DreamBus Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (167)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

de	86
en	58
ja	20
es	4

Country

US: USA	120
JP: Japan	20
ME: Montenegro	6
TH: Thailand	4

Actors

DreamBus	6
Sliver	1

Activities

Interest

Timeline

Type

Not Defined	72
Content Management System	20
Web Server	10
Ticket Tracking Software	4
Anti-Malware Software	4

Vendor

Not Defined	60
SourceCodester	14
Apache	12
Oracle	12
code-projects	4

Product

Apache HTTP Server	8
Drupal	6
code-projects Simple Ticket Booking	4
SourceCodester Kortex Lite Advocate Office Managem ...	4
SourceCodester Library Management System	4

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not defined	Not defined		0.00000	0.16	CVE-2020-12440
2	WikkaWiki wikka.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00984	0.04	CVE-2013-5586
3	OpenSSL OCSP Response OCSP_basic_verify certificate validation	7.3	7.0	$5k-$25k	$0-$5k	Not defined	Official fix		0.00127	0.00	CVE-2022-1343
4	Apache Wicket cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not defined	Official fix		0.02847	0.00	CVE-2011-2712
5	ClamAV Antivirus MIME Parser input validation	6.8	6.8	$5k-$25k	$5k-$25k	Not defined	Not defined		0.02215	0.06	CVE-2019-15961
6	Omron CX-One CX-Programmer Password Storage information disclosure	5.9	5.7	$0-$5k	$0-$5k	Not defined	Official fix		0.00058	0.06	CVE-2015-0988
7	phpBB information disclosure	9.8	8.5	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00323	0.00	CVE-2008-1766
8	request-baskets API Request {name} server-side request forgery	6.4	6.4	$0-$5k	$0-$5k	Not defined	Not defined	expected	0.92816	0.04	CVE-2023-27163
9	rConfig PHP File unrestricted upload	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00044	0.05	CVE-2022-44384
10	Symantec pcAnywhere CIF File Hosts privileges management	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix		0.00044	0.03	CVE-2006-3784
11	SourceCodester Leads Manager Tool Add Leads add-leads.php cross site scripting	4.1	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00098	0.06	CVE-2024-7644
12	SourceCodester Kortex Lite Advocate Office Management System activate_act.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00130	0.04	CVE-2024-7642
13	SourceCodester Kortex Lite Advocate Office Management System delete_register.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00130	0.02	CVE-2024-7640
14	SourceCodester Kortex Lite Advocate Office Management System delete_act.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00130	0.04	CVE-2024-7639
15	SourceCodester Kortex Lite Advocate Office Management System delete_client.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00130	0.00	CVE-2024-7638
16	code-projects Online Polling Registration registeracc.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00132	0.02	CVE-2024-7637
17	code-projects Simple Ticket Booking Registration register_insert.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00136	0.02	CVE-2024-7635
18	code-projects Simple Ticket Booking Login authenticate.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00141	0.02	CVE-2024-7636
19	Joomla CMS sql injection	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not defined		0.00035	0.00	CVE-2013-1453
20	jQuery IMG Element cross site scripting	5.2	5.0	$0-$5k	$0-$5k	Not defined	Not defined		0.00298	0.07	CVE-2018-18405

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	1.46.6.1		DreamBus	01/17/2024	verified	High
2	10.0.0.0		DreamBus	06/28/2023	verified	High
3	92.204.243.155		DreamBus	09/01/2023	verified	High
4	XX.XXX.XXX.XXX	xxxx.x.xxxxxxxxx.xx	Xxxxxxxx	08/10/2022	verified	Medium
5	XX.XXX.XX.XX	xx-xxx-xx-xx.xx-xxxx.xxxxxxx.xxxx	Xxxxxxxx	08/10/2022	verified	Low
6	XXX.XXX.XX.XX	xxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxx	08/10/2022	verified	Low
7	XXX.XX.XXX.X		Xxxxxxxx	06/28/2023	verified	High
8	XXX.XXX.XXX.XXX		Xxxxxxxx	08/10/2022	verified	Medium
9	XXX.XXX.XXX.XXX	xxx.xx-xxx-xxx-xxx.xx	Xxxxxxxx	08/10/2022	verified	Medium
10	XXX.XX.X.X		Xxxxxxxx	06/28/2023	verified	High
11	XXX.XXX.X.X		Xxxxxxxx	06/28/2023	verified	High

