Dyre Analysis

IOB - Indicator of Behavior (297)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en284
it6
fr6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru136
us132
nl10
de8
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android30
Adobe Flash Player6
Linux Kernel6
Microsoft Windows6
Adobe Connect4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.01319CVE-2006-5509
4Codoforum User Registration cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.02173CVE-2020-5842
5JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02945CVE-2010-5048
6PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.40738CVE-2006-0996
7Grandstream GXP16xx VoIP SSH Configuration Interface command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2018-17565
8H Peter Anvin tftp-hpa memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05139CVE-2011-2199
9Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.220.00954CVE-2015-5911
10Microsoft Internet Explorer gopher URI memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.63976CVE-2002-0371
11OAuth/OpenID privileges management5.34.7$0-$5k$0-$5kUnprovenUnavailable0.030.00000
12Linux Kernel Crypto Subsystem input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00950CVE-2018-14619
13vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01136CVE-2015-1419
14Sierra Wireless ALEOS SSH/Telnet Session information disclosure8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2015-2897
15AVTECH IP Camera/NVR/DVR CloudSetup.cgi command injection9.89.5$0-$5k$0-$5kNot DefinedUnavailable0.000.00000
16Microsoft Windows COM+ Event System Service Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2022-41033
17FreePBX index.php cross site scripting8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01408CVE-2012-4870
18e107 CMS game_score.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01055CVE-2005-3594
19IP2Location Country Blocker Plugin AJAX Action ip2location_country_blocker_save_rules cross-site request forgery4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-25108
20FreePBX restapps Privilege Escalation6.35.9$0-$5k$0-$5kFunctionalOfficial Fix0.080.05634CVE-2021-45461

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
137.59.2.42ns399064.ip-37-59-2.euDyreverifiedHigh
264.70.19.202mailrelay.202.website.wsDyreverifiedHigh
369.195.129.75DyreverifiedHigh
480.248.224.75DyreverifiedHigh
585.25.134.53delta526.dedicatedpanel.comDyreverifiedHigh
685.25.138.12echo389.startdedicated.deDyreverifiedHigh
7XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxxverifiedHigh
8XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxverifiedHigh
9XX.XX.XX.XXXxxx.xxxx.xx.xxXxxxverifiedHigh
10XX.XX.XXX.XXxxxxxxxxx.xx-xx-xx-xxx.xxXxxxverifiedHigh
11XX.XXX.XXX.XXXxxxverifiedHigh
12XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxxverifiedHigh
13XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxxverifiedHigh
14XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxxverifiedHigh
15XXX.XX.XXX.XXXxxxverifiedHigh
16XXX.XXX.X.XXxxxxxxxxx.xxxXxxxverifiedHigh
17XXX.XXX.XX.XXXxxxverifiedHigh
18XXX.XXX.XX.XXXxxxverifiedHigh
19XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xx.xxxxxx.xxxXxxxverifiedHigh
20XXX.XXX.XX.XXXXxxxverifiedHigh
21XXX.XXX.XXX.XXXxxx.xxxxxxxxxx.xxXxxxverifiedHigh
22XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxxverifiedHigh
23XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxxverifiedHigh
24XXX.XXX.XXX.XXXxxx-xxx-xx.xxxx.xxxXxxxverifiedHigh
25XXX.XX.X.XXxxx-xx-x-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxverifiedHigh
26XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxxverifiedHigh
27XXX.XXX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxxXxxxverifiedHigh
28XXX.XXX.XXX.Xxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxxverifiedHigh
29XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxXxxxverifiedHigh
30XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=disa&view=formpredictiveHigh
2File/cgi-bin/admin/testserver.cgipredictiveHigh
3File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
4File/iwguestbook/admin/badwords_edit.asppredictiveHigh
5File/iwguestbook/admin/messages_edit.asppredictiveHigh
6File/private/var/mobile/Containers/Data/ApplicationpredictiveHigh
7File/recordings/index.phppredictiveHigh
8Fileacp/core/files.browser.phppredictiveHigh
9Fileaddentry.phppredictiveMedium
10Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx/xxx/xxx/xxx.xpredictiveHigh
14Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
15Filexxxx_xxxxxx.xpredictiveHigh
16Filexxxxxx/xxxx.xpredictiveHigh
17FilexxxxxxxpredictiveLow
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxx/xxx/xxx-xxxxxx.xpredictiveHigh
20Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
21Filexxxxxxx.xpredictiveMedium
22Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHigh
23Filexxxxxxxxx.xxxxpredictiveHigh
24Filexxxxx/xxxxxx_xpredictiveHigh
25Filexxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxx_xxxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx-xxx.xpredictiveMedium
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
31Filexxxx/xxxx/xxxxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxpredictiveMedium
36Filexxxx.xxxpredictiveMedium
37Filexxx/xxxxxxxx-xxxxx.xpredictiveHigh
38Filexxx_xxxx_xxxxxxxxx.xxpredictiveHigh
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxxxx.xpredictiveMedium
42Filexxxx.xpredictiveLow
43Filexxxx/xxxxxxxxx/xxx::xxxxxxxxxxpredictiveHigh
44Libraryxxx/xxx.xpredictiveMedium
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxxpredictiveLow
47ArgumentxxxpredictiveLow
48Argumentxxx_xxxpredictiveLow
49ArgumentxxxxxxpredictiveLow
50ArgumentxxxxxxxxxxxpredictiveMedium
51ArgumentxxxxxxxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53ArgumentxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxxxpredictiveLow
56Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
57ArgumentxxxxpredictiveLow
58Argumentxxxxx_xxpredictiveMedium
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61ArgumentxxxxpredictiveLow
62Argumentxxxxxx_xxxxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxpredictiveLow
67ArgumentxxxxxxxxpredictiveMedium
68Argumentxxxxxxxx/xxxxpredictiveHigh
69Argumentxxxxxx_xxxxxxxxpredictiveHigh
70Input Value'>[xxx]predictiveLow
71Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
72Input ValuexxpredictiveLow
73Input Value[xxx][/xxx]predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!