Dust Storm Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en942
zh58

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn994
us6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows18
Google Chrome14
Qualcomm Snapdragon Auto14
Qualcomm Snapdragon Mobile14
Qualcomm Snapdragon Compute12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1python-jwt authentication spoofing8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.04CVE-2022-39227
2Ametys CMS auto-completion Plugin en.xml information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006060.04CVE-2022-26159
3cryptography RSA Key Exchange timing discrepancy4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000980.05CVE-2023-50782
4OpenSSH DRAM Rowhammer improper authentication6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000510.04CVE-2023-51767
5GLPI External Link cross site scripting3.93.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000530.04CVE-2022-39277
6Pluck CMS Installation install.php cross site scripting3.53.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000510.04CVE-2023-5013
7Windriver VxWorks input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.011320.05CVE-2013-0716
8Windriver VxWorks cryptographic issues7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.00CVE-2010-2967
9Windriver VxWorks Hardcoded Credentials credentials management7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.004460.04CVE-2010-2966
10Cisco RV340 Web-based Management Interface memory corruption5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.006990.04CVE-2020-3451
11Google gson writeReplace deserialization6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002470.09CVE-2022-25647
12openBI Screen.php index code injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.04CVE-2024-1117
13Novel-Plus list sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2024-0655
14opencontainers runc Internal File Descriptor file descriptor8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050620.05CVE-2024-21626
15runc Configuration pathname traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002070.00CVE-2021-30465
16Tenda AC8 SetRebootTimer formSetRebootTimer stack-based overflow8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-4065
17WordPress Scheduled Task wp-cron.php resource consumption6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000960.09CVE-2023-22622

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Dust Storm

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
16.9.2.1Dust StormDust Storm12/23/2020verifiedHigh
223.238.229.128Dust StormDust Storm12/23/2020verifiedHigh
327.255.72.68Dust StormDust Storm12/23/2020verifiedHigh
427.255.72.69Dust StormDust Storm12/23/2020verifiedHigh
527.255.72.78Dust StormDust Storm12/23/2020verifiedHigh
659.120.59.259-120-59-2.hinet-ip.hinet.netDust StormDust Storm12/23/2020verifiedHigh
759.188.13.133Dust StormDust Storm12/23/2020verifiedHigh
8XX.XXX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
9XX.XXX.XXX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
10XX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
11XXX.X.X.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
12XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
13XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
14XXX.XXX.XX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
15XXX.XXX.XX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
16XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
17XXX.XX.XXX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
18XXX.XXX.XXX.XXxxxxxx-xx-xx-xxx-xxx-xxx.xxx.xxxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
19XXX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
20XXX.XX.XX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
21XXX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
22XXX.XX.XX.XXxxx.xxxxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
