Dharma Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en978
sv16
de4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA56
GB: Great Britain4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dharma3
Ave Maria1
TrickBot1
DNSpionage1
Cardinal RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined134
Web Browser40
Mail Client Software32
WordPress Plugin24
Router Operating System24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined118
Mozilla72
Huawei26
Tenda20
Microsoft6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox34
Mozilla Thunderbird32
Huawei HarmonyOS26
Tenda F120316
OpenImageIO14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.004990.15CVE-2006-3681
2smoothie cross site scripting5.05.0$0-$5k$0-$5kNot definedOfficial fix 0.001290.05CVE-2022-25929
3Fuji Electric Tellus Lite V-Simulator out-of-bounds write8.38.1$0-$5k$0-$5kNot definedOfficial fix 0.000400.05CVE-2022-3087
4Wp Social Plugin information disclosure5.35.1$0-$5k$0-$5kNot definedOfficial fix 0.005770.07CVE-2022-47160
5Libksba CRL Signature Parser integer overflow7.67.5$0-$5k$0-$5kNot definedOfficial fix 0.018430.00CVE-2022-47629
6abacus-ext-cmdline execute command injection7.27.2$0-$5k$0-$5kNot definedNot defined 0.003160.00CVE-2022-24431
7ActiveCampaign for WooCommerce Plugin Error Log authorization4.94.8$0-$5k$0-$5kNot definedOfficial fix 0.001010.05CVE-2022-3923
8Mozilla Thunderbird denial of service5.45.3$5k-$25k$0-$5kNot definedOfficial fix 0.001440.07CVE-2022-42929
9Mozilla Thunderbird URL Parser use after free5.45.3$25k-$100k$5k-$25kNot definedOfficial fix 0.001230.00CVE-2022-40960
10Mozilla Thunderbird getEntries cross-domain policy7.27.0$25k-$100k$5k-$25kNot definedOfficial fix 0.001630.06CVE-2022-42927
11Mozilla Thunderbird Garbage Collector memory corruption7.57.4$25k-$100k$5k-$25kNot definedOfficial fix 0.001450.00CVE-2022-42928
12Mozilla Thunderbird denial of service5.45.3$5k-$25k$0-$5kNot definedOfficial fix 0.001310.07CVE-2022-40957
13Mozilla Thunderbird session fixiation5.75.6$5k-$25k$0-$5kNot definedOfficial fix 0.002370.00CVE-2022-40958
14Mozilla Thunderbird initialization6.46.2$5k-$25k$0-$5kNot definedOfficial fix 0.001060.00CVE-2022-40959
15Mozilla Thunderbird Email Message4.24.1$25k-$100k$5k-$25kNot definedOfficial fix 0.001450.00CVE-2022-1520
16Mozilla Firefox ESR PK11_ChangePW use after free6.96.7$25k-$100k$5k-$25kNot definedOfficial fix 0.001790.02CVE-2022-38476
17Mozilla Thunderbird protection mechanism6.26.0$25k-$100k$5k-$25kNot definedOfficial fix 0.001540.07CVE-2022-40956
18Mozilla Firefox ESR VR Process use after free5.45.3$25k-$100k$5k-$25kNot definedOfficial fix 0.001290.07CVE-2022-1196
19Fuji Electric Tellus Lite V-Simulator stack-based overflow8.38.1$0-$5k$0-$5kNot definedOfficial fix 0.000490.05CVE-2022-3085
20Mozilla Thunderbird Digital Signature5.65.5$25k-$100k$5k-$25kNot definedOfficial fix 0.001250.00CVE-2021-4126

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1178.239.173.172172.173.239.178.baremetal.zare.comDharma04/26/2022verifiedLow
2XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxx-xxxXxxxxx05/31/2021verifiedLow
3XXX.XXX.XXX.XXXXxxxxx04/26/2022verifiedLow

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxx Xxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (151)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/ajax.php?action=save_areapredictiveHigh
2File/admin/create_product.phppredictiveHigh
3File/admin/scripts/pi-hole/phpqueryads.phppredictiveHigh
4File/api/Index/getFileBinarypredictiveHigh
5File/api/User/download_imgpredictiveHigh
6File/aya/module/admin/fst_del.inc.phppredictiveHigh
7File/aya/module/admin/fst_down.inc.phppredictiveHigh
8File/conf/predictiveLow
9File/cupseasylive/countrylist.phppredictiveHigh
10File/ecommerce/admin/user/controller.php?action=editpredictiveHigh
11File/etc/sudoerspredictiveMedium
12File/forum/away.phppredictiveHigh
13File/goform/addressNatpredictiveHigh
14File/goform/addWifiMacFilterpredictiveHigh
15File/goform/DhcpListClientpredictiveHigh
16File/goform/exeCommandpredictiveHigh
17File/goform/fast_setting_wifi_setpredictiveHigh
18File/goform/GetParentControlInfopredictiveHigh
19File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxxxpredictiveHigh
21File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
22File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
24File/xxxxxx/xxxxxxxxxxxpredictiveHigh
25File/xxxxxx/xxxxxxxxxxpredictiveHigh
26File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
27File/xxxxxx/xxxxxxxxxxxpredictiveHigh
28File/xxxxx.xxxpredictiveMedium
29File/xxxxxxxxx/xxxxxxx.xxxpredictiveHigh
