Operation Dragon Castling Analysisinfo

IOB - Indicator of Behavior (113)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en88
zh22
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Microsoft IIS6
Forcepoint Email Security4
Joomla CMS4
MikroTik Winbox2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1jforum username User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2MantisBT API SOAP mc_project_get_users sql injection5.04.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001150.00CVE-2020-28413
3Hughes HX200/HX90/HX50L/HN9460/HN7000S cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000920.04CVE-2023-22971
4Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004830.12CVE-2017-0055
5Schneider Electric Interactive Graphical SCADA System memory corruption10.010.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.653000.03CVE-2013-0657
6Deltek Vision RPC over HTTP SQL sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.03CVE-2018-18251
7LiteSpeed Cache Plugin Log File information disclosure8.07.9$0-$5k$0-$5kHighNot Defined0.548080.00CVE-2024-44000
8LiteSpeed Cache Plugin privileges assignment8.58.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000430.08CVE-2024-28000
9Microsoft IIS FTP Command information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003070.00CVE-2012-2532
10Bitrix24 Apache HTTP Server instagram.php unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001330.03CVE-2023-1713
11AA-Team WZone Plugin sql injection8.38.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33544
12Alt-N MDaemon Worldclient cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.04CVE-2021-27180
13Vera VeraEdge/Veralite Web User Interface RunLua improper authentication7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.101480.00CVE-2017-9389
14Dolibarr ERP CRM SQL File unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-37821
15Kerio Connect/Connect Client Desktop Application E-Mail Preview input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001850.03CVE-2017-7440
16Fortinet FortiWeb Authorization Header sql injection7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.08CVE-2020-29015
17Cisco IOS XE Web UI Remote Code Execution9.99.8$25k-$100k$5k-$25kHighOfficial Fix0.875240.04CVE-2023-20198
18phpMyAdmin Error Reporting Page File php weakness5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001640.00CVE-2014-8961
19Ignition Automation Ignition JavaSerializationCodec deserialization9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2023-39476
20Redis Lua Script Execution Environment injection4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002180.00CVE-2022-24735

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.106.123.196Operation Dragon Castling03/19/2024verifiedVery High
2XXX.XXX.XXX.XXXxxxxxxxx Xxxxxx Xxxxxxxx03/19/2024verifiedVery High
3XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx Xxxxxx Xxxxxxxx03/19/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.kdbgrcpredictiveLow
2File/cgi-bin/gopredictiveMedium
3File/public/plugins/predictiveHigh
4File/resources//../predictiveHigh
5File/rom-0predictiveLow
6File/xxxxxxx/predictiveMedium
7Filexxxx_xxxxx.xxxpredictiveHigh
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
14Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
17Filexxxxxxxx_xxxx.xxxpredictiveHigh
18Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
19Filexxxx.xx.xxpredictiveMedium
20Filexxxxxxxxxx.xxxpredictiveHigh
21Filexxxx.xxpredictiveLow
22Libraryxxxxxx/xxxxxxx/xxx/xxx/xxxxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
23ArgumentxxxxxxpredictiveLow
24ArgumentxxxxxxpredictiveLow
25ArgumentxxxxxpredictiveLow
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxxxpredictiveLow
28ArgumentxxxxxpredictiveLow
29ArgumentxxxxpredictiveLow
30Argumentxxxxxx_xxxxx_xxxpredictiveHigh
31ArgumentxxpredictiveLow
32Argumentxx_xxxx_xxxxpredictiveMedium
33Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
34Argumentxxxx_xxpredictiveLow
35ArgumentxxxxpredictiveLow
36ArgumentxxxpredictiveLow
37Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictiveHigh
38Input Value\xpredictiveLow
39Network PortxxxxxpredictiveLow
40Network Portxxx/xx (xxx)predictiveMedium
41Network Portxxx/xxxx (xx-xxx-xxxxxxx)predictiveHigh
42Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!