Dyre تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (305)

التسلسل الزمني

اللغة

en284
fr10
it8
de4

البلد

ru140
us130
de12
nl8
it6

الفاعلين

Dyre7
Dorkbot2
RTM1
LinuxMoose1
LockBit1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined60
Smartphone Operating System30
Operating System18
Content Management System12
Wireless LAN Software6

المجهز

Not Defined58
Google30
Microsoft16
Apple10
Adobe10

منتج

Google Android30
Microsoft Windows8
FreePBX6
Joomla CMS6
Adobe Flash Player4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.750.00943CVE-2010-0966
3WoltLab Burning Book addentry.php حقن إس كيو إل7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
4Codoforum User Registration سكربتات مشتركة5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00148CVE-2020-5842
5Exponent CMS user.php getUserByName Blind حقن إس كيو إل8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00163CVE-2016-7781
6JoomlaTune Com Jcomments admin.jcomments.php سكربتات مشتركة4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00489CVE-2010-5048
7PHP phpinfo سكربتات مشتركة6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.08985CVE-2006-0996
8Grandstream GXP16xx VoIP SSH Configuration Interface تجاوز الصلاحيات9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00270CVE-2018-17565
9H Peter Anvin tftp-hpa تلف الذاكرة7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.09742CVE-2011-2199
10Apple Mac OS X Server Wiki Server حقن إس كيو إل5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.290.00339CVE-2015-5911
11Microsoft Internet Explorer gopher URI تلف الذاكرة7.36.6$25k-$100kجاري الحسابProof-of-ConceptOfficial Fix0.020.58261CVE-2002-0371
12OAuth/OpenID تجاوز الصلاحيات5.34.7$0-$5k$0-$5kUnprovenUnavailable0.020.00000
13Linux Kernel Crypto Subsystem تجاوز الصلاحيات6.46.4$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00042CVE-2018-14619
14vsftpd deny_file ثغرات غير معروفة3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
15Sierra Wireless ALEOS SSH/Telnet Session الكشف عن المعلومات8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00448CVE-2015-2897
16AVTECH IP Camera/NVR/DVR CloudSetup.cgi تجاوز الصلاحيات9.89.5$0-$5k$0-$5kNot DefinedUnavailable0.030.00000
17Zabbix Dashboard Page توثيق ضعيف8.28.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.31410CVE-2019-17382
18RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php تجاوز الصلاحيات6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00061CVE-2024-0185
19Microsoft Windows COM+ Event System Service Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00107CVE-2022-41033
20FreePBX index.php سكربتات مشتركة8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00773CVE-2012-4870