30File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxx/xxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
35Filexxxxxxx.xxpredictiveMedium
36Filexxx-xxxxxxx.xxxpredictiveHigh
37Filexxxxxxxx/xxx/xxxxxxxxxxx/__xxxx__.xxpredictiveHigh
38Filexxx-xxx/xxxxxxx.xxpredictiveHigh
39Filexxxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxx/xxxx/xxxx/xx/xxxxxxxxxx/xxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxx/xxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx.xxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx_xxxxx.xxxpredictiveHigh
46Filexxxx/xxxxxxxxxx/xxxxxx.xxpredictiveHigh
47Filexxxxxxxxxx/xxxxxx/xxxxxxxxxxx.xxpredictiveHigh
48Filexxx/xxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxxpredictiveMedium
50Filexxxxx.xxxpredictiveMedium
51Filexxx/xxxx_xxxxxxx/xxxxxxxxxxx.xxpredictiveHigh
52Filexxxxx.xxx.xxxpredictiveHigh
53Filexxxxx.xxxxpredictiveMedium
54Filexxxx.xxpredictiveLow
55Filexxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxx.xxxpredictiveMedium
57Filexxxxxx.xxxpredictiveMedium
58FilexxxxxxxxxxxxxxpredictiveHigh
59Filexxx_xxx.xxpredictiveMedium
60Filexxxxxxx.xxxpredictiveMedium
61Filexxxx_xxxxxxxxpredictiveHigh
62Filexxxxx.xpredictiveLow
63Filexxxxxx/xx/xxxxxxx/xxxxxxx.xxpredictiveHigh
64Filexxxxxx/xxxxxxxpredictiveHigh
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxxx/xxxxxxxxxxxx.xxpredictiveHigh
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxxxxxxxx/xx/xxxxxx.xxpredictiveHigh
69Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxx.xxpredictiveHigh
70Filexxx/xxxxx.xxpredictiveMedium
71Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
72Filexxx/xxxxxxx-xxxx.xxxpredictiveHigh
73Filexxxxxx/xx/xxxxxx.xxpredictiveHigh
74Filexxxxxxxxx/xxxxxx.xxxxpredictiveHigh
75Filexxxxxxx.xxxpredictiveMedium
76Filexxxx-xxxxxxxx.xxxpredictiveHigh
77Filexxx_xxx.xxx.xxxpredictiveHigh
78Filexxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxxx.xxxpredictiveHigh
80Filexxxx_xxxxxxx.xxxpredictiveHigh
81Filexx-xxxxxxxxx.xxxpredictiveHigh
82Filexxxxxxxxxx.xxxpredictiveHigh
83File~/xxxxxx-xxxx.xxxpredictiveHigh
84Argumentxxx_xxpredictiveLow
85ArgumentxxxxpredictiveLow
86ArgumentxxxxxxpredictiveLow
87Argumentxxxx/xxx/xxxxxxxxxxx/xxxxpredictiveHigh
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxpredictiveLow
91ArgumentxxxxxxxpredictiveLow
92Argumentxx-xxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxxxxxpredictiveLow
96ArgumentxxxxxxxxxxxpredictiveMedium
97ArgumentxxxxxxxxxxxpredictiveMedium
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxxxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxpredictiveLow
103ArgumentxxxxxxxpredictiveLow
104ArgumentxxxxpredictiveLow
105ArgumentxxxxpredictiveLow
106ArgumentxxxxxxxxxpredictiveMedium
107ArgumentxxpredictiveLow
108ArgumentxxpredictiveLow
109ArgumentxxxxxpredictiveLow
110Argumentxxxxxxxx/xxxxx_xxpredictiveHigh
111Argumentxxxx/xxxxxx_xxxxpredictiveHigh
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxpredictiveLow
115Argumentxxxxxx_xxpredictiveMedium
116ArgumentxxxpredictiveLow
117Argumentxxx_xxxxpredictiveMedium
118Argumentx_xxxx.xxxxxxpredictiveHigh
119ArgumentxxxxpredictiveLow
120Argumentxxxx/xxxxxxxxxxxpredictiveHigh
121ArgumentxxxxxxpredictiveLow
122ArgumentxxxxxxxxxxxxxxxpredictiveHigh
123ArgumentxxxxpredictiveLow
124ArgumentxxxxpredictiveLow
125ArgumentxxxxxpredictiveLow
126Argumentxxxxxxx_xxxxpredictiveMedium
127ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
128ArgumentxxxxxxxxpredictiveMedium
129Argumentxxxxxxxx_xxpredictiveMedium
130Argumentxxxxx_xxxpredictiveMedium
131ArgumentxxxxpredictiveLow
132ArgumentxxxxxxxpredictiveLow
133ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
134Argumentxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
135Argumentxx_xxpredictiveLow
136ArgumentxxxxpredictiveLow
137ArgumentxxxxxpredictiveLow
138ArgumentxxxxxxpredictiveLow
139Argumentxxxxxxxxxxx/xxxxxxxxpredictiveHigh
140ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
141ArgumentxxxxpredictiveLow
142ArgumentxxxpredictiveLow
143ArgumentxxxpredictiveLow
144ArgumentxxxxpredictiveLow
145ArgumentxxxxxxpredictiveLow
146ArgumentxxxxxxpredictiveLow
147ArgumentxxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149Argument_xxxxxxxxx[xxx_xxxxxxxxxx]predictiveHigh
150Input Valuex%xx%xxxxxxx%xxxxxxxx%xxxxxxx_xxxxxx(xxxxx_xxxx),xxxxxxxx(),x,xxxx(),x,x,x,x,x,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx,xx%xxxxxx%xxxxxxxxxxxxx_xxxxxx.xxxxxx%xxxxxxx%xxxxxxx_xxxxxx=xxxxxxxx()--+predictiveHigh
151Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!