DazzleSpy Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (15)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en8
zh8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DazzleSpy1
Cobalt Strike1
ShadowPad1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Network Encryption Software2
E-Commerce Management Software2
Database Software2
Jenkins Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
DPTech2
osCommerce2
Baidu2
Ganglia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

RustDesk2
DPTech VPN2
osCommerce Online Merchant2
Baidu UEditor2
Ganglia Ganglia-web2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1RustDesk certificate validation7.67.6$0-$5k$0-$5kNot definedNot defined 0.001500.14CVE-2024-25140
2Baidu UEditor controller.php unrestricted upload4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.001570.14CVE-2024-7342
3TrueConf Server sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.145320.09CVE-2022-46764
4NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot definedOfficial fixpossible0.527580.06CVE-2022-0349
5AddToAny Share Buttons Plugin Image Button Setting cross site scripting2.42.3$0-$5k$0-$5kNot definedOfficial fix 0.001950.00CVE-2021-24616
6DPTech VPN information disclosure3.53.4$0-$5k$0-$5kNot definedNot defined 0.000730.02CVE-2022-34593
7Apache Tomcat Request Header information disclosure5.65.6$5k-$25k$0-$5kNot definedNot defined 0.110600.04CVE-2020-17527
8Ganglia Ganglia-web Remote Code Execution7.36.6$0-$5kCalculatingProof-of-ConceptOfficial fix 0.259600.07CVE-2012-3448
9Openfind Mail2000 Access Control privileges management6.06.0$0-$5k$0-$5kNot definedNot defined 0.004420.03CVE-2020-12776
10SourceCodester Guest Management System myform.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000630.00CVE-2022-2811
11osCommerce Online Merchant5.35.1$0-$5k$0-$5kNot definedOfficial fix 0.003280.07CVE-2012-2991
12Oracle Database Oracle Application Express5.45.2$5k-$25k$0-$5kNot definedOfficial fix 0.001850.00CVE-2020-2973
13Minio Console Operator Console missing authentication8.68.5$0-$5k$0-$5kNot definedOfficial fixpossible0.777460.00CVE-2021-41266
14Ubiquiti EdgeMAX EdgeRouter Firmware Update channel accessible8.17.7$0-$5k$0-$5kNot definedOfficial fix 0.005160.01CVE-2021-22909
15Active Choices Plugin cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.022820.03CVE-2021-21616

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
188.218.192.12888.218.192.128.static.xtom.comDazzleSpy03/05/2022verifiedLow

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
2T1068CAPEC-122CWE-269Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ueditor/php/controller.php?action=uploadfile&encode=utf-8predictiveHigh
2Filemyform.phppredictiveMedium
3ArgumentxxxxpredictiveLow
4Argumentxx_xxpredictiveLow
5ArgumentxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!