Oto Gonderici Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (70)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en64
ru2
de2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
ir2
ru2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Oto Gonderici3
Havoc1
Alien1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Programming Language Software6
Content Management System4
Web Browser4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft8
Dell EMC6
Huawei4
Mambo2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dell EMC iDRAC94
PHP4
Microsoft IIS4
Huawei ACXXXX2
Huawei SXXXX2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1ABUS TVIP 20000-21150 Metacharacter wireless_mft os command injection6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.010340.05CVE-2023-26609
2Free5gc NAS Message resource consumption6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000700.00CVE-2022-38871
3Qualcomm Snapdragon Consumer IOT Meta Image buffer overflow4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2021-1899
4Qualcomm Snapdragon Auto Display use after free7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2021-1900
5IBM Cognos Analytics cross-site request forgery4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001530.00CVE-2021-38886
6Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
7Mambo CMS thumbs.php Path path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001200.02CVE-2013-2565
8Mutare Voice getfile.asp file inclusion8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006160.00CVE-2021-27236
9Dell EMC Unity/UnityVSA/Unity XT Upgrade Readiness Utility cleartext storage1.91.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-21547
10Parallels Desktop Toolgate stack-based overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2021-31420
11Dell EMC iDRAC9 Configuration stack-based overflow6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2021-21540
12Samsung SmartThings Port denial of service3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-25378
13Cisco Small Business RV Series Router Link Layer Discovery Protocol memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2021-1251
14Kagemai cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2021-20685
15Qualcomm Snapdragon Auto RTCP Packet denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2020-11255
16RTA 499ES EtherNet-IP Adaptor Source Code stack-based overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.004890.00CVE-2020-25159
17Apple iOS/iPadOS CoreText out-of-bounds6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.016790.00CVE-2021-1792
18Apple iOS/iPadOS denial of service6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2021-1773
19arenavec Crate default uninitialized pointer3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001620.00CVE-2021-29930
20Synology DiskStation Manager SYNO.Core.Network.PPPoE os command injection7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.02CVE-2021-29083

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.15.225.6363-225-15-51.instances.scw.cloudOto Gonderici05/31/2021verifiedHigh
2XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxxxxx.xxx.xxxxxXxx Xxxxxxxxx05/31/2021verifiedHigh
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxx Xxxxxxxxx05/31/2021verifiedHigh
4XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxx Xxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3T1068CAPEC-122CWE-269Execution with Unnecessary PrivilegespredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/mft/wireless_mftpredictiveHigh
2File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictiveHigh
3Fileaudiohd.exepredictiveMedium
4FileC:\WindupdtpredictiveMedium
5Filex:\x_xxxxxxxpredictiveMedium
6Filexxx-xxx/xxxxxxxpredictiveHigh
7Filexxxxxxxx.xxx/xxxxxxx_xxxxxx.xxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
10Filexxxxxxx.xxxpredictiveMedium
11FilexxxxxxpredictiveLow
12Filexxxxxx.xxxpredictiveMedium
13Filexxx.xpredictiveLow
14Libraryxxxxxxxxx.xxxpredictiveHigh
15Libraryxxxxxxxxxx.xxxpredictiveHigh
16ArgumentxxpredictiveLow
17ArgumentxxpredictiveLow
18ArgumentxxxxxxxpredictiveLow
19Argumentxxxx_xxxxpredictiveMedium
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxxpredictiveLow
22Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveHigh
23Input Value.x./predictiveLow
24Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
25Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!