Dharma Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en1000

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dharma2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined162
Web Browser32
Mail Client Software28
WordPress Plugin24
Content Management System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined116
Mozilla60
Huawei26
Tenda16
IBM10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox28
Mozilla Thunderbird28
Huawei HarmonyOS26
OpenImageIO24
Tenda F120314

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1smoothie cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2022-25929
2Fuji Electric Tellus Lite V-Simulator out-of-bounds write8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01036CVE-2022-3087
3Wp Social Plugin information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00000CVE-2022-47160
4Libksba CRL Signature Parser integer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01018CVE-2022-47629
5abacus-ext-cmdline execute command injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.070.02055CVE-2022-24431
6ActiveCampaign for WooCommerce Plugin Error Log authorization5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-3923
7Fuji Electric Tellus Lite V-Simulator stack-based overflow8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00000CVE-2022-3085
8Mozilla Thunderbird denial of service4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01018CVE-2022-42929
9Mozilla Thunderbird URL Parser use after free4.34.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.050.01018CVE-2022-40960
10Mozilla Thunderbird getEntries unknown vulnerability6.36.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.01018CVE-2022-42927
11Mozilla Thunderbird Garbage Collector memory corruption6.36.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.020.01018CVE-2022-42928
12Mozilla Thunderbird denial of service4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01018CVE-2022-40957
13Mozilla Thunderbird session fixiation5.04.8$5k-$25k$5k-$25kNot DefinedOfficial Fix0.040.01018CVE-2022-40958
14Mozilla Thunderbird initialization6.36.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.030.01018CVE-2022-40959
15Mozilla Thunderbird Email Message unknown vulnerability4.24.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00885CVE-2022-1520
16Mozilla Firefox ESR PK11_ChangePW use after free6.36.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.020.00954CVE-2022-38476
17Mozilla Thunderbird protection mechanism6.36.0$5k-$25k$5k-$25kNot DefinedOfficial Fix0.030.01018CVE-2022-40956
18Mozilla Firefox ESR VR Process use after free4.34.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.020.00954CVE-2022-1196
19Huawei HarmonyOS out-of-bounds write5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2022-46324
20Huawei HarmonyOS out-of-bounds write5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.070.00885CVE-2022-46325

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1178.239.173.172172.173.239.178.baremetal.zare.comDharmaverifiedHigh
2XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxx-xxxXxxxxxverifiedHigh
3XXX.XXX.XXX.XXXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-1321Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxx Xxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/scripts/pi-hole/phpqueryads.phppredictiveHigh
2File/api/Index/getFileBinarypredictiveHigh
3File/api/User/download_imgpredictiveHigh
4File/aya/module/admin/fst_del.inc.phppredictiveHigh
5File/aya/module/admin/fst_down.inc.phppredictiveHigh
6File/etc/sudoerspredictiveMedium
7File/goform/addressNatpredictiveHigh
8File/goform/addWifiMacFilterpredictiveHigh
9File/goform/DhcpListClientpredictiveHigh
10File/goform/exeCommandpredictiveHigh
11File/goform/fast_setting_wifi_setpredictiveHigh
12File/goform/GetParentControlInfopredictiveHigh
13File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxxxpredictiveHigh
21Filexxx/xxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
22Filexxx-xxxxxxx.xxxpredictiveHigh
23Filexxxxxxxx/xxx/xxxxxxxxxxx/__xxxx__.xxpredictiveHigh
24Filexxxx/xxx/xxxx/xxxx/xx/xxxxxxxxxx/xxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx.xxpredictiveHigh
26Filexxxx/xxxxxxxxxx/xxxxxx.xxpredictiveHigh
27Filexxxxxxxxxx/xxxxxx/xxxxxxxxxxx.xxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxx/xxxx_xxxxxxx/xxxxxxxxxxx.xxpredictiveHigh
30Filexxxx.xxpredictiveLow
31Filexxxxxx.xxxpredictiveMedium
32FilexxxxxxxxxxxxxxpredictiveHigh
33Filexxx_xxx.xxpredictiveMedium
34Filexxxx_xxxxxxxxpredictiveHigh
35Filexxxxx.xpredictiveLow
36Filexxxxxx/xx/xxxxxxx/xxxxxxx.xxpredictiveHigh
37Filexxxxxx/xxxxxxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxx/xxxxxxxxxxxx.xxpredictiveHigh
40Filexxxxxxxxxx/xx/xxxxxx.xxpredictiveHigh
41Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxx.xxpredictiveHigh
42Filexxx/xxxxx.xxpredictiveMedium
43Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
44Filexxx/xxxxxxx-xxxx.xxxpredictiveHigh
45Filexxxxxx/xx/xxxxxx.xxpredictiveHigh
46Filexxxxxxxxx/xxxxxx.xxxxpredictiveHigh
47Filexxx_xxx.xxx.xxxpredictiveHigh
48Filexxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxx.xxxpredictiveHigh
50ArgumentxxxxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxpredictiveLow
53ArgumentxxxxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxxxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLow
58ArgumentxxxxxxxxxpredictiveMedium
59ArgumentxxxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxxxxxpredictiveMedium
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxxxxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxxpredictiveLow
68ArgumentxxxxxxxxxxxxpredictiveMedium
69Argumentxxx_xxxxpredictiveMedium
70Argumentx_xxxx.xxxxxxpredictiveHigh
71ArgumentxxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxpredictiveLow
75Argumentxxx.xxxpredictiveLow
76Argumentxxxxxxx_xxxxpredictiveMedium
77ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
78ArgumentxxxxxxxxpredictiveMedium
79Argumentxxxxxxxx_xxpredictiveMedium
80Argumentxxxxx_xxxpredictiveMedium
81ArgumentxxxxpredictiveLow
82Argumentxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxpredictiveLow
85Argumentxxxxxxxxxxx/xxxxxxxxpredictiveHigh
86ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
87ArgumentxxxxpredictiveLow
88ArgumentxxxxpredictiveLow
89ArgumentxxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!