Dharma Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Zeitverlauf

Sprache

en996
de4

Land

us26
gb2
cn2
de2

Akteure

Dharma2

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined180
Mail Client Software36
Web Browser32
WordPress Plugin30
Content Management System12

Hersteller

Not Defined114
Mozilla68
Huawei36
Tenda26
Dataprobe6

Produkt

Mozilla Thunderbird36
Huawei HarmonyOS36
Mozilla Firefox30
OpenImageIO22
Tenda F120322

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1smoothie Cross Site Scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00102CVE-2022-25929
2Fuji Electric Tellus Lite V-Simulator Pufferüberlauf8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00109CVE-2022-3087
3Wp Social Plugin Information Disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00049CVE-2022-47160
4Libksba CRL Signature Parser Pufferüberlauf7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00196CVE-2022-47629
5abacus-ext-cmdline execute erweiterte Rechte7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.000.01588CVE-2022-24431
6ActiveCampaign for WooCommerce Plugin Error Log erweiterte Rechte4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00056CVE-2022-3923
7Mozilla Thunderbird Denial of Service5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00103CVE-2022-42929
8Mozilla Thunderbird URL Parser Pufferüberlauf5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00097CVE-2022-40960
9Mozilla Thunderbird getEntries erweiterte Rechte7.27.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00126CVE-2022-42927
10Mozilla Thunderbird Garbage Collector Pufferüberlauf7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00138CVE-2022-42928
11Mozilla Thunderbird Denial of Service5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00097CVE-2022-40957
12Mozilla Thunderbird schwache Authentisierung5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00097CVE-2022-40958
13Mozilla Thunderbird Remote Code Execution6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00104CVE-2022-40959
14Mozilla Thunderbird Email Message unbekannte Schwachstelle4.24.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00064CVE-2022-1520
15Mozilla Firefox ESR PK11_ChangePW Pufferüberlauf6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00129CVE-2022-38476
16Mozilla Thunderbird erweiterte Rechte6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00120CVE-2022-40956
17Mozilla Firefox ESR VR Process Pufferüberlauf5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00084CVE-2022-1196
18Fuji Electric Tellus Lite V-Simulator Pufferüberlauf8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00061CVE-2022-3085
19Mozilla Thunderbird Digital Signature unbekannte Schwachstelle5.65.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00069CVE-2021-4126
20Mozilla Thunderbird Notification Remote Code Execution6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00097CVE-2022-45408

