Filexxx/xxxxx.xxxxpredictiveHigh
26Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveHigh
27Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx/xxx/xxx/xxx_xxxx.xpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxxxxxx/xxx/xxxxxxxpredictiveHigh
32Filexx-xxx.xxxpredictiveMedium
33Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
34Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
35Filexx-xxxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Libraryxxx/xxxxxxx.xxx.xxxpredictiveHigh
38Libraryxxxxxxx.xxxpredictiveMedium
39Argument$xxx_xxxx)predictiveMedium
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxpredictiveLow
42Argumentxxxx_xxpredictiveLow
43ArgumentxxxxxxxxxxxxxpredictiveHigh
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxxxxxxpredictiveMedium
46ArgumentxxpredictiveLow
47Argumentxxxxxxxxx_xxxxpredictiveHigh
48ArgumentxxxpredictiveLow
49ArgumentxxxxxxxpredictiveLow
50ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
51ArgumentxxxxxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxxxpredictiveMedium
54Argumentxxx_xxxxxpredictiveMedium
55ArgumentxxxpredictiveLow
56Network Portxxx/xxx (xxxx)predictiveHigh
57Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!