Dracarys Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (193)

Sprache

en	190
fr	2
ru	2

Land

us	34
tr	26
ru	2
gb	2

Akteure

RedLine	1
Candiru	1
BazarLoader	1
FTP Info Stealer	1
Bitter	1

Interesse

Typ

Not Defined	96
WordPress Plugin	14
Content Management System	12
Smartphone Operating System	10
Bug Tracking Software	8

Hersteller

Not Defined	78
Google	14
Microsoft	6
GitLab	6
Huawei	4

Produkt

Google Android	10
GitLab Enterprise Edition	6
Microsoft Windows	4
GitLab Community Edition	4
CMS Made Simple	4

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	DeDeCMS Backend file_class.php erweiterte Rechte	6.4	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.09	0.00063	CVE-2023-7212
2	SmarterTools SmarterMail Directory Traversal	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00062	CVE-2019-7213
3	cumin Server Certificate Validator schwache Authentisierung	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00090	CVE-2013-0264
4	DeDeCMS co_do.php SQL Injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00190	CVE-2018-19061
5	DedeCMS selectimages.php Cross Site Scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00046	CVE-2023-49493
6	DeDeCMS select_images_post.php erweiterte Rechte	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.01958	CVE-2018-20129
7	DedeCMS article_allowurl_edit.php erweiterte Rechte	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.09	0.00094	CVE-2023-2928
8	DeDeCMS downmix.inc.php Path Information Disclosure	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.02422	CVE-2018-6910
9	Plesk Obsidian Login Page erweiterte Rechte	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00174	CVE-2023-24044
10	Tenda AC10U fromAddressNat Pufferüberlauf	6.4	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.20	0.00086	CVE-2024-0927
11	Xen Orchestra erweiterte Rechte	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00058	CVE-2021-36383
12	Unisoc T760/T770/T820/S8000 Sim Service erweiterte Rechte	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00042	CVE-2023-42655
13	Microsoft Windows SmartScreen Remote Code Execution	8.8	8.4	$25k-$100k	$5k-$25k	Functional	Official Fix	0.04	0.00961	CVE-2023-32049
14	tsolucio corebos Cross Site Scripting	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2023-3073
15	SICK FTMg Air Flow Sensor REST Interface Information Disclosure	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00092	CVE-2023-23449
16	PHP unserialize Pufferüberlauf	5.3	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.72120	CVE-2015-0231
17	Microsoft Windows DHCP Server Service Remote Code Execution	8.6	8.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.07344	CVE-2023-28231
18	payload CMS Information Disclosure	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00069	CVE-2023-30843
19	Google Android PowerVR Kernel Driver PVRSRVBridgeRGXKickVRDM Pufferüberlauf	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00043	CVE-2021-0872
20	Cththemes Outdoor Theme Cross Site Scripting	5.7	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00047	CVE-2023-29236

