Dragonfly Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en946
de24
es8
it8
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us934
ru20
gb10
kr4
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
PHP6
TP-LINK TL-WR886N4
Squiz Matrix4
IBM BigFix Platform4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.04187CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.06790CVE-2007-1167
4Apple Mac OS X Server input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2010-1821
5OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.290.00986CVE-2005-1612
6Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix1.190.00954CVE-2015-5911
7Microsoft Windows OLE olecnv32.dll access control7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.68733CVE-2017-8487
8Apple Mac OS X Server Profile Manager input validation7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.010.37149CVE-2013-0269
9Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.150.02251CVE-2022-37958
10Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.030.01139CVE-2006-3347
11Article Dashboard signup.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01213CVE-2007-4333
12Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.06790CVE-2006-6338
13vsftpd Service Port 6200 os command injection8.58.3$25k-$100k$25k-$100kNot DefinedWorkaround0.080.30487CVE-2011-2523
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.690.02800CVE-2007-0354
15PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.140.03129CVE-2007-1287
16Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.580.29797CVE-2014-4078
17Genivia gSOAP WS-Addressing Plugin integer overflow8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.080.05634CVE-2020-13576
18TYPO3 cross site scripting5.25.2$5k-$25k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-12748
19CMS Web-Gooroo authorization.inc.php sql injection8.57.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01564CVE-2017-18346
20phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.060.00885CVE-2019-6798

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Karagany

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXEpredictiveHigh
2File/cgi-bin/system_mgr.cgipredictiveHigh
3File/s/predictiveLow
4File/secure/admin/ImporterFinishedPage.jspapredictiveHigh
5File/uncpath/predictiveMedium
6File/wbg/core/_includes/authorization.inc.phppredictiveHigh
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
8Fileadmin/import/class-import-settings.phppredictiveHigh
9Fileajax/comments.phppredictiveHigh
10Filearchitext.confpredictiveHigh
11Fileattachment_send.phppredictiveHigh
12Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxx.xpredictiveLow
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxxx.xxxpredictiveMedium
22Filexxxx.xxxpredictiveMedium
23Filexxx/xxxxxx.xxxpredictiveHigh
24Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx/xxxxx.xxxpredictiveHigh
27Filexxxxxx/xxxxx.xpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxx.xxxpredictiveMedium
30Filexxx_xxxx.xxxpredictiveMedium
31Filexxxxxx.xxxpredictiveMedium
32Filexxxx.xpredictiveLow
33Filexxxxxxxxxxxxxxx/predictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xpredictiveMedium
37Filexxxxxx_xxxxxx.xxxpredictiveHigh
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxx-xxxxxxxx.xxxpredictiveHigh
42Filexx_xxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxx.xxxx.xxxpredictiveHigh
44Filexxxxxxx.xpredictiveMedium
45Filexxxx_xxxxxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxx/xxxxxxxxpredictiveHigh
48Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
49Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
50File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
51Libraryxxx/xxxxxx/xxxxxxxxx.xxpredictiveHigh
52Libraryxxxxxxxx.xxxpredictiveMedium
53ArgumentxxxxpredictiveLow
54Argumentxxxxxx_xx[]predictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxpredictiveLow
57ArgumentxxxxxpredictiveLow
58ArgumentxxxpredictiveLow
59ArgumentxxxxxxxpredictiveLow
60ArgumentxxxxxpredictiveLow
61ArgumentxxxxpredictiveLow
62ArgumentxxxxpredictiveLow
63ArgumentxxpredictiveLow
64Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
65Argumentxxxxxx/xxxxxxxxx/xxxxxx_xxxxpredictiveHigh
66ArgumentxxxxpredictiveLow
67Argumentxx_xxxxxxpredictiveMedium
68Argumentxxxxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHigh
69Argumentxxxx_xxxxpredictiveMedium
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72Argumentxxxx_xxxxpredictiveMedium
73ArgumentxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79Argumentxxxx_xxpredictiveLow
80Argumentxxx_xxxxxpredictiveMedium
81Argument_xxx_xxxxxxxxxxx_predictiveHigh
82Argument__xxxxxxxxxpredictiveMedium
83Input ValuexxxxxxxxpredictiveMedium
84Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
85Network Portxxx/xxxxpredictiveMedium
86Network Portxxx/xxxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!