DazzleSpy Analyse

IOB - Indicator of Behavior (13)

Chronologie

Langue

en10
zh4

De campagne

cn14

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Ubiquiti EdgeMAX EdgeRouter2
Openfind Mail20002
NotificationX Plugin2
Apache Tomcat2
Ganglia Ganglia-web2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1TrueConf Server sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00656CVE-2022-46764
2NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02414CVE-2022-0349
3AddToAny Share Buttons Plugin Image Button Setting cross site scripting2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00053CVE-2021-24616
4DPTech VPN divulgation de l'information3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00150CVE-2022-34593
5Apache Tomcat Request Header divulgation de l'information5.65.6$5k-$25k$0-$5kNot DefinedNot Defined0.020.00300CVE-2020-17527
6Ganglia Ganglia-web Remote Code Execution7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.18799CVE-2012-3448
7Openfind Mail2000 Access Control elévation de privilèges6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.050.00087CVE-2020-12776
8SourceCodester Guest Management System myform.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00138CVE-2022-2811
9osCommerce Online Merchant vulnérabilité inconnue5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00214CVE-2012-2991
10Oracle Database Oracle Application Express vulnérabilité inconnue5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00054CVE-2020-2973
11Minio Console Operator Console authentification faible8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.05383CVE-2021-41266
12Ubiquiti EdgeMAX EdgeRouter Firmware Update elévation de privilèges8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00359CVE-2021-22909
13Active Choices Plugin cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00054CVE-2021-21616

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
188.218.192.12888.218.192.128.static.xtom.comDazzleSpy05/03/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1059.007CWE-79Cross Site ScriptingpredictiveÉlevé
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
3TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1Filemyform.phppredictiveMoyen
2ArgumentxxxxpredictiveFaible
3Argumentxx_xxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!