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	94.140.114.22		Dracarys		07.10.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-21, CWE-22	Path Traversal	prädiktiv	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	prädiktiv	High
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
4	T1059	CWE-88, CWE-94	Argument Injection	prädiktiv	High
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
10	TXXXX.XXX	CWE-XXXX	Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	prädiktiv	High
13	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
14	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
15	TXXXX	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	prädiktiv	High
16	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	prädiktiv	High
17	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx Xxxxxxxx	prädiktiv	High
18	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
19	TXXXX.XXX	CWE-XXX	Xxxxxxxx	prädiktiv	High
20	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
21	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
22	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/acms/classes/Master.php?f=delete_cargo	prädiktiv	High
2	File	/admin.php/news/admin/topic/save	prädiktiv	High
3	File	/admin/comn/service/update.json	prädiktiv	High
4	File	/dev/shm	prädiktiv	Medium
5	File	/dl/dl_print.php	prädiktiv	High
6	File	/getcfg.php	prädiktiv	Medium
7	File	/ofcms/company-c-47	prädiktiv	High
8	File	/usr/sbin/httpd	prädiktiv	High
9	File	/util/print.c	prädiktiv	High
10	File	/web/MCmsAction.java	prädiktiv	High
11	File	xxx-xxxx.x	prädiktiv	Medium
12	File	xxxxxxxx/xxxxxxx_xxxxxxx.xxx	prädiktiv	High
13	File	xxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxx	prädiktiv	High
14	File	xxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxx	prädiktiv	High
15	File	xxxxxxxx.xxx	prädiktiv	Medium
16	File	xxx-xxxx.xxx	prädiktiv	Medium
17	File	xxxxxxxxx.x	prädiktiv	Medium
18	File	xxxx\xx_xx.xxx	prädiktiv	High
19	File	xxxxxxx.xxx	prädiktiv	Medium
20	File	xxxxxxx/xxx/xx/xxxxxxxxxx.x	prädiktiv	High
21	File	xxxxxxxx.xxx	prädiktiv	Medium
22	File	xxxx_xxxxx.xxx	prädiktiv	High
23	File	xxxxxxx_x.x	prädiktiv	Medium
24	File	xxxxx_xxxxxxxx.xxx	prädiktiv	High
25	File	xxxxxxxxxxxxxxxxxxx.xxxx	prädiktiv	High
26	File	xxxxxxx/xxxxxxx.xxx.xxx	prädiktiv	High
27	File	xxxxx.xxx	prädiktiv	Medium
28	File	xxxxx.xxx?x=/xxxx/xxxxxxxx	prädiktiv	High
29	File	xxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxx	prädiktiv	High
30	File	xxxxxxxx/xxxx_xxxx.x	prädiktiv	High
31	File	xxx_xxxxxx_xxxxxx.xx	prädiktiv	High
32	File	xxxxxx/xxxxxxxx/xxx.xxx	prädiktiv	High
33	File	xxx/xxxxxxxxx/x_xxxxxx.x	prädiktiv	High
34	File	xxxxxxxxxxxxxxxx.xxx	prädiktiv	High
35	File	xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	prädiktiv	High
36	File	xxxxxxx/xx_xxxxx_xxxx/xxxx.xxx	prädiktiv	High
37	File	xxxxxxx.xxx	prädiktiv	Medium
38	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	prädiktiv	High
39	File	xxxxxxx.xxx	prädiktiv	Medium
40	File	xxxxxxxxxxxx.xxx	prädiktiv	High
41	File	xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	prädiktiv	High
42	File	xx_xxxx/xx_xxxxxx.x	prädiktiv	High
43	File	xxx_xxxxxxxx.x	prädiktiv	High
44	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	prädiktiv	High
45	File	xxxxxx/xxx/xx/xxx.x	prädiktiv	High
46	File	xxxxxxxxxxxxxxxxxx.xxx	prädiktiv	High
47	File	xxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxx	prädiktiv	High
48	File	xxxxxxx/xxxxx.xxx	prädiktiv	High
49	File	xxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxx	prädiktiv	High
50	File	xxxxxx.xxx	prädiktiv	Medium
51	File	xxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxx	prädiktiv	High
52	File	xxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxx	prädiktiv	High
53	File	xxxxxxxx/xxxxxxxx	prädiktiv	High
54	File	xxxxx/xxxxx.xx	prädiktiv	High
55	File	xxxxxx/xx/xxxx.xxx	prädiktiv	High
56	File	xxxxxxxxx.xxx	prädiktiv	High
57	Argument	$_xxxxxxx["xxx"]	prädiktiv	High
58	Argument	xxxxxxx	prädiktiv	Low
59	Argument	xxx_xxxxxxxxxx	prädiktiv	High
60	Argument	xxxxxxxx_x/xxxxxxxx_x	prädiktiv	High
61	Argument	xxxxxxxxx	prädiktiv	Medium
62	Argument	xxx	prädiktiv	Low
63	Argument	xxxxxxxxxxxxxxx	prädiktiv	High
64	Argument	xxxxxxxxx	prädiktiv	Medium
65	Argument	xxxxxxxxx	prädiktiv	Medium
66	Argument	xxxxxx x xxx xxxxxxxxxx	prädiktiv	High
67	Argument	xxxxx/xxxxxxxx	prädiktiv	High
68	Argument	xxxxxx_xxxx_xxxxxxxx	prädiktiv	High
69	Argument	xxxxxx/xxxxxxxxxxxx/xxxx	prädiktiv	High
70	Argument	xxxxxxxxx	prädiktiv	Medium
71	Argument	xxxx	prädiktiv	Low
72	Argument	xx	prädiktiv	Low
73	Argument	xxx	prädiktiv	Low
74	Argument	xxx	prädiktiv	Low
75	Argument	xxxxxxxxx	prädiktiv	Medium
76	Argument	xxxx	prädiktiv	Low
77	Argument	xxxxxx	prädiktiv	Low
78	Argument	xxxxxxx	prädiktiv	Low
79	Argument	xxxxxxxx	prädiktiv	Medium
80	Argument	xxxxx	prädiktiv	Low
81	Argument	x_xx	prädiktiv	Low
82	Argument	xxxxxx xxxx	prädiktiv	Medium
83	Argument	xxxx	prädiktiv	Low
84	Argument	xxxxxxxx	prädiktiv	Medium
85	Argument	xxxxxxxx	prädiktiv	Medium
86	Argument	xxxxxxxx	prädiktiv	Medium
87	Argument	xxxxx	prädiktiv	Low
88	Argument	xxxxx	prädiktiv	Low
89	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!