Dharma Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Chronologie

Langue

en994
de4
ru2

De campagne

us36
gb4
cn2
bg2
ua2

Acteurs

Dharma3
Silence1
Cardinal RAT1
DNSpionage1
Smoke Loader (Trickbot Payload)1

Activités

Intérêt

Chronologie

Taper

Not Defined178
Web Browser38
Mail Client Software34
WordPress Plugin20
Content Management System8

Fournisseur

Not Defined108
Mozilla72
Huawei26
Tenda18
Dataprobe6

Produit

Mozilla Thunderbird34
Mozilla Firefox32
Huawei HarmonyOS24
OpenImageIO22
Tenda F120316

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1smoothie cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2022-25929
2Fuji Electric Tellus Lite V-Simulator buffer overflow8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.05CVE-2022-3087
3Wp Social Plugin divulgation de l'information5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.00CVE-2022-47160
4Libksba CRL Signature Parser buffer overflow7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001960.03CVE-2022-47629
5abacus-ext-cmdline execute elévation de privilèges7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.015880.00CVE-2022-24431
6ActiveCampaign for WooCommerce Plugin Error Log elévation de privilèges4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.01CVE-2022-3923
7Mozilla Thunderbird dénie de service5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2022-42929
8Mozilla Thunderbird URL Parser buffer overflow5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000970.00CVE-2022-40960
9Mozilla Thunderbird getEntries elévation de privilèges7.27.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.00CVE-2022-42927
10Mozilla Thunderbird Garbage Collector buffer overflow7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001380.00CVE-2022-42928
11Mozilla Thunderbird dénie de service5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-40957
12Mozilla Thunderbird authentification faible5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-40958
13Mozilla Thunderbird Remote Code Execution6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2022-40959
14Mozilla Thunderbird Email Message vulnérabilité inconnue4.24.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000640.00CVE-2022-1520
15Mozilla Firefox ESR PK11_ChangePW buffer overflow6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2022-38476
16Mozilla Thunderbird elévation de privilèges6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001200.00CVE-2022-40956
17Mozilla Firefox ESR VR Process buffer overflow5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2022-1196
18Fuji Electric Tellus Lite V-Simulator buffer overflow8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.05CVE-2022-3085
19Mozilla Thunderbird Digital Signature vulnérabilité inconnue5.65.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000690.00CVE-2021-4126
20Mozilla Thunderbird Notification Remote Code Execution6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-45408

