DreamBus 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (156)

言語

de	92
en	48
ja	12
es	2
zh	2

国・地域

us	124
jp	12
me	4
th	2
cn	2

アクター

DreamBus	5

関心

タイプ

Not Defined	62
Content Management System	20
Web Server	10
WordPress Plugin	6
Firewall Software	4

ベンダー

Not Defined	60
Apache	14
Oracle	8
thorsten	6
Google	4

製品

Apache HTTP Server	8
thorsten phpmyfaq	6
b2evolution	4
Django	4
Google Chrome	4

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	nginx 特権昇格	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	2.32	CVE-2020-12440
2	WikkaWiki wikka.php クロスサイトスクリプティング	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00263	0.00	CVE-2013-5586
3	OpenSSL OCSP Response OCSP_basic_verify 弱い認証	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00152	0.04	CVE-2022-1343
4	Apache Wicket クロスサイトスクリプティング	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00404	0.00	CVE-2011-2712
5	ClamAV Antivirus MIME Parser 特権昇格	6.8	6.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.01728	0.04	CVE-2019-15961
6	Omron CX-One CX-Programmer Password Storage 情報の漏洩	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.07	CVE-2015-0988
7	phpBB 情報の漏洩	9.8	8.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00269	0.00	CVE-2008-1766
8	Joomla CMS SQLインジェクション	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00264	0.05	CVE-2013-1453
9	jQuery IMG Element クロスサイトスクリプティング	5.2	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00115	0.42	CVE-2018-18405
10	Oracle PeopleSoft Enterprise PeopleTools Elastic Search 特権昇格	9.3	9.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00811	0.00	CVE-2022-1471
11	F5 BIG-IP Virtual Server 弱い暗号化	5.7	5.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00128	0.04	CVE-2019-6593
12	Hitachi Replication Manager Expression Language Remote Code Execution	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00129	0.00	CVE-2022-4146
13	SolidWorks Desktop DWG File メモリ破損	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00156	0.00	CVE-2023-2763
14	Schneider Electric StruxureWare Data Center DCE SQLインジェクション	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00050	0.00	CVE-2023-37196
15	Avast AntiVirus Driver aswSnx.sys サービス拒否	4.4	4.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-20118
16	Undici HTTP Header 特権昇格	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00110	0.00	CVE-2023-23936
17	FreeBSD Unix Domain Socket 特権昇格	8.3	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00045	0.00	CVE-2019-5596
18	Google Chrome Sandbox IPC 競合状態	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00248	0.00	CVE-2011-3080
19	administrate OAuth 未知の脆弱性	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00074	0.00	CVE-2016-3098
20	A-FTP Anonymous FTP Server Command メモリ破損	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Workaround	0.00241	0.00	CVE-2001-0794

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	1.46.6.1		DreamBus	2024年01月17日	verified	高
2	10.0.0.0		DreamBus	2023年06月28日	verified	高
3	92.204.243.155		DreamBus	2023年09月01日	verified	高
4	XX.XXX.XXX.XXX	xxxx.x.xxxxxxxxx.xx	Xxxxxxxx	2022年08月10日	verified	高
5	XX.XXX.XX.XX	xx-xxx-xx-xx.xx-xxxx.xxxxxxx.xxxx	Xxxxxxxx	2022年08月10日	verified	高
6	XXX.XXX.XX.XX	xxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxx	2022年08月10日	verified	高
7	XXX.XX.XXX.X		Xxxxxxxx	2023年06月28日	verified	高
8	XXX.XXX.XXX.XXX		Xxxxxxxx	2022年08月10日	verified	高
9	XXX.XXX.XXX.XXX	xxx.xx-xxx-xxx-xxx.xx	Xxxxxxxx	2022年08月10日	verified	高
10	XXX.XX.X.X		Xxxxxxxx	2023年06月28日	verified	高
11	XXX.XXX.X.X		Xxxxxxxx	2023年06月28日	verified	高

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX.XXX	CAPEC-16	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
9	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	高
10	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	高
12	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
13	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
14	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
15	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/config/getuser	predictive	高
2	File	/index.php?action=seomatic/file/seo-file-link	predictive	高
3	File	/librarian/bookdetails.php	predictive	高
4	File	/mgmt/tm/util/bash	predictive	高
5	File	/staff/bookdetails.php	predictive	高
6	File	/student/bookdetails.php	predictive	高
7	File	/text/pdf/PdfReader.java	predictive	高
8	File	xxx.xxx	predictive	低
9	File	xxxxx/xxxxxx.xxx/xxxxxx.xxx.xxx	predictive	高
10	File	xxxxxxx.xx	predictive	中
11	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
12	File	xxxxxxxxxx.xxx	predictive	高
13	File	xxxxxxxxxxxx.xxx	predictive	高
14	File	xxxxxxxxxxxxxxxxx.xxx	predictive	高
15	File	xxxxx-xxxxxx/xxxxxxxx/xxxx-xxxx.xx	predictive	高
16	File	xxxx_xxxx_xxxxxx.xxx	predictive	高
17	File	xxxx/xxxx	predictive	中
18	File	xxxx.xxx	predictive	中
19	File	xxxxxx/xxxxx	predictive	中
20	File	xxx/xxxxx/xxxxx.xxxx.xxx	predictive	高
21	File	xxxxxxx.xx	predictive	中
22	File	xxxxxx/xxxxxxxxxxx.xxx	predictive	高
23	File	xxx_xxxxx_xxxxx.x	predictive	高
24	File	xxxxxx/xxxxxxx/xxxxxxxxx/xxx/xxxxx_xxx.xxx	predictive	高
25	File	xxxxx-xxxxxxx/xxx/xxxxx/xxxx_xxxxx/	predictive	高
26	File	xxxxxxxx.x	predictive	中
27	File	xxxxxxxx_xxxxxx.xxx	predictive	高
28	File	xxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxx	predictive	高
29	File	xxxx.xxx	predictive	中
30	File	xxxx.xxx	predictive	中
31	File	xxxxx.xxx	predictive	中
32	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxx	predictive	高
33	Library	xxxxxxxx.xxx	predictive	中
34	Library	xxxxxx.xxx	predictive	中
35	Library	xxx/xxxxxxxx/xxxx.xxx	predictive	高
36	Argument	xxxxx_xx/xxxxx	predictive	高
37	Argument	xxxx_xxxxxxxx	predictive	高
38	Argument	xxxxxx	predictive	低
39	Argument	xxx_xxx	predictive	低
40	Argument	xxxx	predictive	低
41	Argument	xx_xxxxxxxx	predictive	中
42	Argument	xxxxxxxxx	predictive	中
43	Argument	xx	predictive	低
44	Argument	xx	predictive	低
45	Argument	xxxxxx	predictive	低
46	Argument	xxxxxxx	predictive	低
47	Argument	xxxxx_xx	predictive	中
48	Argument	xxxxxxxxx	predictive	中
49	Argument	xxxx_xxxxxx	predictive	中
50	Argument	xxxxxxxx	predictive	中
51	Argument	xxx_xx	predictive	低
52	Argument	xxx	predictive	低
53	Argument	xxxx	predictive	低
54	Argument	xxxx_xxxxxx/xxxxxx/xxxxxx	predictive	高
55	Argument	xxx	predictive	低
56	Argument	xxxx	predictive	低
57	Argument	xxxxx	predictive	低
58	Input Value	' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	高
59	Input Value	..\/	predictive	低
60	Network Port	xxx/xxxx	predictive	中

参考 (6)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!