Dracarys Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (182)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en176
fr2
ja2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
tr18
ru2
es2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine1
Candiru1
BazarLoader1
FTP Info Stealer1
Bitter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Operating System14
Content Management System14
WordPress Plugin12
Smartphone Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined70
Microsoft10
Google8
GitLab6
Brocade4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
GitLab Enterprise Edition6
Microsoft Windows6
CMS Made Simple4
OFCMS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1SmarterTools SmarterMail path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00062CVE-2019-7213
2cumin Server Certificate Validator certificate validation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00090CVE-2013-0264
3Microsoft Windows SmartScreen Remote Code Execution8.88.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.070.01304CVE-2023-32049
4tsolucio corebos cross site scripting5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00045CVE-2023-3073
5SICK FTMg Air Flow Sensor REST Interface observable response discrepancy5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00092CVE-2023-23449
6PHP unserialize use after free5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.73398CVE-2015-0231
7Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.09498CVE-2023-28231
8payload CMS information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00049CVE-2023-30843
9Google Android PowerVR Kernel Driver PVRSRVBridgeRGXKickVRDM integer overflow6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00043CVE-2021-0872
10Cththemes Outdoor Theme cross site scripting5.75.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00046CVE-2023-29236
11Apple macOS Kernel use after free7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00053CVE-2023-23514
12Apple macOS Carbon Core information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00052CVE-2023-23534
13Silicon Labs Wi-SUN Linux Border Router authorization6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00046CVE-2023-1262
14SourceCodester Alphaware Simple E-Commerce System sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.320.00100CVE-2023-1504
15SVG Support Plugin SVG Upload cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00045CVE-2022-4022
16Erin Garscadden GC Testimonials Plugin cross site scripting5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.030.00046CVE-2022-45817
17Apache HTTP Server mod_proxy_ftp uninitialized resource8.08.0$25k-$100k$5k-$25kNot DefinedNot Defined0.050.00117CVE-2020-1934
18Apache HTTP Server Slash resource management5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00521CVE-2019-0220
19SAUTER Controls Nova 200/Nova 220/BACnetstac missing authentication9.59.5$0-$5k$0-$5kNot DefinedUnavailable0.030.00055CVE-2023-0052
20porpeeranut go-with-me add.php sql injection6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00063CVE-2014-125032

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.140.114.22Dracarys10/07/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-88Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxx Xxxxxxxxx Xx X Xxxxxxxxxxx'x Xxxxx Xx XxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/admin.php/news/admin/topic/savepredictiveHigh
3File/admin/comn/service/update.jsonpredictiveHigh
4File/dev/shmpredictiveMedium
5File/dl/dl_print.phppredictiveHigh
6File/getcfg.phppredictiveMedium
7File/ofcms/company-c-47predictiveHigh
8File/usr/sbin/httpdpredictiveHigh
9File/util/print.cpredictiveHigh
10File/xxx/xxxxxxxxxx.xxxxpredictiveHigh
11Filexxx-xxxx.xpredictiveMedium
12Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
14Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxx-xxxx.xxxpredictiveMedium
17Filexxxxxxxxx.xpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveHigh
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxxxxx_x.xpredictiveMedium
22Filexxxxx_xxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
26Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveHigh
27Filexxxxxxxx/xxxx_xxxx.xpredictiveHigh
28Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
29Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
30Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
31Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexx_xxxx/xx_xxxxxx.xpredictiveHigh
39Filexxx_xxxxxxxx.xpredictiveHigh
40Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxx/xxx/xx/xxx.xpredictiveHigh
42Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveHigh
44Filexxxxxxx/xxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveHigh
46Filexxxxxx.xxxpredictiveMedium
47Filexxxxxxxx/xxxxxxxxpredictiveHigh
48Filexxxxx/xxxxx.xxpredictiveHigh
49Filexxxxxx/xx/xxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Argument$_xxxxxxx["xxx"]predictiveHigh
52Argumentxxx_xxxxxxxxxxpredictiveHigh
53Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
54ArgumentxxxxxxxxxpredictiveMedium
55ArgumentxxxpredictiveLow
56ArgumentxxxxxxxxxxxxxxxpredictiveHigh
57ArgumentxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxpredictiveMedium
59Argumentxxxxxx x xxx xxxxxxxxxxpredictiveHigh
60Argumentxxxxx/xxxxxxxxpredictiveHigh
61Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
62ArgumentxxxxxxxxxpredictiveMedium
63ArgumentxxpredictiveLow
64ArgumentxxxpredictiveLow
65ArgumentxxxxxxxxxpredictiveMedium
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxpredictiveLow
71Argumentx_xxpredictiveLow
72Argumentxxxxxx xxxxpredictiveMedium
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxpredictiveLow
78ArgumentxxxxxpredictiveLow
79Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!