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	T1059.007	CAPEC-209	CWE-79, CWE-80	Basic Cross Site Scripting	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-XX	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
9	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX		CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
11	TXXXX	CAPEC-XX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
12	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
13	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
14	TXXXX		CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
15	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	High
16	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (75)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/api/baskets/{name}	predictive	High
2	File	/config/getuser	predictive	High
3	File	/endpoint/add-leads.php	predictive	High
4	File	/index.php?action=seomatic/file/seo-file-link	predictive	High
5	File	/librarian/bookdetails.php	predictive	High
6	File	/mgmt/tm/util/bash	predictive	High
7	File	/staff/bookdetails.php	predictive	High
8	File	/student/bookdetails.php	predictive	High
9	File	/text/pdf/PdfReader.java	predictive	High
10	File	xxxxxxxx_xxx.xxx	predictive	High
11	File	xxx.xxx	predictive	Low
12	File	xxxxx/xxxxxx.xxx/xxxxxx.xxx.xxx	predictive	High
13	File	xxxxxxxxxxxx.xxx	predictive	High
14	File	xxxxxxx.xx	predictive	Medium
15	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
16	File	xxxxxx_xxx.xxx	predictive	High
17	File	xxxxxx_xxxxxx.xxx	predictive	High
18	File	xxxxxx_xxxxxxxx.xxx	predictive	High
19	File	xxxxxxxxxx.xxx	predictive	High
20	File	xxxxxxxxxxxx.xxx	predictive	High
21	File	xxxxxxxxxxxxxxxxx.xxx	predictive	High
22	File	xxxxx-xxxxxx/xxxxxxxx/xxxx-xxxx.xx	predictive	High
23	File	xxxx_xxxx_xxxxxx.xxx	predictive	High
24	File	xxxx/xxxx	predictive	Medium
25	File	xxxx.xxx	predictive	Medium
26	File	xxxxxx/xxxxx	predictive	Medium
27	File	xxx/xxxxx/xxxxx.xxxx.xxx	predictive	High
28	File	xxxxxxx.xx	predictive	Medium
29	File	xxxxxx/xxxxxxxxxxx.xxx	predictive	High
30	File	xxx_xxxxx_xxxxx.x	predictive	High
31	File	xxxxxx/xxxxxxx/xxxxxxxxx/xxx/xxxxx_xxx.xxx	predictive	High
32	File	xxxxx-xxxxxxx/xxx/xxxxx/xxxx_xxxxx/	predictive	High
33	File	xxxxxxxx.x	predictive	Medium
34	File	xxxxxxxxxxx.xxx	predictive	High
35	File	xxxxxxxx_xxxxxx.xxx	predictive	High
36	File	xxxxxxxx_xxxxxx.xxx	predictive	High
37	File	xxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxx	predictive	High
38	File	xxxxxxxx\xxxxxxxxxx\xxxxx	predictive	High
39	File	xxxx.xxx	predictive	Medium
40	File	xxxx.xxx	predictive	Medium
41	File	xxxxx.xxx	predictive	Medium
42	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxx	predictive	High
43	Library	xxxxxxxx.xxx	predictive	Medium
44	Library	xxxxxx.xxx	predictive	Medium
45	Library	xxx/xxxxxxxx/xxxx.xxx	predictive	High
46	Argument	xxxxx_xx/xxxxx	predictive	High
47	Argument	xxxx_xxxxxxxx	predictive	High
48	Argument	xxxx_xxxxxxxx_xx	predictive	High
49	Argument	xxxxxx	predictive	Low
50	Argument	xxxxx	predictive	Low
51	Argument	xxxxx/xxxxxxxx	predictive	High
52	Argument	xxx_xxx	predictive	Low
53	Argument	xxxx	predictive	Low
54	Argument	xx_xxxxxxxx	predictive	Medium
55	Argument	xxxxxxxxx	predictive	Medium
56	Argument	xx	predictive	Low
57	Argument	xx	predictive	Low
58	Argument	xxxxxx	predictive	Low
59	Argument	xxxxx_xxxx/xxxxx_xxxxxx	predictive	High
60	Argument	xxxx/xxxxx/xxx/xxxxxxxx/xxxxxx/xxxxx	predictive	High
61	Argument	xxxxxxx	predictive	Low
62	Argument	xxxxx_xx	predictive	Medium
63	Argument	xxxxxxxxx	predictive	Medium
64	Argument	xxxx_xxxxxx	predictive	Medium
65	Argument	xxxxxxxx	predictive	Medium
66	Argument	xxx_xx	predictive	Low
67	Argument	xxx	predictive	Low
68	Argument	xxxx	predictive	Low
69	Argument	xxxx_xxxxxx/xxxxxx/xxxxxx	predictive	High
70	Argument	xxx	predictive	Low
71	Argument	xxxx	predictive	Low
72	Argument	xxxxx	predictive	Low
73	Input Value	' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	High
74	Input Value	..\/	predictive	Low
75	Network Port	xxx/xxxx	predictive	Medium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!