Dfni Analysis

IOB - Indicator of Behavior (24)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us10
ua8
de2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dfni2
BEAR1
GreyEnergy1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
WordPress Plugin4
Social Network Software2
Web Browser2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
APC4
IBM2
Grid20002
Mozilla2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP Everywhere Plugin4
IBM Security AppScan Enterprise2
Grid2000 Flexcell Grid Control2
Add Link to Facebook Plugin2
SuiteCRM2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1IBM Security AppScan Enterprise Enterprise Source Database cryptographic issues9.88.5$5k-$25kCalculatingUnprovenOfficial Fix0.050.01055CVE-2013-3989
2PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01086CVE-2022-24663
3Add Link to Facebook Plugin profile.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2018-5214
4ThinkPHP unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-44289
5SuiteCRM Accounts/Contacts/Opportunities/Leads csv injection6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-15301
6cocoapods-downloader argument injection6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02055CVE-2022-21223
7PHP Everywhere Plugin Metabox Privilege Escalation8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01086CVE-2022-24664
8APC UPS Network Management Card 2 AOS Remote Monitoring Credentials insufficiently protected credentials7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2018-7820
9APC Switched Rack Pdu improper authentication7.56.6$0-$5k$0-$5kUnprovenUnavailable0.010.01213CVE-2007-6226
10Dropbear SSH dropbearconvert input validation8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02578CVE-2016-7407
11Dropbear SSH input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.05785CVE-2016-7406
12Supermicro H8dgu-f Intelligent Platform Management Interface PrivilegeCallBack input validation9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.01319CVE-2013-3609
13Drupal permission assignment5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00890CVE-2017-6928
14D-Link DCS-930L/DCS-932L Authentication information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00000
15Web-Dorado Photo Gallery by WD - Responsive Photo Gallery photo-gallery.php bwg_edit_tag sql injection5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2017-12977
16Mozilla Firefox Address Bar authentication spoofing5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000.01213CVE-2014-1527
17Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2015-0988
18Oracle Primavera Contract Management Web Access commons-beanutils-1.8.0.jar input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.010.84390CVE-2014-0114
19Grid2000 Flexcell Grid Control ActiveX Control FlexCell.ocx privileges management9.88.5$0-$5k$0-$5kUnprovenOfficial Fix0.000.06523CVE-2008-5404
20Juniper Junos J-Web improper authentication9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01136CVE-2016-1279

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.149.248.134DfniverifiedHigh
2XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-88Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1FileFlexCell.ocxpredictiveMedium
2Filephoto-gallery.phppredictiveHigh
3Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
4Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHigh
5Argumentxxxxx_xxxxxxxx_xxpredictiveHigh
6ArgumentxxpredictiveLow
7Argumentxxx_xxpredictiveLow
8ArgumentxxxxpredictiveLow
9Argumentxxxxxxxx/xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!