Dyre Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (305)

Chronologie

Langue

en300
it2
fr2
de2

De campagne

ru142
us136
nl8
tr2
it2

Acteurs

Dyre8
Dorkbot2
India Police1
RTM1
LinuxMoose1

Activités

Intérêt

Chronologie

Taper

Not Defined48
Smartphone Operating System26
Operating System22
Content Management System16
Web Browser12

Fournisseur

Not Defined54
Google26
Microsoft18
Apple16
IBM10

Produit

Google Android26
Microsoft Windows8
Linux Kernel4
Microsoft Internet Explorer4
Adobe Connect4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.22CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
4Codoforum User Registration cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.00CVE-2020-5842
5Exponent CMS user.php getUserByName Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001630.00CVE-2016-7781
6JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
7PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
8Grandstream GXP16xx VoIP SSH Configuration Interface elévation de privilèges9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002700.03CVE-2018-17565
9H Peter Anvin tftp-hpa buffer overflow7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.097420.00CVE-2011-2199
10Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003392.73CVE-2015-5911
11Microsoft Internet Explorer gopher URI buffer overflow7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.582610.00CVE-2002-0371
12OAuth/OpenID elévation de privilèges5.34.7$0-$5k$0-$5kUnprovenUnavailable0.000000.02
13Linux Kernel Crypto Subsystem elévation de privilèges6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2018-14619
14vsftpd deny_file vulnérabilité inconnue3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.04CVE-2015-1419
15Sierra Wireless ALEOS SSH/Telnet Session divulgation de l'information8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004480.00CVE-2015-2897
16AVTECH IP Camera/NVR/DVR CloudSetup.cgi elévation de privilèges9.89.5$0-$5k$0-$5kNot DefinedUnavailable0.000000.00
17Zabbix Dashboard Page authentification faible8.28.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.355200.00CVE-2019-17382
18RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php elévation de privilèges6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.14CVE-2024-0185
19Microsoft Windows COM+ Event System Service Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.001130.00CVE-2022-41033
20FreePBX index.php cross site scripting8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007730.00CVE-2012-4870