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1178.239.173.172172.173.239.178.baremetal.zare.comDharma26/04/2022verifiedÉlevé
2XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxx-xxxXxxxxx31/05/2021verifiedÉlevé
3XXX.XXX.XXX.XXXXxxxxx26/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveÉlevé
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCAPEC-121CWE-XXXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxx Xxxxx XxxxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
14TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
20TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/scripts/pi-hole/phpqueryads.phppredictiveÉlevé
2File/api/Index/getFileBinarypredictiveÉlevé
3File/api/User/download_imgpredictiveÉlevé
4File/aya/module/admin/fst_del.inc.phppredictiveÉlevé
5File/aya/module/admin/fst_down.inc.phppredictiveÉlevé
6File/conf/predictiveFaible
7File/cupseasylive/countrylist.phppredictiveÉlevé
8File/etc/sudoerspredictiveMoyen
9File/forum/away.phppredictiveÉlevé
10File/goform/addressNatpredictiveÉlevé
11File/goform/addWifiMacFilterpredictiveÉlevé
12File/goform/DhcpListClientpredictiveÉlevé
13File/goform/exeCommandpredictiveÉlevé
14File/goform/fast_setting_wifi_setpredictiveÉlevé
15File/xxxxxx/xxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
16File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveÉlevé
17File/xxxxxx/xxxxxxxxxxxpredictiveÉlevé
18File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
19File/xxxxxx/xxxxxxxxxxxxxxpredictiveÉlevé
20File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveÉlevé
21File/xxxxxx/xxxxxxxxxxxpredictiveÉlevé
22File/xxxxxx/xxxxxxxxxxpredictiveÉlevé
23File/xxxxxx/xxxxxxxxxxxxpredictiveÉlevé
24File/xxxxxx/xxxxxxxxxxxpredictiveÉlevé
25File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictiveÉlevé
26Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveÉlevé
27Filexxx/xxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveÉlevé
28Filexxx-xxxxxxx.xxxpredictiveÉlevé
29Filexxxxxxxx/xxx/xxxxxxxxxxx/__xxxx__.xxpredictiveÉlevé
30Filexxxxxxxxx.xxxpredictiveÉlevé
31Filexxxx/xxx/xxxx/xxxx/xx/xxxxxxxxxx/xxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
32Filexxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx.xxpredictiveÉlevé
33Filexxxx.xxxpredictiveMoyen
34Filexxxx/xxxxxxxxxx/xxxxxx.xxpredictiveÉlevé
35Filexxxxxxxxxx/xxxxxx/xxxxxxxxxxx.xxpredictiveÉlevé
36Filexxx/xxxxxx.xxxpredictiveÉlevé
37Filexxxxx.xxxxpredictiveMoyen
38Filexxxxx.xxxpredictiveMoyen
39Filexxx/xxxx_xxxxxxx/xxxxxxxxxxx.xxpredictiveÉlevé
40Filexxxxx.xxxxpredictiveMoyen
41Filexxxx.xxpredictiveFaible
42Filexxxxxxxxxxxx.xxxpredictiveÉlevé
43Filexxxxxx.xxxpredictiveMoyen
44FilexxxxxxxxxxxxxxpredictiveÉlevé
45Filexxx_xxx.xxpredictiveMoyen
46Filexxxx_xxxxxxxxpredictiveÉlevé
47Filexxxxx.xpredictiveFaible
48Filexxxxxx/xx/xxxxxxx/xxxxxxx.xxpredictiveÉlevé
49Filexxxxxx/xxxxxxxpredictiveÉlevé
50Filexxxxxxxx.xxxpredictiveMoyen
51Filexxxxxx/xxxxxxxxxxxx.xxpredictiveÉlevé
52Filexxxxxxx.xxxpredictiveMoyen
53Filexxxxxxxxxx/xx/xxxxxx.xxpredictiveÉlevé
54Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxx.xxpredictiveÉlevé
55Filexxx/xxxxx.xxpredictiveMoyen
56Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
57Filexxx/xxxxxxx-xxxx.xxxpredictiveÉlevé
58Filexxxxxx/xx/xxxxxx.xxpredictiveÉlevé
59Filexxxxxxxxx/xxxxxx.xxxxpredictiveÉlevé
60Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
61Filexxx_xxx.xxx.xxxpredictiveÉlevé
62Filexxxxxxxxxxxx.xxxpredictiveÉlevé
63Filexxxx_xxxxxxx.xxxpredictiveÉlevé
64Filexxxxxxxxxx.xxxpredictiveÉlevé
65ArgumentxxxxxxxxpredictiveMoyen
66ArgumentxxxxxxxpredictiveFaible
67Argumentxx-xxxpredictiveFaible
68ArgumentxxxxxxxxpredictiveMoyen
69ArgumentxxxxxxxpredictiveFaible
70ArgumentxxxxxxxxxxxpredictiveMoyen
71ArgumentxxxxxxxxxxxpredictiveMoyen
72ArgumentxxxxxxxxpredictiveMoyen
73ArgumentxxxxxxxxxpredictiveMoyen
74ArgumentxxxxxxxxxxxxpredictiveMoyen
75ArgumentxxxxxxxxpredictiveMoyen
76ArgumentxxxxxxpredictiveFaible
77ArgumentxxxxpredictiveFaible
78ArgumentxxxxpredictiveFaible
79ArgumentxxxxxxxxxpredictiveMoyen
80ArgumentxxpredictiveFaible
81ArgumentxxxxxpredictiveFaible
82Argumentxxxx/xxxxxx_xxxxpredictiveÉlevé
83ArgumentxxxxxxpredictiveFaible
84ArgumentxxxxpredictiveFaible
85ArgumentxxxxpredictiveFaible
86Argumentxxxxxx_xxpredictiveMoyen
87ArgumentxxxpredictiveFaible
88Argumentxxx_xxxxpredictiveMoyen
89Argumentx_xxxx.xxxxxxpredictiveÉlevé
90ArgumentxxxxxxpredictiveFaible
91ArgumentxxxxxxxxxxxxxxxpredictiveÉlevé
92ArgumentxxxxpredictiveFaible
93ArgumentxxxxpredictiveFaible
94ArgumentxxxxxpredictiveFaible
95Argumentxxxxxxx_xxxxpredictiveMoyen
96ArgumentxxxxxxxxxxxxxxxxxpredictiveÉlevé
97ArgumentxxxxxxxxpredictiveMoyen
98Argumentxxxxxxxx_xxpredictiveMoyen
99Argumentxxxxx_xxxpredictiveMoyen
100ArgumentxxxxpredictiveFaible
101ArgumentxxxxxxxpredictiveFaible
102ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
103Argumentxxxxxxxxxxx/xxxxxxxxxxxxpredictiveÉlevé
104ArgumentxxxxpredictiveFaible
105ArgumentxxxxxpredictiveFaible
106Argumentxxxxxxxxxxx/xxxxxxxxpredictiveÉlevé
107ArgumentxxxxxxxxxxxxxxxxpredictiveÉlevé
108ArgumentxxxxpredictiveFaible
109ArgumentxxxpredictiveFaible
110ArgumentxxxxpredictiveFaible
111ArgumentxxxxpredictiveFaible
112ArgumentxxxxpredictiveFaible
113Argument_xxxxxxxxx[xxx_xxxxxxxxxx]predictiveÉlevé

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!