23XXX.XXX.XXX.XXXxxx.xxxx.xxx.xxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
24XXX.XXX.XXX.XXXxxxxx.xxxx.xxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
25XXX.XXX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
26XXX.XX.XX.XXXxx.xx.xx.xxxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
27XXX.X.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
28XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
30XXX.XXX.XX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
31XXX.XX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
32XXX.XX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
33XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
34XXX.XX.XXX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-274, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (166)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php?p=/Area/index#tab=t2predictiveHigh
2File/admin/students.phppredictiveHigh
3File/adminPage/www/addOverpredictiveHigh
4File/application/index/controller/Screen.phppredictiveHigh
5File/dataSet/testTransform;swagger-uipredictiveHigh
6File/dayrui/Fcms/View/system_log.htmlpredictiveHigh
7File/dayrui/My/View/main.htmlpredictiveHigh
8File/goform/SetRebootTimerpredictiveHigh
9File/goform/WriteFacMacpredictiveHigh
10File/module/comment/savepredictiveHigh
11File/new_itempredictiveMedium
12File/novel/bookSetting/listpredictiveHigh
13File/rootpredictiveLow
14File/scripts/unlock_tasks.phppredictiveHigh
15File/servicedesk/customer/portalspredictiveHigh
16File/upload/localhostpredictiveHigh
17File/view/student_payment_details4.phppredictiveHigh
18Fileaccount/login.phppredictiveHigh
19Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
21Filexxxxx/xxx/xxxxxxxxxxxxpredictiveHigh
22Filexxxxx/xxxxxx.xxxpredictiveHigh
23Filexxxxx/_xxxxxxx.xxxpredictiveHigh
24Filexxxx_xxx_xxxxxxx.xxxpredictiveHigh
25Filexxxx_xxxx_xxxxxxxxx.xxxpredictiveHigh
26Filexxxx_xxx_xxxxxxxx.xxxpredictiveHigh
27Filexxx.xxx/xxx/xxxxxxpredictiveHigh
28Filexxx/xxxxxxxxxx/xx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxx/xxxxx/xxx_xxxxxxxx/predictiveHigh
30Filexxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx_xxxxxxx.xxxxx.xxxpredictiveHigh
32Filexxx.xpredictiveLow
33Filexxxxx/xxx_xxxx.xpredictiveHigh
34Filexxxxxx/xxxxxx/predictiveHigh
35Filexxxxxxxxx-xxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxxpredictiveHigh
36Filexxx.xpredictiveLow
37Filexxxxxxxxxx.xpredictiveMedium
38Filexxx-xxx/xxxx/xxxxx/xxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
39Filexxxxxxxxx-xxxxxx.xpredictiveHigh
40Filexxx.xxxxxxxx.xxxxxxx.xxx.xxx.xxxxxxxxxxxxxpredictiveHigh
41Filexxxxxxxxxxxxxxxxxx.xxx.xxxpredictiveHigh
42Filexxxxxxxxxx/xxx.xxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexx-xxxxxx.xpredictiveMedium
45Filexxxxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
46Filexxxxxx_x_x.xxxpredictiveHigh
47Filexxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx_xxxxx.xpredictiveHigh
49Filexxxxxxxxx_xxx_xxxxxx_xxx/predictiveHigh
50Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxx/xxxx.xpredictiveHigh
51Filexxxxxxx/xx/xxxxxxxx.xpredictiveHigh
52Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
53Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
54Filexxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxxxxxxx.xxpredictiveMedium
57Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxx_xxxxxx.xxpredictiveHigh
59Filexxxx-xxxxxxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
60Filexxxxxx/xxxx/xxxxxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxx_xxxxxx_xxxxx_xxxxxx.xpredictiveHigh
63Filexxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
64Filexxxxxxxx/xxxx.xxxpredictiveHigh
65Filexxxxxxxx/xxxxx-xxx-xxxxxx.xxxpredictiveHigh
66Filexxxxx.xxxpredictiveMedium
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxxxxxx/xxxxx_xxxxxx.xxxpredictiveHigh
69Filexxxxxxxxxxx.xxpredictiveHigh