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1178.239.173.172172.173.239.178.baremetal.zare.comDharma26.04.2022verifiziertHigh
2XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxx-xxxXxxxxx31.05.2021verifiziertHigh
3XXX.XXX.XXX.XXXXxxxxx26.04.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1040CWE-319Authentication Bypass by Capture-replayprädiktivHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
4T1059CWE-94, CWE-1321Argument InjectionprädiktivHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxx Xxxxx XxxxxxxxxxprädiktivHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
12TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxprädiktivHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
16TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxprädiktivHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/admin/scripts/pi-hole/phpqueryads.phpprädiktivHigh
2File/api/Index/getFileBinaryprädiktivHigh
3File/api/User/download_imgprädiktivHigh
4File/aya/module/admin/fst_del.inc.phpprädiktivHigh
5File/aya/module/admin/fst_down.inc.phpprädiktivHigh
6File/conf/prädiktivLow
7File/cupseasylive/countrylist.phpprädiktivHigh
8File/etc/sudoersprädiktivMedium
9File/forum/away.phpprädiktivHigh
10File/goform/addressNatprädiktivHigh
11File/goform/addWifiMacFilterprädiktivHigh
12File/goform/DhcpListClientprädiktivHigh
13File/goform/exeCommandprädiktivHigh
14File/goform/fast_setting_wifi_setprädiktivHigh
15File/xxxxxx/xxxxxxxxxxxxxxxxxxxxprädiktivHigh
16File/xxxxxx/xxxxxxxxxxxxxxxxprädiktivHigh
17File/xxxxxx/xxxxxxxxxxxprädiktivHigh
18File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxprädiktivHigh
19File/xxxxxx/xxxxxxxxxxxxxxprädiktivHigh
20File/xxxxxx/xxxxxxxxxxxxxxxxxprädiktivHigh
21File/xxxxxx/xxxxxxxxxxxprädiktivHigh
22File/xxxxxx/xxxxxxxxxxprädiktivHigh
23File/xxxxxx/xxxxxxxxxxxxprädiktivHigh
24File/xxxxxx/xxxxxxxxxxxprädiktivHigh
25File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxprädiktivHigh
26Filexxxxx/xxxx_xxxxx_xxxx.xxxprädiktivHigh
27Filexxx/xxxx/xxxxxxxxx/xxxxxx_xxxx.xxxprädiktivHigh
28Filexxx-xxxxxxx.xxxprädiktivHigh
29Filexxxxxxxx/xxx/xxxxxxxxxxx/__xxxx__.xxprädiktivHigh
30Filexxxxxxxxx.xxxprädiktivHigh
31Filexxxx/xxx/xxxx/xxxx/xx/xxxxxxxxxx/xxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxxprädiktivHigh
32Filexxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx.xxprädiktivHigh
33Filexxxx.xxxprädiktivMedium
34Filexxxx/xxxxxxxxxx/xxxxxx.xxprädiktivHigh
35Filexxxxxxxxxx/xxxxxx/xxxxxxxxxxx.xxprädiktivHigh
36Filexxx/xxxxxx.xxxprädiktivHigh
37Filexxxxx.xxxxprädiktivMedium
38Filexxxxx.xxxprädiktivMedium
39Filexxx/xxxx_xxxxxxx/xxxxxxxxxxx.xxprädiktivHigh
40Filexxxxx.xxxxprädiktivMedium
41Filexxxx.xxprädiktivLow
42Filexxxxxxxxxxxx.xxxprädiktivHigh
43Filexxxxxx.xxxprädiktivMedium
44FilexxxxxxxxxxxxxxprädiktivHigh
45Filexxx_xxx.xxprädiktivMedium
46Filexxxx_xxxxxxxxprädiktivHigh
47Filexxxxx.xprädiktivLow
48Filexxxxxx/xx/xxxxxxx/xxxxxxx.xxprädiktivHigh
49Filexxxxxx/xxxxxxxprädiktivHigh
50Filexxxxxxxx.xxxprädiktivMedium
51Filexxxxxx/xxxxxxxxxxxx.xxprädiktivHigh
52Filexxxxxxx.xxxprädiktivMedium
53Filexxxxxxxxxx/xx/xxxxxx.xxprädiktivHigh
54Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxx.xxprädiktivHigh
55Filexxx/xxxxx.xxprädiktivMedium
56Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxprädiktivHigh
57Filexxx/xxxxxxx-xxxx.xxxprädiktivHigh
58Filexxxxxx/xx/xxxxxx.xxprädiktivHigh
59Filexxxxxxxxx/xxxxxx.xxxxprädiktivHigh
60Filexxxx-xxxxxxxx.xxxprädiktivHigh
61Filexxx_xxx.xxx.xxxprädiktivHigh
62Filexxxxxxxxxxxx.xxxprädiktivHigh
63Filexxxx_xxxxxxx.xxxprädiktivHigh
64Filexxxxxxxxxx.xxxprädiktivHigh
65ArgumentxxxxxxxxprädiktivMedium
66ArgumentxxxxxxxprädiktivLow
67Argumentxx-xxxprädiktivLow
68ArgumentxxxxxxxxprädiktivMedium
69ArgumentxxxxxxxprädiktivLow
70ArgumentxxxxxxxxxxxprädiktivMedium
71ArgumentxxxxxxxxxxxprädiktivMedium
72ArgumentxxxxxxxxprädiktivMedium
73ArgumentxxxxxxxxxprädiktivMedium
74ArgumentxxxxxxxxxxxxprädiktivMedium
75ArgumentxxxxxxxxprädiktivMedium
76ArgumentxxxxxxprädiktivLow
77ArgumentxxxxprädiktivLow
78ArgumentxxxxprädiktivLow
79ArgumentxxxxxxxxxprädiktivMedium
80ArgumentxxprädiktivLow
81ArgumentxxxxxprädiktivLow
82Argumentxxxx/xxxxxx_xxxxprädiktivHigh
83ArgumentxxxxxxprädiktivLow
84ArgumentxxxxprädiktivLow
85ArgumentxxxxprädiktivLow
86Argumentxxxxxx_xxprädiktivMedium
87ArgumentxxxprädiktivLow
88Argumentxxx_xxxxprädiktivMedium
89Argumentx_xxxx.xxxxxxprädiktivHigh
90ArgumentxxxxxxprädiktivLow
91ArgumentxxxxxxxxxxxxxxxprädiktivHigh
92ArgumentxxxxprädiktivLow
93ArgumentxxxxprädiktivLow
94ArgumentxxxxxprädiktivLow
95Argumentxxxxxxx_xxxxprädiktivMedium
96ArgumentxxxxxxxxxxxxxxxxxprädiktivHigh
97ArgumentxxxxxxxxprädiktivMedium
98Argumentxxxxxxxx_xxprädiktivMedium
99Argumentxxxxx_xxxprädiktivMedium
100ArgumentxxxxprädiktivLow
101ArgumentxxxxxxxprädiktivLow
102ArgumentxxxxxxxxxxxxxxxxxxxxprädiktivHigh
103Argumentxxxxxxxxxxx/xxxxxxxxxxxxprädiktivHigh
104ArgumentxxxxprädiktivLow
105ArgumentxxxxxprädiktivLow
106Argumentxxxxxxxxxxx/xxxxxxxxprädiktivHigh
107ArgumentxxxxxxxxxxxxxxxxprädiktivHigh
108ArgumentxxxxprädiktivLow
109ArgumentxxxprädiktivLow
110ArgumentxxxxprädiktivLow
111ArgumentxxxxprädiktivLow
112ArgumentxxxxprädiktivLow
113Argument_xxxxxxxxx[xxx_xxxxxxxxxx]prädiktivHigh

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!