Dyre Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (306)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en296
fr6
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia136
US: USA130
DE: Germany10
NL: Netherland8
IT: Italy4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dyre8
Dorkbot2
RTM1
LinuxMoose1
LockBit1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined66
Smartphone Operating System24
Operating System16
Content Management System12
Android App Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined58
Google24
Microsoft12
IBM10
Apple8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android24
FreePBX6
Lantronix xPrintServer6
Linux Kernel6
Microsoft Windows6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.41CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable 0.009570.02CVE-2006-5509
4Codoforum User Registration register cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.018190.02CVE-2020-5842
5Exponent CMS user.php getUserByName Blind sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.005870.02CVE-2016-7781
6JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.063101.05CVE-2010-5048
7PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.250320.04CVE-2006-0996
8Grandstream GXP16xx VoIP SSH Configuration Interface command injection9.89.8$0-$5k$0-$5kNot definedNot defined 0.006140.05CVE-2018-17565
9H Peter Anvin tftp-hpa memory corruption7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.021130.01CVE-2011-2199
10Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial fix 0.005531.17CVE-2015-5911
11Microsoft Internet Explorer gopher URI memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial fixpossible0.657700.00CVE-2002-0371
12OAuth/OpenID privileges management5.34.7$0-$5k$0-$5kUnprovenUnavailable 0.000000.03
13Linux Kernel Crypto Subsystem input validation6.46.4$5k-$25k$0-$5kNot definedOfficial fix 0.001200.04CVE-2018-14619
14vsftpd deny_file3.73.6$0-$5k$0-$5kNot definedOfficial fix 0.352900.05CVE-2015-1419
15Sierra Wireless ALEOS SSH/Telnet Session information disclosure8.88.4$0-$5k$0-$5kNot definedOfficial fix 0.000130.00CVE-2015-2897
16AVTECH IP Camera/NVR/DVR CloudSetup.cgi command injection9.89.5$0-$5k$0-$5kNot definedUnavailable 0.000000.02
17Board Power icq.cgi cross site scripting8.88.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.018030.00CVE-2004-1441
18Zabbix Dashboard Page zabbix.php improper authentication8.28.2$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.935690.03CVE-2019-17382
19RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload6.15.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003930.00CVE-2024-0185
20Microsoft Windows COM+ Event System Service type confusion8.17.7$25k-$100k$5k-$25kHighOfficial fixverified0.002340.00CVE-2022-41033

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.59.2.42ns399064.ip-37-59-2.euDyre08/30/2021verifiedLow
264.70.19.202mailrelay.202.website.wsDyre06/01/2021verifiedLow
369.195.129.75Dyre06/01/2021verifiedLow
480.248.224.75Dyre08/30/2021verifiedLow
585.25.134.53delta526.dedicatedpanel.comDyre08/30/2021verifiedLow
685.25.138.12echo389.startdedicated.deDyre08/30/2021verifiedLow
7XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedLow
8XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx08/30/2021verifiedVery Low
9XX.XX.XX.XXXxxx.xxxx.xx.xxXxxx08/30/2021verifiedLow
10XX.XX.XXX.XXxxxxxxxxx.xx-xx-xx-xxx.xxXxxx08/30/2021verifiedLow
11XX.XXX.XXX.XXXxxx06/01/2021verifiedLow
12XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx08/30/2021verifiedLow
13XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx08/30/2021verifiedLow
14XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx08/30/2021verifiedLow
15XXX.XX.XXX.XXXxxx08/30/2021verifiedLow
16XXX.XXX.X.XXxxxxxxxxx.xxxXxxx08/30/2021verifiedLow
17XXX.XXX.XX.XXXxxx08/30/2021verifiedLow
18XXX.XXX.XX.XXXxxx08/30/2021verifiedLow
19XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xx.xxxxxx.xxxXxxx06/01/2021verifiedLow
20XXX.XXX.XX.XXXXxxx08/30/2021verifiedLow
21XXX.XXX.XXX.XXXxxx.xxxxxxxxxx.xxXxxx08/30/2021verifiedLow
22XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx08/30/2021verifiedLow
23XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx08/30/2021verifiedLow
24XXX.XXX.XXX.XXXxxx-xxx-xx.xxxx.xxxXxxx08/30/2021verifiedLow
25XXX.XX.X.XXxxx-xx-x-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx08/30/2021verifiedVery Low
26XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxx06/01/2021verifiedLow
27XXX.XXX.XXX.XXXXxxx07/28/2023verifiedHigh
28XXX.XXX.XXX.Xxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedLow
29XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedLow
30XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedLow

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=disa&view=formpredictiveHigh
2File/cgi-bin/admin/testserver.cgipredictiveHigh
3File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
4File/framework/modules/users/models/user.phppredictiveHigh
5File/iwguestbook/admin/badwords_edit.asppredictiveHigh
6File/iwguestbook/admin/messages_edit.asppredictiveHigh
7File/private/var/mobile/Containers/Data/ApplicationpredictiveHigh
8File/recordings/index.phppredictiveHigh
9Fileacp/core/files.browser.phppredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
12Filexxxxx/xxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx/xxx/xxx/xxx.xpredictiveHigh
15Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
16Filexxxx_xxxxxx.xpredictiveHigh
17Filexxxxxx/xxxx.xpredictiveHigh
18FilexxxxxxxpredictiveLow
19Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxx/xxx-xxxxxx.xpredictiveHigh
22Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
23Filexxxxxxx.xpredictiveMedium
24Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHigh
25Filexxxxxxxxx.xxxxpredictiveHigh
26Filexxxxx/xxxxxx_xpredictiveHigh
27Filexxxx-xxxxxxx.xxxpredictiveHigh
28Filexxxx_xxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxx.xxxpredictiveLow
31Filexxxxxx-xxx.xpredictiveMedium
32Filexxx/xxxxxx.xxxpredictiveHigh
33Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
34Filexxxx/xxxx/xxxxxx.xpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxxxxxx.xxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxx/xxxxxxxx-xxxxx.xpredictiveHigh
41Filexxx_xxxx_xxxxxxxxx.xxpredictiveHigh
42Filexxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxxx.xpredictiveMedium
45Filexxxx.xpredictiveLow
46Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
47Filexxxx/xxxxxxxxx/xxx::xxxxxxxxxxpredictiveHigh
48Libraryxxx/xxx.xpredictiveMedium
49ArgumentxxxxxxpredictiveLow
50ArgumentxxxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53ArgumentxxxpredictiveLow
54Argumentxxx_xxxpredictiveLow
55ArgumentxxxxxxpredictiveLow
56ArgumentxxxxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxpredictiveLow
60ArgumentxxxxxpredictiveLow
61ArgumentxxxxxpredictiveLow
62Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxpredictiveLow
64Argumentxxxxx_xxpredictiveMedium
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxpredictiveLow
68Argumentxxxxxx_xxxxpredictiveMedium
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxpredictiveLow
73ArgumentxxxxxxxxpredictiveMedium
74Argumentxxxxxxxx/xxxxpredictiveHigh
75Argumentxxxxxx_xxxxxxxxpredictiveHigh
76Input Value'>[xxx]predictiveLow
77Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
78Input ValuexxpredictiveLow
79Input Value[xxx][/xxx]predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!