70Filexxxxxxxx/xxxxxxxxxpredictiveHigh
71Filexxx.xpredictiveLow
72Filexxxxxxx/xxxxx.xpredictiveHigh
73Filexxxxxxxxxxxx/xxxxxxx.xpredictiveHigh
74Filexxxxxxxxxxxx/xxx.xpredictiveHigh
75Filexxxxxxxxxxxx/xxxxxxxxx.xpredictiveHigh
76Filexxxx.xpredictiveLow
77Filexxxxxxxx.xxxpredictiveMedium
78Filexxx/xxxxxxxxxx/xxxxxx.xpredictiveHigh
79Filexxxx_xxxx.xxxpredictiveHigh
80Filexxxxx/xxxx-xxxxx.xxxpredictiveHigh
81Filexxxx.xxxpredictiveMedium
82Filexxxxxxxxxxx_xxxxxxxxxxxx.xxpredictiveHigh
83Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
84Filexx-xxxxx/xxxxx.xxx?xxx=xxxx&xxx=xxxxxxpredictiveHigh
85Filexxxxxxx.xpredictiveMedium
86Filex/xxxxx/xxxxxxx/xxxx/xxxpredictiveHigh
87Filexxxxxx/xxxxxxxxxpredictiveHigh
88Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
89Filexxxxxxxxxx.xpredictiveMedium
90Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxxxxxx/xxxxx.xxpredictiveHigh
92Filexxxxx/xxxx_xxxx.xpredictiveHigh
93Filexxxx/xxxx.xxxpredictiveHigh
94Filexxx_xxxxxx.xpredictiveMedium
95FilexxxxxxxxxxpredictiveMedium
96Filexxxxxxxxxxx.xxxpredictiveHigh
97Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxxx_xxxx_xxxxxxxpredictiveHigh
98Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveHigh
99Filexx-xxxx.xxxpredictiveMedium
100Libraryxxxxxx.xxxpredictiveMedium
101Libraryxxxxxxxxx.xxxpredictiveHigh
102Libraryxxx/xxxxxxxxx/xxx.xpredictiveHigh
103Libraryxxxxxxx_xxxxx_xxxxxxpredictiveHigh
104Libraryxxxxx.xxxpredictiveMedium
105Libraryxxxxxx/xxxx/xxxxxx/xxxxx.xpredictiveHigh
106Libraryxxxxx.xxxpredictiveMedium
107Libraryxxxxx.xxxpredictiveMedium
108ArgumentxxxxxxxxxxxpredictiveMedium
109Argumentxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxx/xxxxx/xxxxx_xxxxxxxpredictiveHigh
110ArgumentxxxxxxxxxxxpredictiveMedium
111ArgumentxxxxxpredictiveLow
112ArgumentxxxxxxxpredictiveLow
113Argumentxxxxxxx/xxxxxxxxpredictiveHigh
114Argumentxxxxxxx-xxxxxx/xxxxxxxx-xxxxxxxxpredictiveHigh
115Argumentxxxxxxx/xxxxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxpredictiveLow
118ArgumentxxxxxxxxxxxpredictiveMedium
119ArgumentxxxpredictiveLow
120ArgumentxxxxxxpredictiveLow
121ArgumentxxxxxxxxxxxpredictiveMedium
122Argumentxxxxx_xxxxpredictiveMedium
123ArgumentxxxxxxxpredictiveLow
124Argumentxxxxxx[xxxxxxxxxxxxxx]predictiveHigh
125ArgumentxxxxxxxxxxpredictiveMedium
126ArgumentxxxxxpredictiveLow
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxxpredictiveLow
129ArgumentxxxpredictiveLow
130ArgumentxxxxxxxpredictiveLow
131Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
132ArgumentxxxxpredictiveLow
133Argumentxxxx_xxpredictiveLow
134Argumentxxx_xxxxpredictiveMedium
135ArgumentxxxxxxxxpredictiveMedium
136ArgumentxxxpredictiveLow
137Argumentxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
138ArgumentxxxxxxxpredictiveLow
139ArgumentxxxxxpredictiveLow
140ArgumentxxxxxxxxpredictiveMedium
141ArgumentxxxxxxxxpredictiveMedium
142Argumentxxxx_xxpredictiveLow
143ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
144ArgumentxxxxxxxxxxpredictiveMedium
145ArgumentxxxxxxpredictiveLow
146ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
147ArgumentxxxxxxxxxxxxxxxpredictiveHigh
148Argumentxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
149ArgumentxxxxpredictiveLow
150ArgumentxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152Argumentxxxxxx-xxxpredictiveMedium
153Argumentxxxxxx xxxxx/xxxxxx xxxxpredictiveHigh
154ArgumentxxxxxxxxxxpredictiveMedium
155ArgumentxxxpredictiveLow
156ArgumentxxxxxxxxpredictiveMedium
157ArgumentxxxxxxxxpredictiveMedium
158Input Value<?xxxpredictiveLow
159Input Value<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh
160Input Valuexxxx@xxpredictiveLow
161Input Valuexxxxxxxxxx&#x;:xxxxxpredictiveHigh
162Input Valuexxxx=xxx-xxxxxxxx-xxxxxxxpredictiveHigh
163Network PortxxxxpredictiveLow
164Network Portxxx/xx (xxx)predictiveMedium
165Network Portxxx/xxxpredictiveLow
166Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!