Dragonfly Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Cronología

Idioma

en936
de20
fr14
ru14
pl8

País

us908
ru24
gb10
kr4
fi2

Actores

Dragonfly12
Cobalt Strike3
Meterpreter2
Ryuk1
TA4061

Ocupaciones

Interesar

Cronología

Escribe

Not Defined80
Operating System26
Content Management System12
Web Server6
Programming Language Software6

Proveedor

Not Defined76
Microsoft16
Apple12
Linux6
YourFreeWorld4

Producto

Apple Mac OS X Server10
Microsoft Windows8
Linux Kernel6
Microsoft Office4
PHP4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.84CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3DZCP deV!L`z Clanportal browser.php divulgación de información5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.80CVE-2007-1167
4Apple Mac OS X Server escalada de privilegios6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2010-1821
5OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.06CVE-2005-1612
6Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003392.24CVE-2015-5911
7Microsoft Windows OLE olecnv32.dll escalada de privilegios7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.638640.00CVE-2017-8487
8Apple Mac OS X Server Profile Manager escalada de privilegios7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.018760.03CVE-2013-0269
9Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.24CVE-2005-4222
10Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.006620.00CVE-2022-37958
11Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.00CVE-2006-3347
12Article Dashboard signup.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002400.03CVE-2007-4333
13PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.00CVE-2007-1287
14Devilz Clanportal File Upload vulnerabilidad desconocida5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.06CVE-2006-6338
15Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.16
16Microsoft Windows Mark of the Web vulnerabilidad desconocida5.44.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.003130.00CVE-2022-41091
17Synacor Zimbra Collaboration Suite sudo Configuration zmslapd escalada de privilegios8.38.3$0-$5k$0-$5kHighOfficial Fix0.001140.02CVE-2022-37393
18vsftpd Service Port 6200 escalada de privilegios8.58.4$25k-$100k$5k-$25kNot DefinedWorkaround0.842150.04CVE-2011-2523
19MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.76CVE-2007-0354
20Tiki Admin Password tiki-login.php autenticación débil8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.80CVE-2020-15906

Campañas (1)

These are the campaigns that can be associated with the actor:

