DreamBus تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (156)

التسلسل الزمني

اللغة

de82
en56
ja10
es6
ru2

البلد

us126
jp10
th4
cz2

الفاعلين

DreamBus5

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined56
Content Management System16
Web Server10
WordPress Plugin6
Anti-Malware Software6

المجهز

Not Defined62
Apache20
SourceCodester6
Avast6
Oracle6

منتج

Apache HTTP Server10
Drupal4
SourceCodester Library Management System4
Avast Antivirus4
Zebra Enterprise Home Screen2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.070.00241CVE-2020-12440
2WikkaWiki wikka.php سكربتات مشتركة4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00263CVE-2013-5586
3OpenSSL OCSP Response OCSP_basic_verify توثيق ضعيف7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00152CVE-2022-1343
4Apache Wicket سكربتات مشتركة4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00404CVE-2011-2712
5ClamAV Antivirus MIME Parser تجاوز الصلاحيات6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.01728CVE-2019-15961
6Omron CX-One CX-Programmer Password Storage الكشف عن المعلومات5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2015-0988
7phpBB الكشف عن المعلومات9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00269CVE-2008-1766
8Joomla CMS حقن إس كيو إل7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.00264CVE-2013-1453
9jQuery IMG Element سكربتات مشتركة5.25.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00115CVE-2018-18405
10Oracle PeopleSoft Enterprise PeopleTools Elastic Search تجاوز الصلاحيات9.39.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00811CVE-2022-1471
11F5 BIG-IP Virtual Server تشفير ضعيف5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00128CVE-2019-6593
12Hitachi Replication Manager Expression Language Remote Code Execution8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00129CVE-2022-4146
13SolidWorks Desktop DWG File تلف الذاكرة7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00123CVE-2023-2763
14Schneider Electric StruxureWare Data Center DCE حقن إس كيو إل7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00050CVE-2023-37196
15Avast AntiVirus Driver aswSnx.sys الحرمان من الخدمة4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2020-20118
16Undici HTTP Header تجاوز الصلاحيات6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00126CVE-2023-23936
17FreeBSD Unix Domain Socket تجاوز الصلاحيات8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00045CVE-2019-5596
18Google Chrome Sandbox IPC حالة السباق7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00248CVE-2011-3080
19administrate OAuth طلب تزوير مشترك4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00074CVE-2016-3098
20A-FTP Anonymous FTP Server Command تلف الذاكرة7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000.00241CVE-2001-0794

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
11.46.6.1DreamBus17/01/2024verifiedعالي
210.0.0.0DreamBus28/06/2023verifiedعالي
392.204.243.155DreamBus01/09/2023verifiedعالي
4XX.XXX.XXX.XXXxxxx.x.xxxxxxxxx.xxXxxxxxxx10/08/2022verifiedعالي
5XX.XXX.XX.XXxx-xxx-xx-xx.xx-xxxx.xxxxxxx.xxxxXxxxxxxx10/08/2022verifiedعالي
6XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx10/08/2022verifiedعالي
7XXX.XX.XXX.XXxxxxxxx28/06/2023verifiedعالي
8XXX.XXX.XXX.XXXXxxxxxxx10/08/2022verifiedعالي
9XXX.XXX.XXX.XXXxxx.xx-xxx-xxx-xxx.xxXxxxxxxx10/08/2022verifiedعالي
10XXX.XX.X.XXxxxxxxx28/06/2023verifiedعالي
11XXX.XXX.X.XXxxxxxxx28/06/2023verifiedعالي

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/config/getuserpredictiveعالي
2File/index.php?action=seomatic/file/seo-file-linkpredictiveعالي
3File/librarian/bookdetails.phppredictiveعالي
4File/mgmt/tm/util/bashpredictiveعالي
5File/staff/bookdetails.phppredictiveعالي
6File/student/bookdetails.phppredictiveعالي
7File/text/pdf/PdfReader.javapredictiveعالي
8Filexxx.xxxpredictiveواطئ
9Filexxxxx/xxxxxx.xxx/xxxxxx.xxx.xxxpredictiveعالي
10Filexxxxxxx.xxpredictiveمتوسط
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
12Filexxxxxxxxxx.xxxpredictiveعالي
13Filexxxxxxxxxxxx.xxxpredictiveعالي
14Filexxxxxxxxxxxxxxxxx.xxxpredictiveعالي
15Filexxxxx-xxxxxx/xxxxxxxx/xxxx-xxxx.xxpredictiveعالي
16Filexxxx_xxxx_xxxxxx.xxxpredictiveعالي
17Filexxxx/xxxxpredictiveمتوسط
18Filexxxx.xxxpredictiveمتوسط
19Filexxxxxx/xxxxxpredictiveمتوسط
20Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveعالي
21Filexxxxxxx.xxpredictiveمتوسط
22Filexxxxxx/xxxxxxxxxxx.xxxpredictiveعالي
23Filexxx_xxxxx_xxxxx.xpredictiveعالي
24Filexxxxxx/xxxxxxx/xxxxxxxxx/xxx/xxxxx_xxx.xxxpredictiveعالي
25Filexxxxx-xxxxxxx/xxx/xxxxx/xxxx_xxxxx/predictiveعالي
26Filexxxxxxxx.xpredictiveمتوسط
27Filexxxxxxxx_xxxxxx.xxxpredictiveعالي
28Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxpredictiveعالي
29Filexxxx.xxxpredictiveمتوسط
30Filexxxx.xxxpredictiveمتوسط
31Filexxxxx.xxxpredictiveمتوسط
32Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveعالي
33Libraryxxxxxxxx.xxxpredictiveمتوسط
34Libraryxxxxxx.xxxpredictiveمتوسط
35Libraryxxx/xxxxxxxx/xxxx.xxxpredictiveعالي
36Argumentxxxxx_xx/xxxxxpredictiveعالي
37Argumentxxxx_xxxxxxxxpredictiveعالي
38Argumentxxxxxxpredictiveواطئ
39Argumentxxx_xxxpredictiveواطئ
40Argumentxxxxpredictiveواطئ
41Argumentxx_xxxxxxxxpredictiveمتوسط
42Argumentxxxxxxxxxpredictiveمتوسط
43Argumentxxpredictiveواطئ
44Argumentxxpredictiveواطئ
45Argumentxxxxxxpredictiveواطئ
46Argumentxxxxxxxpredictiveواطئ
47Argumentxxxxx_xxpredictiveمتوسط
48Argumentxxxxxxxxxpredictiveمتوسط
49Argumentxxxx_xxxxxxpredictiveمتوسط
50Argumentxxxxxxxxpredictiveمتوسط
51Argumentxxx_xxpredictiveواطئ
52Argumentxxxpredictiveواطئ
53Argumentxxxxpredictiveواطئ
54Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictiveعالي
55Argumentxxxpredictiveواطئ
56Argumentxxxxpredictiveواطئ
57Argumentxxxxxpredictiveواطئ
58Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveعالي
59Input Value..\/predictiveواطئ
60Network Portxxx/xxxxpredictiveمتوسط

المصادر (6)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!