Dragonfly Analyse

IOB - Indicator of Behavior (1000)

Chronologie

Langue

en922
de22
fr16
ru14
es10

De campagne

us918
ru26
gb10
kr4
tr4

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Apple Mac OS X Server10
Linux Kernel6
Squiz Matrix6
Joomla CMS6
Microsoft Windows6

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.630.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3DZCP deV!L`z Clanportal browser.php divulgation de l'information5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined1.140.02733CVE-2007-1167
4Apple Mac OS X Server elévation de privilèges6.56.3$5k-$25kCalculateurNot DefinedOfficial Fix0.000.00042CVE-2010-1821
5OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00250CVE-2005-1612
6Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.740.00339CVE-2015-5911
7Microsoft Windows OLE olecnv32.dll elévation de privilèges7.06.3$25k-$100kCalculateurProof-of-ConceptOfficial Fix0.000.65990CVE-2017-8487
8Apple Mac OS X Server Profile Manager elévation de privilèges7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.030.01876CVE-2013-0269
9Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.140.00169CVE-2005-4222
10Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00626CVE-2022-37958
11Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.000.00784CVE-2006-3347
12Article Dashboard signup.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00240CVE-2007-4333
13PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02101CVE-2007-1287
14Devilz Clanportal File Upload vulnérabilité inconnue5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.05362CVE-2006-6338
15Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.230.00000
16Microsoft Windows Mark of the Web vulnérabilité inconnue5.44.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00313CVE-2022-41091
17Synacor Zimbra Collaboration Suite sudo Configuration zmslapd elévation de privilèges8.38.3$0-$5k$0-$5kHighOfficial Fix0.020.00114CVE-2022-37393
18vsftpd Service Port 6200 elévation de privilèges8.58.4$25k-$100k$25k-$100kNot DefinedWorkaround0.030.84215CVE-2011-2523
19MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.510.01302CVE-2007-0354
20Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.710.00936CVE-2020-15906

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • Karagany

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.45.119.124Dragonfly16/06/2021verifiedÉlevé
25.135.104.77DragonflyKaragany16/12/2020verifiedÉlevé
35.196.167.184ip184.ip-5-196-167.euDragonfly16/06/2021verifiedÉlevé
437.139.7.16Dragonfly16/06/2021verifiedÉlevé
551.159.28.10151-159-28-101.rev.poneytelecom.euDragonfly16/06/2021verifiedÉlevé
6XX.XX.XX.XXXXxxxxxxxx24/12/2020verifiedÉlevé
7XX.XXX.XXX.XXXxxxxxx.xxxxxxx-xxxxx.xxXxxxxxxxx16/12/2020verifiedÉlevé
8XX.XXX.XX.XXxxx.xxxxxxxx.xxXxxxxxxxx16/06/2021verifiedÉlevé
9XX.XXX.XXX.XXXxxxxxx-xx.xxxxxxx.xxxXxxxxxxxx01/01/2021verifiedÉlevé
10XX.XXX.XXX.XXXXxxxxxxxx01/01/2021verifiedÉlevé
11XXX.XXX.XXX.XXXxxxxxxxx16/06/2021verifiedÉlevé
12XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx16/06/2021verifiedÉlevé
13XXX.X.XX.XXXxxxxxxxx16/06/2021verifiedÉlevé
14XXX.XX.XX.XXxxxxxxxx.xx-xxx-xx-xx.xxxXxxxxxxxx16/06/2021verifiedÉlevé
15XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxx.xxxXxxxxxxxxXxxxxxxx16/12/2020verifiedÉlevé
16XXX.XX.XXX.XXxx.xxxxxxxxxxxxxx.xxxxxXxxxxxxxxXxxxxxxx16/12/2020verifiedÉlevé
17XXX.XX.XXX.XXXxxxxxxxx16/06/2021verifiedÉlevé
18XXX.XXX.XXX.XXXXxxxxxxxx24/12/2020verifiedÉlevé
19XXX.XXX.XXX.XXXXxxxxxxxx24/12/2020verifiedÉlevé
20XXX.XXX.XX.XXXxxxxxx.xxxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx16/06/2021verifiedÉlevé
21XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxxxxxxx.xxxXxxxxxxxx16/06/2021verifiedÉlevé
22XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxxxxxxx.xxxXxxxxxxxx16/06/2021verifiedÉlevé
23XXX.XX.XXX.XXxxxxxxxx24/12/2020verifiedÉlevé

