OnePercent Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (187)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en142
sv16
it12
de10
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us124
ir22
sv16
ru8
it8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

OnePercent6
RecordBreaker1
Stantinko1
Baldr1
Dridex1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Operating System14
Content Management System12
Web Server6
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined42
Microsoft14
Cisco4
Openshift2
Sun2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
PHP6
Microsoft IIS4
WordPress4
Wheatblog2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2Tiki TikiWiki tiki-editpage.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011940.03CVE-2004-1386
3WPS Hide Login Plugin Secret Login Page options.php access control6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.029330.07CVE-2021-24917
4Apple Mac OS X TCP/IP Stack denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.036670.03CVE-2004-0171
5MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.78CVE-2007-0354
6Zipato Zipabox Smart Home Controller information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.004230.00CVE-2018-15125
7Samsung SCX-6x55X Syncthru Web Service source code4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001450.01CVE-2021-42913
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.19CVE-2010-0966
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.38CVE-2016-6210
10Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.16CVE-2017-0055
11Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.06CVE-2014-4078
12PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.00CVE-2007-1287
13PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
14Matt Martz & Andy Stratton Page Restrict Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.02CVE-2024-24702
15nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.75CVE-2020-12440
16Google Android Linkify.java addLinks access control7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000980.00CVE-2019-2003
17Adobe Magento Mage-Messages Cookie cross site scripting2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001870.03CVE-2021-28556
18GitHub Enterprise Server GraphQL API authorization8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001830.03CVE-2022-23739
19Mitsubishi Electric Factory Automation path traversal7.37.2$0-$5k$0-$5kNot DefinedNot Defined0.011170.00CVE-2020-14523
20TP-Link WR886N httpd Service PingIframeRpm.htm buffer overflow5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000690.04CVE-2021-44864

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.187.64.199sophia.onebusinessdesign.infoOnePercent08/26/2021verifiedHigh
280.82.67.221OnePercent08/26/2021verifiedHigh
3XXX.XXX.XXX.XXXxxxxxxxxx08/26/2021verifiedHigh
4XXX.XXX.XXX.XXXXxxxxxxxxx08/26/2021verifiedHigh
5XXX.XXX.XXX.XXXXxxxxxxxxx08/26/2021verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxx08/26/2021verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxxxx08/26/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/downloadpredictiveMedium
3File/forum/away.phppredictiveHigh
4File/port_3480/data_requestpredictiveHigh
5File/uncpath/predictiveMedium
6File/userRpm/PingIframeRpm.htmpredictiveHigh
7File/wp-admin/options.phppredictiveHigh
8Fileadclick.phppredictiveMedium
9Filexxx_xxxxxxx.xxxpredictiveHigh
10Filexxxxx/xxxxx.xxx?x=xx_xxx&x=xxxxx&x=xxxxx&x=xxxxx_xxxx_xxxxxxx&xxxxx=xxxx&xxxxx=xpredictiveHigh
11Filexxx.xxxpredictiveLow
12Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx-xxxx.xpredictiveMedium
14Filexxxxxxxxxxx.xxxpredictiveHigh
15Filexxx.xxxpredictiveLow
16Filexxxxxxxxx-xxxxxxx.xxxpredictiveHigh
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xpredictiveLow
19Filexxxxxxx/xxx/xxx/xxx_xxxx.xpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxxpredictiveHigh
24Filexxxxxxx.xxxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26FilexxxxpredictiveLow
27Filexxxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxx_xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxpredictiveMedium
31Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxx-xxxxxxxx.xxxpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxx/xxxxxxxxpredictiveHigh
40Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
41Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveHigh
42Filexx-xxxxxxxxx.xxxpredictiveHigh
43Libraryxxxxxxxxxxxx.xxxpredictiveHigh
44Libraryxxx/xxx.xpredictiveMedium
45Libraryxxx/xxx.xpredictiveMedium
46Libraryxxxxxxx.xxxpredictiveMedium
47Argumentxxxxx_xxxxxxxxpredictiveHigh
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxpredictiveLow
50ArgumentxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
53ArgumentxxxxpredictiveLow
54Argumentxxxxxxxxx xxxxpredictiveHigh
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxxpredictiveMedium
58ArgumentxxpredictiveLow
59ArgumentxxxxpredictiveLow
60ArgumentxxxxxxxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62Argumentxxxx_xxxxpredictiveMedium
63ArgumentxxxpredictiveLow
64Argumentxxxxxx_xxxxpredictiveMedium
65Argumentxx_xxpredictiveLow
66Argumentxxxxx_xxpredictiveMedium
67Argumentxxxxxxxx/xxxxpredictiveHigh
68ArgumentxxxxxpredictiveLow
69Network Portxxx/xxx (xxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!