  • Karagany

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
15.45.119.124Dragonfly2021-06-16verifiedAlto
25.135.104.77DragonflyKaragany2020-12-16verifiedAlto
35.196.167.184ip184.ip-5-196-167.euDragonfly2021-06-16verifiedAlto
437.139.7.16Dragonfly2021-06-16verifiedAlto
551.159.28.10151-159-28-101.rev.poneytelecom.euDragonfly2021-06-16verifiedAlto
6XX.XX.XX.XXXXxxxxxxxx2020-12-24verifiedAlto
7XX.XXX.XXX.XXXxxxxxx.xxxxxxx-xxxxx.xxXxxxxxxxx2020-12-16verifiedAlto
8XX.XXX.XX.XXxxx.xxxxxxxx.xxXxxxxxxxx2021-06-16verifiedAlto
9XX.XXX.XXX.XXXxxxxxx-xx.xxxxxxx.xxxXxxxxxxxx2021-01-01verifiedAlto
10XX.XXX.XXX.XXXXxxxxxxxx2021-01-01verifiedAlto
11XXX.XXX.XXX.XXXxxxxxxxx2021-06-16verifiedAlto
12XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx2021-06-16verifiedAlto
13XXX.X.XX.XXXxxxxxxxx2021-06-16verifiedAlto
14XXX.XX.XX.XXxxxxxxxx.xx-xxx-xx-xx.xxxXxxxxxxxx2021-06-16verifiedAlto
15XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxx.xxxXxxxxxxxxXxxxxxxx2020-12-16verifiedAlto
16XXX.XX.XXX.XXxx.xxxxxxxxxxxxxx.xxxxxXxxxxxxxxXxxxxxxx2020-12-16verifiedAlto
17XXX.XX.XXX.XXXxxxxxxxx2021-06-16verifiedAlto
18XXX.XXX.XXX.XXXXxxxxxxxx2020-12-24verifiedAlto
19XXX.XXX.XXX.XXXXxxxxxxxx2020-12-24verifiedAlto
20XXX.XXX.XX.XXXxxxxxx.xxxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-06-16verifiedAlto
21XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxxxxxxx.xxxXxxxxxxxx2021-06-16verifiedAlto
22XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-06-16verifiedAlto
23XXX.XX.XXX.XXxxxxxxxx2020-12-24verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File%SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXEpredictiveAlto
2File/cgi-bin/system_mgr.cgipredictiveAlto
3File/s/predictiveBajo
4File/secure/admin/ImporterFinishedPage.jspapredictiveAlto
5File/uncpath/predictiveMedio
6File/wbg/core/_includes/authorization.inc.phppredictiveAlto
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveAlto
8Fileadclick.phppredictiveMedio
9Fileadmin/import/class-import-settings.phppredictiveAlto
10Fileajax/comments.phppredictiveAlto
11Filearchitext.confpredictiveAlto
12Fileattachment_send.phppredictiveAlto
13Fileauth2-gss.cpredictiveMedio
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
15Filexxxxxxxx.xxxpredictiveMedio
16Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveAlto
17Filexxxxx.xxxpredictiveMedio
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
19Filexxxxxx.xxxpredictiveMedio
20Filexxxxx.xxxpredictiveMedio
21Filexxxxxxxx.xxxpredictiveMedio
22Filexxxx.xxxpredictiveMedio
23Filexxxx.xpredictiveBajo
24Filexxxxxxxxx.xxxpredictiveAlto
25Filexxxxxxxxx.xxxpredictiveAlto
26Filexxxx.xxxpredictiveMedio
27Filexxxx.xxxpredictiveMedio
28Filexxx/xxxxxx.xxxpredictiveAlto
29Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
30Filexxxxx.xxxpredictiveMedio
31Filexxxxx/xxxxx.xxxpredictiveAlto
32Filexxxxxx/xxxxx.xpredictiveAlto
33Filexxxxx.xxxpredictiveMedio
34Filexxxx.xxxpredictiveMedio
35Filexxx_xxxx.xxxpredictiveMedio
36Filexxxxxx.xxxpredictiveMedio
37Filexxxx.xpredictiveBajo
38Filexxxxxxxxxxxxxxx/predictiveAlto
39Filexxxx.xxxpredictiveMedio
40Filexxxxx.xxxpredictiveMedio
41Filexxxxxxxx.xxxpredictiveMedio
42Filexxxxxxxx.xpredictiveMedio
43Filexxxxxx_xxxxxx.xxxpredictiveAlto
44Filexxxxxx.xxxpredictiveMedio
45Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveAlto
46Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveAlto
47Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveAlto
48Filexxxx-xxxxx.xxxpredictiveAlto
49Filexxxx-xxxxxxxx.xxxpredictiveAlto
50Filexx_xxxxx.xxxpredictiveMedio
51Filexxxxxxxxxxx.xxxx.xxxpredictiveAlto
52Filexxxxxxx.xpredictiveMedio
53Filexxxx_xxxxxx.xxxpredictiveAlto
54Filexxxx.xxxpredictiveMedio
55Filexxx/xxxxx/xxxxx.xxxpredictiveAlto
56Filexxxxx/xxxxxxxxpredictiveAlto
57Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveAlto
58Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
59Filexxxxxxxxxx.xxxpredictiveAlto
60FilexxxxxxxpredictiveBajo
61File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveAlto
62Libraryxxxx/xxx/xxxxxx.xxxpredictiveAlto
63Libraryxxx/xxxxxx/xxxxxxxxx.xxpredictiveAlto
64Libraryxxxxxxxx.xxxpredictiveMedio
65ArgumentxxxxpredictiveBajo
66Argumentxxxxxx_xx[]predictiveMedio
67ArgumentxxxxxxxxpredictiveMedio
68ArgumentxxxxxpredictiveBajo
69ArgumentxxxxpredictiveBajo
70ArgumentxxxxxxxxxxpredictiveMedio
71ArgumentxxxxxpredictiveBajo
72ArgumentxxxpredictiveBajo
73ArgumentxxxxxxxpredictiveBajo
74ArgumentxxxxxpredictiveBajo
75ArgumentxxxxpredictiveBajo
76ArgumentxxxxpredictiveBajo
77ArgumentxxpredictiveBajo
78Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveAlto
79Argumentxxxxxx/xxxxxxxxx/xxxxxx_xxxxpredictiveAlto
80ArgumentxxxxpredictiveBajo
81Argumentxx_xxxxxxpredictiveMedio
82Argumentxxxxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveAlto
83Argumentxxxx_xxxxpredictiveMedio
84ArgumentxxxxxpredictiveBajo
85ArgumentxxxxxxxxpredictiveMedio
86Argumentxxxx_xxxxpredictiveMedio
87ArgumentxxxpredictiveBajo
88ArgumentxxxxxxpredictiveBajo
89ArgumentxxxxpredictiveBajo
90ArgumentxxxxxxpredictiveBajo
91ArgumentxxxpredictiveBajo
92ArgumentxxxpredictiveBajo
93ArgumentxxxxxxpredictiveBajo
94ArgumentxxxxxxxxpredictiveMedio
95Argumentxxxx_xxpredictiveBajo
96Argumentxxx_xxxxxpredictiveMedio
97Argument_xxx_xxxxxxxxxxx_predictiveAlto
98Argument__xxxxxxxxxpredictiveMedio
99Input ValuexxxxxxxxpredictiveMedio
100Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveAlto
101Network Portxxx/xxxxpredictiveMedio
102Network Portxxx/xxxxxpredictiveMedio

Referencias (6)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!