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File%SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXEpredictiveÉlevé
2File/cgi-bin/system_mgr.cgipredictiveÉlevé
3File/s/predictiveFaible
4File/secure/admin/ImporterFinishedPage.jspapredictiveÉlevé
5File/uncpath/predictiveMoyen
6File/wbg/core/_includes/authorization.inc.phppredictiveÉlevé
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveÉlevé
8Fileadclick.phppredictiveMoyen
9Fileadmin/import/class-import-settings.phppredictiveÉlevé
10Fileajax/comments.phppredictiveÉlevé
11Filearchitext.confpredictiveÉlevé
12Fileattachment_send.phppredictiveÉlevé
13Fileauth2-gss.cpredictiveMoyen
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
15Filexxxxxxxx.xxxpredictiveMoyen
16Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveÉlevé
17Filexxxxx.xxxpredictiveMoyen
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxxxx.xxxpredictiveMoyen
20Filexxxxx.xxxpredictiveMoyen
21Filexxxxxxxx.xxxpredictiveMoyen
22Filexxxx.xxxpredictiveMoyen
23Filexxxx.xpredictiveFaible
24Filexxxxxxxxx.xxxpredictiveÉlevé
25Filexxxxxxxxx.xxxpredictiveÉlevé
26Filexxxx.xxxpredictiveMoyen
27Filexxxx.xxxpredictiveMoyen
28Filexxx/xxxxxx.xxxpredictiveÉlevé
29Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
30Filexxxxx.xxxpredictiveMoyen
31Filexxxxx/xxxxx.xxxpredictiveÉlevé
32Filexxxxxx/xxxxx.xpredictiveÉlevé
33Filexxxxx.xxxpredictiveMoyen
34Filexxxx.xxxpredictiveMoyen
35Filexxx_xxxx.xxxpredictiveMoyen
36Filexxxxxx.xxxpredictiveMoyen
37Filexxxx.xpredictiveFaible
38Filexxxxxxxxxxxxxxx/predictiveÉlevé
39Filexxxx.xxxpredictiveMoyen
40Filexxxxx.xxxpredictiveMoyen
41Filexxxxxxxx.xxxpredictiveMoyen
42Filexxxxxxxx.xpredictiveMoyen
43Filexxxxxx_xxxxxx.xxxpredictiveÉlevé
44Filexxxxxx.xxxpredictiveMoyen
45Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveÉlevé
46Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveÉlevé
47Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveÉlevé
48Filexxxx-xxxxx.xxxpredictiveÉlevé
49Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
50Filexx_xxxxx.xxxpredictiveMoyen
51Filexxxxxxxxxxx.xxxx.xxxpredictiveÉlevé
52Filexxxxxxx.xpredictiveMoyen
53Filexxxx_xxxxxx.xxxpredictiveÉlevé
54Filexxxx.xxxpredictiveMoyen
55Filexxx/xxxxx/xxxxx.xxxpredictiveÉlevé
56Filexxxxx/xxxxxxxxpredictiveÉlevé
57Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveÉlevé
58Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
59Filexxxxxxxxxx.xxxpredictiveÉlevé
60FilexxxxxxxpredictiveFaible
61File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveÉlevé
62Libraryxxxx/xxx/xxxxxx.xxxpredictiveÉlevé
63Libraryxxx/xxxxxx/xxxxxxxxx.xxpredictiveÉlevé
64Libraryxxxxxxxx.xxxpredictiveMoyen
65ArgumentxxxxpredictiveFaible
66Argumentxxxxxx_xx[]predictiveMoyen
67ArgumentxxxxxxxxpredictiveMoyen
68ArgumentxxxxxpredictiveFaible
69ArgumentxxxxpredictiveFaible
70ArgumentxxxxxxxxxxpredictiveMoyen
71ArgumentxxxxxpredictiveFaible
72ArgumentxxxpredictiveFaible
73ArgumentxxxxxxxpredictiveFaible
74ArgumentxxxxxpredictiveFaible
75ArgumentxxxxpredictiveFaible
76ArgumentxxxxpredictiveFaible
77ArgumentxxpredictiveFaible
78Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveÉlevé
79Argumentxxxxxx/xxxxxxxxx/xxxxxx_xxxxpredictiveÉlevé
80ArgumentxxxxpredictiveFaible
81Argumentxx_xxxxxxpredictiveMoyen
82Argumentxxxxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveÉlevé
83Argumentxxxx_xxxxpredictiveMoyen
84ArgumentxxxxxpredictiveFaible
85ArgumentxxxxxxxxpredictiveMoyen
86Argumentxxxx_xxxxpredictiveMoyen
87ArgumentxxxpredictiveFaible
88ArgumentxxxxxxpredictiveFaible
89ArgumentxxxxpredictiveFaible
90ArgumentxxxxxxpredictiveFaible
91ArgumentxxxpredictiveFaible
92ArgumentxxxpredictiveFaible
93ArgumentxxxxxxpredictiveFaible
94ArgumentxxxxxxxxpredictiveMoyen
95Argumentxxxx_xxpredictiveFaible
96Argumentxxx_xxxxxpredictiveMoyen
97Argument_xxx_xxxxxxxxxxx_predictiveÉlevé
98Argument__xxxxxxxxxpredictiveMoyen
99Input ValuexxxxxxxxpredictiveMoyen
100Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveÉlevé
101Network Portxxx/xxxxpredictiveMoyen
102Network Portxxx/xxxxxpredictiveMoyen

Références (6)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!