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
137.59.2.42ns399064.ip-37-59-2.euDyre30/08/2021verifiedعالي
264.70.19.202mailrelay.202.website.wsDyre01/06/2021verifiedعالي
369.195.129.75Dyre01/06/2021verifiedعالي
480.248.224.75Dyre30/08/2021verifiedعالي
585.25.134.53delta526.dedicatedpanel.comDyre30/08/2021verifiedعالي
685.25.138.12echo389.startdedicated.deDyre30/08/2021verifiedعالي
7XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedعالي
8XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx30/08/2021verifiedعالي
9XX.XX.XX.XXXxxx.xxxx.xx.xxXxxx30/08/2021verifiedعالي
10XX.XX.XXX.XXxxxxxxxxx.xx-xx-xx-xxx.xxXxxx30/08/2021verifiedعالي
11XX.XXX.XXX.XXXxxx01/06/2021verifiedعالي
12XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedعالي
13XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedعالي
14XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedعالي
15XXX.XX.XXX.XXXxxx30/08/2021verifiedعالي
16XXX.XXX.X.XXxxxxxxxxx.xxxXxxx30/08/2021verifiedعالي
17XXX.XXX.XX.XXXxxx30/08/2021verifiedعالي
18XXX.XXX.XX.XXXxxx30/08/2021verifiedعالي
19XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xx.xxxxxx.xxxXxxx01/06/2021verifiedعالي
20XXX.XXX.XX.XXXXxxx30/08/2021verifiedعالي
21XXX.XXX.XXX.XXXxxx.xxxxxxxxxx.xxXxxx30/08/2021verifiedعالي
22XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx30/08/2021verifiedعالي
23XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx30/08/2021verifiedعالي
24XXX.XXX.XXX.XXXxxx-xxx-xx.xxxx.xxxXxxx30/08/2021verifiedعالي
25XXX.XX.X.XXxxx-xx-x-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx30/08/2021verifiedعالي
26XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxx01/06/2021verifiedعالي
27XXX.XXX.XXX.XXXXxxx28/07/2023verifiedعالي
28XXX.XXX.XXX.Xxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedعالي
29XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedعالي
30XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CWE-94Argument Injectionpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
9TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
12TXXXX.XXXCWE-XXXXxxxxxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/config.php?display=disa&view=formpredictiveعالي
2File/cgi-bin/admin/testserver.cgipredictiveعالي
3File/cgi-bin/supervisor/CloudSetup.cgipredictiveعالي
4File/framework/modules/users/models/user.phppredictiveعالي
5File/iwguestbook/admin/badwords_edit.asppredictiveعالي
6File/iwguestbook/admin/messages_edit.asppredictiveعالي
7File/private/var/mobile/Containers/Data/Applicationpredictiveعالي
8File/recordings/index.phppredictiveعالي
9Fileacp/core/files.browser.phppredictiveعالي
10Filexxxxxxxx.xxxpredictiveمتوسط
11Filexxxxx.xxxxxxxxx.xxxpredictiveعالي
12Filexxxxx/xxxxx.xxxpredictiveعالي
13Filexxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveعالي
14Filexxxx/xxx/xxx/xxx.xpredictiveعالي
15Filexxxxxxxx_xxxxxxxxx.xxxpredictiveعالي
16Filexxxx_xxxxxx.xpredictiveعالي
17Filexxxxxx/xxxx.xpredictiveعالي
18Filexxxxxxxpredictiveواطئ
19Filexxxxxxxx_xxxxxxx.xxxpredictiveعالي
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
21Filexxxxxxx/xxx/xxx-xxxxxx.xpredictiveعالي
22Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveعالي
23Filexxxxxxx.xpredictiveمتوسط
24Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveعالي
25Filexxxxxxxxx.xxxxpredictiveعالي
26Filexxxxx/xxxxxx_xpredictiveعالي
27Filexxxx-xxxxxxx.xxxpredictiveعالي
28Filexxxx_xxxxx.xxxpredictiveعالي
29Filexxxxxx.xxxpredictiveمتوسط
30Filexxxxxx-xxx.xpredictiveمتوسط
31Filexxx/xxxxxx.xxxpredictiveعالي
32Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveعالي
33Filexxxx/xxxx/xxxxxx.xpredictiveعالي
34Filexxxxx.xxxpredictiveمتوسط
35Filexxxxxxxxxx/xxxxxx.xpredictiveعالي
36Filexxxx.xxxpredictiveمتوسط
37Filexxxxxxxx.xxpredictiveمتوسط
38Filexxxx.xxxpredictiveمتوسط
39Filexxx/xxxxxxxx-xxxxx.xpredictiveعالي
40Filexxx_xxxx_xxxxxxxxx.xxpredictiveعالي
41Filexxxxxxxxxxxx.xxxpredictiveعالي
42Filexxxxxxxx.xxxpredictiveمتوسط
43Filexxxxxxxxx.xpredictiveمتوسط
44Filexxxx.xpredictiveواطئ
45Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveعالي
46Filexxxx/xxxxxxxxx/xxx::xxxxxxxxxxpredictiveعالي
47Libraryxxx/xxx.xpredictiveمتوسط
48Argumentxxxxxxpredictiveواطئ
49Argumentxxxxxxxxpredictiveمتوسط
50Argumentxxxpredictiveواطئ
51Argumentxxxpredictiveواطئ
52Argumentxxx_xxxpredictiveواطئ
53Argumentxxxxxxpredictiveواطئ
54Argumentxxxxxxxxxxxpredictiveمتوسط
55Argumentxxxxxxxpredictiveواطئ
56Argumentxxxxxxpredictiveواطئ
57Argumentxxpredictiveواطئ
58Argumentxxxxxpredictiveواطئ
59Argumentxxxxxpredictiveواطئ
60Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveعالي
61Argumentxxxxpredictiveواطئ
62Argumentxxxxx_xxpredictiveمتوسط
63Argumentxxxxxxxxpredictiveمتوسط
64Argumentxxxxxxxxpredictiveمتوسط
65Argumentxxxxpredictiveواطئ
66Argumentxxxxxx_xxxxpredictiveمتوسط
67Argumentxxxxxxxxpredictiveمتوسط
68Argumentxxxxxxxxxxxpredictiveمتوسط
69Argumentxxxxxxxxpredictiveمتوسط
70Argumentxxxpredictiveواطئ
71Argumentxxxxxxxxpredictiveمتوسط
72Argumentxxxxxxxx/xxxxpredictiveعالي
73Argumentxxxxxx_xxxxxxxxpredictiveعالي
74Input Value'>[xxx]predictiveواطئ
75Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveعالي
76Input Valuexxpredictiveواطئ
77Input Value[xxx][/xxx]predictiveمتوسط

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!