DreamBus Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (156)

Zeitverlauf

Sprache

de80
en54
ja14
es6
ru2

Land

us122
jp14
me8
th4
cz2

Akteure

DreamBus6

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined50
Content Management System24
WordPress Plugin10
Web Server6
Anti-Malware Software6

Hersteller

Not Defined60
Apache12
Oracle10
SourceCodester4
thorsten4

Produkt

Django6
b2evolution4
Apache HTTP Server4
SourceCodester Library Management System4
thorsten phpmyfaq4

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1nginx erweiterte Rechte6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00241CVE-2020-12440
2WikkaWiki wikka.php Cross Site Scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00263CVE-2013-5586
3OpenSSL OCSP Response OCSP_basic_verify schwache Authentisierung7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.00152CVE-2022-1343
4Apache Wicket Cross Site Scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00404CVE-2011-2712
5ClamAV Antivirus MIME Parser erweiterte Rechte6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000.01728CVE-2019-15961
6Omron CX-One CX-Programmer Password Storage Information Disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2015-0988
7phpBB Information Disclosure9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00269CVE-2008-1766
8Joomla CMS SQL Injection7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.00264CVE-2013-1453
9jQuery IMG Element Cross Site Scripting5.25.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00115CVE-2018-18405
10Oracle PeopleSoft Enterprise PeopleTools Elastic Search erweiterte Rechte9.39.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00811CVE-2022-1471
11F5 BIG-IP Virtual Server schwache Verschlüsselung5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00128CVE-2019-6593
12Hitachi Replication Manager Expression Language Remote Code Execution8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00129CVE-2022-4146
13SolidWorks Desktop DWG File Pufferüberlauf7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00123CVE-2023-2763
14Schneider Electric StruxureWare Data Center DCE SQL Injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00050CVE-2023-37196
15Avast AntiVirus Driver aswSnx.sys Denial of Service4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2020-20118
16Undici HTTP Header erweiterte Rechte6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00126CVE-2023-23936
17FreeBSD Unix Domain Socket erweiterte Rechte8.37.9$5k-$25kWird berechnetProof-of-ConceptOfficial Fix0.020.00045CVE-2019-5596
18Google Chrome Sandbox IPC Race Condition7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00248CVE-2011-3080
19administrate OAuth Cross Site Request Forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00074CVE-2016-3098
20A-FTP Anonymous FTP Server Command Pufferüberlauf7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000.00241CVE-2001-0794

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
11.46.6.1DreamBus17.01.2024verifiziertHigh
210.0.0.0DreamBus28.06.2023verifiziertHigh
392.204.243.155DreamBus01.09.2023verifiziertHigh
4XX.XXX.XXX.XXXxxxx.x.xxxxxxxxx.xxXxxxxxxx10.08.2022verifiziertHigh
5XX.XXX.XX.XXxx-xxx-xx-xx.xx-xxxx.xxxxxxx.xxxxXxxxxxxx10.08.2022verifiziertHigh
6XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx10.08.2022verifiziertHigh
7XXX.XX.XXX.XXxxxxxxx28.06.2023verifiziertHigh
8XXX.XXX.XXX.XXXXxxxxxxx10.08.2022verifiziertHigh
9XXX.XXX.XXX.XXXxxx.xx-xxx-xxx-xxx.xxXxxxxxxx10.08.2022verifiziertHigh
10XXX.XX.X.XXxxxxxxx28.06.2023verifiziertHigh
11XXX.XXX.X.XXxxxxxxx28.06.2023verifiziertHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxprädiktivHigh
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
14TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/config/getuserprädiktivHigh
2File/index.php?action=seomatic/file/seo-file-linkprädiktivHigh
3File/librarian/bookdetails.phpprädiktivHigh
4File/mgmt/tm/util/bashprädiktivHigh
5File/staff/bookdetails.phpprädiktivHigh
6File/student/bookdetails.phpprädiktivHigh
7File/text/pdf/PdfReader.javaprädiktivHigh
8Filexxx.xxxprädiktivLow
9Filexxxxx/xxxxxx.xxx/xxxxxx.xxx.xxxprädiktivHigh
10Filexxxxxxx.xxprädiktivMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
12Filexxxxxxxxxx.xxxprädiktivHigh
13Filexxxxxxxxxxxx.xxxprädiktivHigh
14Filexxxxxxxxxxxxxxxxx.xxxprädiktivHigh
15Filexxxxx-xxxxxx/xxxxxxxx/xxxx-xxxx.xxprädiktivHigh
16Filexxxx_xxxx_xxxxxx.xxxprädiktivHigh
17Filexxxx/xxxxprädiktivMedium
18Filexxxx.xxxprädiktivMedium
19Filexxxxxx/xxxxxprädiktivMedium
20Filexxx/xxxxx/xxxxx.xxxx.xxxprädiktivHigh
21Filexxxxxxx.xxprädiktivMedium
22Filexxxxxx/xxxxxxxxxxx.xxxprädiktivHigh
23Filexxx_xxxxx_xxxxx.xprädiktivHigh
24Filexxxxxx/xxxxxxx/xxxxxxxxx/xxx/xxxxx_xxx.xxxprädiktivHigh
25Filexxxxx-xxxxxxx/xxx/xxxxx/xxxx_xxxxx/prädiktivHigh
26Filexxxxxxxx.xprädiktivMedium
27Filexxxxxxxx_xxxxxx.xxxprädiktivHigh
28Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxprädiktivHigh
29Filexxxx.xxxprädiktivMedium
30Filexxxx.xxxprädiktivMedium
31Filexxxxx.xxxprädiktivMedium
32Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxprädiktivHigh
33Libraryxxxxxxxx.xxxprädiktivMedium
34Libraryxxxxxx.xxxprädiktivMedium
35Libraryxxx/xxxxxxxx/xxxx.xxxprädiktivHigh
36Argumentxxxxx_xx/xxxxxprädiktivHigh
37Argumentxxxx_xxxxxxxxprädiktivHigh
38ArgumentxxxxxxprädiktivLow
39Argumentxxx_xxxprädiktivLow
40ArgumentxxxxprädiktivLow
41Argumentxx_xxxxxxxxprädiktivMedium
42ArgumentxxxxxxxxxprädiktivMedium
43ArgumentxxprädiktivLow
44ArgumentxxprädiktivLow
45ArgumentxxxxxxprädiktivLow
46ArgumentxxxxxxxprädiktivLow
47Argumentxxxxx_xxprädiktivMedium
48ArgumentxxxxxxxxxprädiktivMedium
49Argumentxxxx_xxxxxxprädiktivMedium
50ArgumentxxxxxxxxprädiktivMedium
51Argumentxxx_xxprädiktivLow
52ArgumentxxxprädiktivLow
53ArgumentxxxxprädiktivLow
54Argumentxxxx_xxxxxx/xxxxxx/xxxxxxprädiktivHigh
55ArgumentxxxprädiktivLow
56ArgumentxxxxprädiktivLow
57ArgumentxxxxxprädiktivLow
58Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxprädiktivHigh
59Input Value..\/prädiktivLow
60Network Portxxx/xxxxprädiktivMedium

Referenzen (6)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!