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
137.59.2.42ns399064.ip-37-59-2.euDyre30/08/2021verifiedÉlevé
264.70.19.202mailrelay.202.website.wsDyre01/06/2021verifiedÉlevé
369.195.129.75Dyre01/06/2021verifiedÉlevé
480.248.224.75Dyre30/08/2021verifiedÉlevé
585.25.134.53delta526.dedicatedpanel.comDyre30/08/2021verifiedÉlevé
685.25.138.12echo389.startdedicated.deDyre30/08/2021verifiedÉlevé
7XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedÉlevé
8XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx30/08/2021verifiedÉlevé
9XX.XX.XX.XXXxxx.xxxx.xx.xxXxxx30/08/2021verifiedÉlevé
10XX.XX.XXX.XXxxxxxxxxx.xx-xx-xx-xxx.xxXxxx30/08/2021verifiedÉlevé
11XX.XXX.XXX.XXXxxx01/06/2021verifiedÉlevé
12XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedÉlevé
13XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedÉlevé
14XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedÉlevé
15XXX.XX.XXX.XXXxxx30/08/2021verifiedÉlevé
16XXX.XXX.X.XXxxxxxxxxx.xxxXxxx30/08/2021verifiedÉlevé
17XXX.XXX.XX.XXXxxx30/08/2021verifiedÉlevé
18XXX.XXX.XX.XXXxxx30/08/2021verifiedÉlevé
19XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xx.xxxxxx.xxxXxxx01/06/2021verifiedÉlevé
20XXX.XXX.XX.XXXXxxx30/08/2021verifiedÉlevé
21XXX.XXX.XXX.XXXxxx.xxxxxxxxxx.xxXxxx30/08/2021verifiedÉlevé
22XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx30/08/2021verifiedÉlevé
23XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx30/08/2021verifiedÉlevé
24XXX.XXX.XXX.XXXxxx-xxx-xx.xxxx.xxxXxxx30/08/2021verifiedÉlevé
25XXX.XX.X.XXxxx-xx-x-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx30/08/2021verifiedÉlevé
26XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxx01/06/2021verifiedÉlevé
27XXX.XXX.XXX.XXXXxxx28/07/2023verifiedÉlevé
28XXX.XXX.XXX.Xxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedÉlevé
29XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedÉlevé
30XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/config.php?display=disa&view=formpredictiveÉlevé
2File/cgi-bin/admin/testserver.cgipredictiveÉlevé
3File/cgi-bin/supervisor/CloudSetup.cgipredictiveÉlevé
4File/framework/modules/users/models/user.phppredictiveÉlevé
5File/iwguestbook/admin/badwords_edit.asppredictiveÉlevé
6File/iwguestbook/admin/messages_edit.asppredictiveÉlevé
7File/private/var/mobile/Containers/Data/ApplicationpredictiveÉlevé
8File/recordings/index.phppredictiveÉlevé
9Fileacp/core/files.browser.phppredictiveÉlevé
10Filexxxxxxxx.xxxpredictiveMoyen
11Filexxxxx.xxxxxxxxx.xxxpredictiveÉlevé
12Filexxxxx/xxxxx.xxxpredictiveÉlevé
13Filexxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveÉlevé
14Filexxxx/xxx/xxx/xxx.xpredictiveÉlevé
15Filexxxxxxxx_xxxxxxxxx.xxxpredictiveÉlevé
16Filexxxx_xxxxxx.xpredictiveÉlevé
17Filexxxxxx/xxxx.xpredictiveÉlevé
18FilexxxxxxxpredictiveFaible
19Filexxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
21Filexxxxxxx/xxx/xxx-xxxxxx.xpredictiveÉlevé
22Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveÉlevé
23Filexxxxxxx.xpredictiveMoyen
24Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveÉlevé
25Filexxxxxxxxx.xxxxpredictiveÉlevé
26Filexxxxx/xxxxxx_xpredictiveÉlevé
27Filexxxx-xxxxxxx.xxxpredictiveÉlevé
28Filexxxx_xxxxx.xxxpredictiveÉlevé
29Filexxxxxx.xxxpredictiveMoyen
30Filexxxxxx-xxx.xpredictiveMoyen
31Filexxx/xxxxxx.xxxpredictiveÉlevé
32Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveÉlevé
33Filexxxx/xxxx/xxxxxx.xpredictiveÉlevé
34Filexxxxx.xxxpredictiveMoyen
35Filexxxxxxxxxx/xxxxxx.xpredictiveÉlevé
36Filexxxx.xxxpredictiveMoyen
37Filexxxxxxxx.xxpredictiveMoyen
38Filexxxx.xxxpredictiveMoyen
39Filexxx/xxxxxxxx-xxxxx.xpredictiveÉlevé
40Filexxx_xxxx_xxxxxxxxx.xxpredictiveÉlevé
41Filexxxxxxxxxxxx.xxxpredictiveÉlevé
42Filexxxxxxxx.xxxpredictiveMoyen
43Filexxxxxxxxx.xpredictiveMoyen
44Filexxxx.xpredictiveFaible
45Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveÉlevé
46Filexxxx/xxxxxxxxx/xxx::xxxxxxxxxxpredictiveÉlevé
47Libraryxxx/xxx.xpredictiveMoyen
48ArgumentxxxxxxpredictiveFaible
49ArgumentxxxxxxxxpredictiveMoyen
50ArgumentxxxpredictiveFaible
51ArgumentxxxpredictiveFaible
52Argumentxxx_xxxpredictiveFaible
53ArgumentxxxxxxpredictiveFaible
54ArgumentxxxxxxxxxxxpredictiveMoyen
55ArgumentxxxxxxxpredictiveFaible
56ArgumentxxxxxxpredictiveFaible
57ArgumentxxpredictiveFaible
58ArgumentxxxxxpredictiveFaible
59ArgumentxxxxxpredictiveFaible
60Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveÉlevé
61ArgumentxxxxpredictiveFaible
62Argumentxxxxx_xxpredictiveMoyen
63ArgumentxxxxxxxxpredictiveMoyen
64ArgumentxxxxxxxxpredictiveMoyen
65ArgumentxxxxpredictiveFaible
66Argumentxxxxxx_xxxxpredictiveMoyen
67ArgumentxxxxxxxxpredictiveMoyen
68ArgumentxxxxxxxxxxxpredictiveMoyen
69ArgumentxxxxxxxxpredictiveMoyen
70ArgumentxxxpredictiveFaible
71ArgumentxxxxxxxxpredictiveMoyen
72Argumentxxxxxxxx/xxxxpredictiveÉlevé
73Argumentxxxxxx_xxxxxxxxpredictiveÉlevé
74Input Value'>[xxx]predictiveFaible
75Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveÉlevé
76Input ValuexxpredictiveFaible
77Input Value[xxx][/xxx]predictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!