Dracarys Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (193)

Chronologie

Langue

en188
de4
fr2

De campagne

us50
tr26
gb2

Acteurs

RedLine1
Candiru1
BazarLoader1
FTP Info Stealer1
Bitter1

Activités

Intérêt

Chronologie

Taper

Not Defined96
Content Management System24
WordPress Plugin8
Smartphone Operating System6
Web Server6

Fournisseur

Not Defined72
Google10
Apache6
Microsoft4
VMware4

Produit

Google Android6
Google Chrome4
DeDeCMS4
Apache HTTP Server4
DedeCMS4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1DeDeCMS Backend file_class.php elévation de privilèges6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.05CVE-2023-7212
2SmarterTools SmarterMail directory traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2019-7213
3cumin Server Certificate Validator authentification faible7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000900.04CVE-2013-0264
4DeDeCMS co_do.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001900.02CVE-2018-19061
5DedeCMS selectimages.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2023-49493
6DeDeCMS select_images_post.php elévation de privilèges7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.019580.00CVE-2018-20129
7DedeCMS article_allowurl_edit.php elévation de privilèges6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000940.09CVE-2023-2928
8DeDeCMS downmix.inc.php Path divulgation de l'information5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024220.02CVE-2018-6910
9Plesk Obsidian Login Page elévation de privilèges5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.19CVE-2023-24044
10Tenda AC10U fromAddressNat buffer overflow6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.09CVE-2024-0927
11Xen Orchestra elévation de privilèges6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2021-36383
12Unisoc T760/T770/T820/S8000 Sim Service elévation de privilèges5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-42655
13Microsoft Windows SmartScreen Remote Code Execution8.88.4$25k-$100k$5k-$25kFunctionalOfficial Fix0.009610.04CVE-2023-32049
14tsolucio corebos cross site scripting5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2023-3073
15SICK FTMg Air Flow Sensor REST Interface divulgation de l'information5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001300.00CVE-2023-23449
16PHP unserialize buffer overflow5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.721200.03CVE-2015-0231
17Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.073440.00CVE-2023-28231
18payload CMS divulgation de l'information5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.00CVE-2023-30843
19Google Android PowerVR Kernel Driver PVRSRVBridgeRGXKickVRDM buffer overflow6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2021-0872
20Cththemes Outdoor Theme cross site scripting5.75.6$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-29236

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
194.140.114.22Dracarys07/10/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-88, CWE-94Argument InjectionpredictiveÉlevé
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveÉlevé
18TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
19TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
21TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/acms/classes/Master.php?f=delete_cargopredictiveÉlevé
2File/admin.php/news/admin/topic/savepredictiveÉlevé
3File/admin/comn/service/update.jsonpredictiveÉlevé
4File/dev/shmpredictiveMoyen
5File/dl/dl_print.phppredictiveÉlevé
6File/getcfg.phppredictiveMoyen
7File/ofcms/company-c-47predictiveÉlevé
8File/usr/sbin/httpdpredictiveÉlevé
9File/util/print.cpredictiveÉlevé
10File/web/MCmsAction.javapredictiveÉlevé
11Filexxx-xxxx.xpredictiveMoyen
12Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveÉlevé
13Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveÉlevé
14Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveÉlevé
15Filexxxxxxxx.xxxpredictiveMoyen
16Filexxx-xxxx.xxxpredictiveMoyen
17Filexxxxxxxxx.xpredictiveMoyen
18Filexxxx\xx_xx.xxxpredictiveÉlevé
19Filexxxxxxx.xxxpredictiveMoyen
20Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveÉlevé
21Filexxxxxxxx.xxxpredictiveMoyen
22Filexxxx_xxxxx.xxxpredictiveÉlevé
23Filexxxxxxx_x.xpredictiveMoyen
24Filexxxxx_xxxxxxxx.xxxpredictiveÉlevé
25Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
26Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveÉlevé
27Filexxxxx.xxxpredictiveMoyen
28Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveÉlevé
29Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveÉlevé
30Filexxxxxxxx/xxxx_xxxx.xpredictiveÉlevé
31Filexxx_xxxxxx_xxxxxx.xxpredictiveÉlevé
32Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveÉlevé
33Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveÉlevé
34Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
35Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
36Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveÉlevé
37Filexxxxxxx.xxxpredictiveMoyen
38Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveÉlevé
39Filexxxxxxx.xxxpredictiveMoyen
40Filexxxxxxxxxxxx.xxxpredictiveÉlevé
41Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
42Filexx_xxxx/xx_xxxxxx.xpredictiveÉlevé
43Filexxx_xxxxxxxx.xpredictiveÉlevé
44Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
45Filexxxxxx/xxx/xx/xxx.xpredictiveÉlevé
46Filexxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
47Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveÉlevé
48Filexxxxxxx/xxxxx.xxxpredictiveÉlevé
49Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveÉlevé
50Filexxxxxx.xxxpredictiveMoyen
51Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveÉlevé
52Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveÉlevé
53Filexxxxxxxx/xxxxxxxxpredictiveÉlevé
54Filexxxxx/xxxxx.xxpredictiveÉlevé
55Filexxxxxx/xx/xxxx.xxxpredictiveÉlevé
56Filexxxxxxxxx.xxxpredictiveÉlevé
57Argument$_xxxxxxx["xxx"]predictiveÉlevé
58ArgumentxxxxxxxpredictiveFaible
59Argumentxxx_xxxxxxxxxxpredictiveÉlevé
60Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveÉlevé
61ArgumentxxxxxxxxxpredictiveMoyen
62ArgumentxxxpredictiveFaible
63ArgumentxxxxxxxxxxxxxxxpredictiveÉlevé
64ArgumentxxxxxxxxxpredictiveMoyen
65ArgumentxxxxxxxxxpredictiveMoyen
66Argumentxxxxxx x xxx xxxxxxxxxxpredictiveÉlevé
67Argumentxxxxx/xxxxxxxxpredictiveÉlevé
68Argumentxxxxxx_xxxx_xxxxxxxxpredictiveÉlevé
69Argumentxxxxxx/xxxxxxxxxxxx/xxxxpredictiveÉlevé
70ArgumentxxxxxxxxxpredictiveMoyen
71ArgumentxxxxpredictiveFaible
72ArgumentxxpredictiveFaible
73ArgumentxxxpredictiveFaible
74ArgumentxxxpredictiveFaible
75ArgumentxxxxxxxxxpredictiveMoyen
76ArgumentxxxxpredictiveFaible
77ArgumentxxxxxxpredictiveFaible
78ArgumentxxxxxxxpredictiveFaible
79ArgumentxxxxxxxxpredictiveMoyen
80ArgumentxxxxxpredictiveFaible
81Argumentx_xxpredictiveFaible
82Argumentxxxxxx xxxxpredictiveMoyen
83ArgumentxxxxpredictiveFaible
84ArgumentxxxxxxxxpredictiveMoyen
85ArgumentxxxxxxxxpredictiveMoyen
86ArgumentxxxxxxxxpredictiveMoyen
87ArgumentxxxxxpredictiveFaible
88ArgumentxxxxxpredictiveFaible
89Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!