Dragonfly Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en918
de22
ru20
fr18
es12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us918
ru26
gb12
cn4
fi2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X Server10
Microsoft Windows10
Excite EWS6
IBM BigFix Platform4
DZCP deV!L`z Clanportal4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.39CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.53CVE-2007-1167
4Apple Mac OS X Server input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.05CVE-2010-1821
5OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.09CVE-2005-1612
6Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003390.25CVE-2015-5911
7Microsoft Windows OLE olecnv32.dll access control7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.638640.00CVE-2017-8487
8Apple Mac OS X Server Profile Manager input validation7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.018760.00CVE-2013-0269
9Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.03CVE-2005-4222
10Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.006620.05CVE-2022-37958
11Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.03CVE-2006-3347
12Article Dashboard signup.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002680.00CVE-2007-4333
13PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.09CVE-2007-1287
14Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.21CVE-2006-6338
15Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.53
16Microsoft Windows Mark of the Web unknown vulnerability5.45.1$25k-$100k$5k-$25kHighOfficial Fix0.003430.00CVE-2022-41091
17Synacor Zimbra Collaboration Suite sudo Configuration zmslapd access control8.38.3$0-$5k$0-$5kHighOfficial Fix0.001140.04CVE-2022-37393
18vsftpd Service Port 6200 os command injection8.58.4$25k-$100k$25k-$100kNot DefinedWorkaround0.882220.07CVE-2011-2523
19MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.63CVE-2007-0354
20TP-Link Archer C4500X rftest command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-5035

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Karagany

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (103)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXEpredictiveHigh
2File/cgi-bin/system_mgr.cgipredictiveHigh
3File/s/predictiveLow
4File/secure/admin/ImporterFinishedPage.jspapredictiveHigh
5File/uncpath/predictiveMedium
6File/wbg/core/_includes/authorization.inc.phppredictiveHigh
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
8Fileadclick.phppredictiveMedium
9Fileadmin/import/class-import-settings.phppredictiveHigh
10Fileajax/comments.phppredictiveHigh
11Filearchitext.confpredictiveHigh
12Fileattachment_send.phppredictiveHigh
13Fileauth2-gss.cpredictiveMedium
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxx.xxxpredictiveMedium
23Filexxxx.xpredictiveLow
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxx.xxxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxx/xxxxxx.xxxpredictiveHigh
29Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx/xxxxx.xxxpredictiveHigh
32Filexxxxxx/xxxxx.xpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxx_xxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexxxx.xpredictiveLow
38Filexxxxxxxxxxxxxxx/predictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxxxx.xpredictiveMedium
43Filexxxxxx_xxxxxx.xxxpredictiveHigh
44Filexxxxxx.xxxpredictiveMedium
45Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
48Filexxxx-xxxxx.xxxpredictiveHigh
49Filexxxx-xxxxxxxx.xxxpredictiveHigh
50Filexx_xxxxx.xxxpredictiveMedium
51Filexxxxxxxxxxx.xxxx.xxxpredictiveHigh
52Filexxxxxxx.xpredictiveMedium
53Filexxxx_xxxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxx/xxxxx/xxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxxx/xxxxxxxxpredictiveHigh
58Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
59Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
60Filexxxxxxxxxx.xxxpredictiveHigh
61FilexxxxxxxpredictiveLow
62File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
63Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
64Libraryxxx/xxxxxx/xxxxxxxxx.xxpredictiveHigh
65Libraryxxxxxxxx.xxxpredictiveMedium
66ArgumentxxxxpredictiveLow
67Argumentxxxxxx_xx[]predictiveMedium
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxxxpredictiveMedium
72ArgumentxxxxxpredictiveLow
73ArgumentxxxpredictiveLow
74ArgumentxxxxxxxpredictiveLow
75ArgumentxxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxxxpredictiveLow
78ArgumentxxpredictiveLow
79Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
80Argumentxxxxxx/xxxxxxxxx/xxxxxx_xxxxpredictiveHigh
81ArgumentxxxxpredictiveLow
82Argumentxx_xxxxxxpredictiveMedium
83Argumentxxxxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHigh
84Argumentxxxx_xxxxpredictiveMedium
85ArgumentxxxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxxx_xxxxpredictiveMedium
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxpredictiveLow
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96Argumentxxxx_xxpredictiveLow
97Argumentxxx_xxxxxpredictiveMedium
98Argument_xxx_xxxxxxxxxxx_predictiveHigh
99Argument__xxxxxxxxxpredictiveMedium
100Input ValuexxxxxxxxpredictiveMedium
101Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
102Network Portxxx/xxxxpredictiveMedium
103Network Portxxx/xxxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!