DNSpionage Analysis

IOB - Indicator of Behavior (18)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en14
fr2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us14
ua4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Joomla CMS4
Microsoft PowerPoint2
OSClass2
HGiga OAKlouds Mobile Portal2
Siemens Cerberus DMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft PowerPoint memory corruption6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.39320CVE-2017-8743
2Joomla CMS sql injection7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.030.00986CVE-2013-1453
3AlienVault Open Source Security Information Management code injection9.89.4$0-$5k$0-$5kHighOfficial Fix0.010.84271CVE-2014-3804
4Intelliants Subrion CMS Members Administrator cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.010.07376CVE-2020-18326
5SonicWALL SMA 100/SMA 200/SMA 210/SMA 400/SMA 410/SMA 500v File Path access control6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.08382CVE-2021-20034
6HGiga OAKlouds Mobile Portal Network Interface Card Setting Page os command injection9.89.6$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2021-37913
7Siemens Cerberus DMS/Desigo CC Compact/Desigo CC CCOM Communication deserialization6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01086CVE-2021-37181
8Apache Struts OGNL Evaluation Privilege Escalation6.36.3$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.010.78038CVE-2020-17530
9Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
10OSClass index.php findBySlug sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.240.01139CVE-2012-0973
11AOL ICQ MCRegEx__Search memory corruption7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.070.08263CVE-2006-4662
12GitLab Enterprise Edition Access Control permission assignment6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-16170
13Joomla CMS index.php privileges management7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.08382CVE-2012-1563
14Zemanta Search Everything index.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.060.01136CVE-2014-2316
15Roundcube Webmail rcube_washtml.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01408CVE-2015-1433
16WordPress Password Reset wp-login.php mail password recovery6.15.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.020.23476CVE-2017-8295

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Middle East

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1185.20.184.138185.20.184.138.deltahost-ptrDNSpionageMiddle EastverifiedHigh
2XXX.XX.XXX.Xxxx.xx.xxx.x.xxxxxxxxx-xxxXxxxxxxxxxXxxxxx XxxxverifiedHigh
3XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxXxxxxx XxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filedata/gbconfiguration.datpredictiveHigh
2Fileindex.phppredictiveMedium
3Filexx-xxxxx.xxxpredictiveMedium
4Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
5ArgumentxxxxxxxxxpredictiveMedium
6ArgumentxxxxpredictiveLow
7Argumentxxxx xxxxxxxpredictiveMedium
8Argumentxxxxx[xxxxxx]predictiveHigh
9ArgumentxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!