Dfni تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

اللغة

en	28
es	2
ru	2

البلد

us	18
ua	12
ru	2

الفاعلين

BEAR	1
GreyEnergy	1
Dfni	1
Dridex	1
Clop	1

الاهتمام

النوع

Not Defined	12
Photo Gallery Software	4
SSH Server Software	2
Web Browser	2
Router Operating System	2

المجهز

Not Defined	12
APC	2
Supermicro	2
Omron	2
D-Link	2

منتج

ThinkPHP	2
User Post Gallery Plugin	2
APC Switched Rack Pdu	2
Supermicro H8dgu-f	2
Omron CX-One CX-Programmer	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	IBM Security AppScan Enterprise Enterprise Source Database تشفير ضعيف	9.8	8.5	$5k-$25k	جاري الحساب	Unproven	Official Fix	0.00	0.00082	CVE-2013-3989
2	raspap-webgui activate_ovpncfg.php تجاوز الصلاحيات	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.86945	CVE-2022-39986
3	PHP Everywhere Plugin Shortcode Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00108	CVE-2022-24663
4	Add Link to Facebook Plugin profile.php سكربتات مشتركة	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00057	CVE-2018-5214
5	openmosix libmosix.c this تلف الذاكرة	4.0	4.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00042	CVE-2008-1865
6	User Post Gallery Plugin تجاوز الصلاحيات	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.03753	CVE-2022-4060
7	eSST Monitoring تجاوز الصلاحيات	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00116	CVE-2023-41631
8	Boa Web Server HEAD Method تجاوز الصلاحيات	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00112	CVE-2022-45956
9	GitLab Privilege Escalation	5.1	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00118	CVE-2021-22263
10	ThinkPHP تجاوز الصلاحيات	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.00058	CVE-2022-44289
11	SuiteCRM Accounts/Contacts/Opportunities/Leads تجاوز الصلاحيات	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00063	CVE-2020-15301
12	cocoapods-downloader تجاوز الصلاحيات	6.8	6.7	$0-$5k	جاري الحساب	Not Defined	Official Fix	0.00	0.00131	CVE-2022-21223
13	PHP Everywhere Plugin Metabox Privilege Escalation	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00108	CVE-2022-24664
14	APC UPS Network Management Card 2 AOS Remote Monitoring Credentials الكشف عن المعلومات	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00222	CVE-2018-7820
15	APC Switched Rack Pdu توثيق ضعيف	7.5	6.6	$0-$5k	$0-$5k	Unproven	Unavailable	0.02	0.01263	CVE-2007-6226
16	Dropbear SSH dropbearconvert تجاوز الصلاحيات	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00956	CVE-2016-7407
17	Dropbear SSH تجاوز الصلاحيات	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.02911	CVE-2016-7406
18	Supermicro H8dgu-f Intelligent Platform Management Interface PrivilegeCallBack تجاوز الصلاحيات	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.01615	CVE-2013-3609
19	Drupal تجاوز الصلاحيات	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00088	CVE-2017-6928
20	D-Link DCS-930L/DCS-932L Authentication الكشف عن المعلومات	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00000

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	حملات	Identified	النوع	الثقة
1	5.149.248.134		Dfni		08/04/2022	verified	عالي
2	XXX.XXX.XXX.XX	xxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx		08/04/2022	verified	عالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1059	CWE-88	Argument Injection	predictive	عالي
2	T1059.007	CWE-79	Cross Site Scripting	predictive	عالي
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	عالي
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	عالي
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/ajax/openvpn/activate_ovpncfg.php	predictive	عالي
2	File	FlexCell.ocx	predictive	متوسط
3	File	xxxxxxxx.x	predictive	متوسط
4	File	xxxxx-xxxxxxx.xxx	predictive	عالي
5	File	xx-xxxxx/xxxxxxx.xxx	predictive	عالي
6	Library	xxx/xxxxxxx-xxxxxxxxx-x.x.x.xxx	predictive	عالي
7	Argument	xxxxx_xxxxxxxx_xx	predictive	عالي
8	Argument	xxx_xx	predictive	واطئ
9	Argument	xx	predictive	واطئ
10	Argument	xxxx	predictive	واطئ
11	Argument	xxx_xx	predictive	واطئ
12	Argument	xxxx	predictive	واطئ
13	Argument	xxxxxxxx/xxxx	predictive	عالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you know our Splunk app?

Download it now for free!