Dust Storm 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en966
zh32
ja2

国・地域

cn1000

アクター

Mirai1

アクティビティ

関心

タイムライン

タイプ

Not Defined242
Smartphone Operating System34
Web Browser28
Operating System22
Document Reader Software22

ベンダー

Not Defined206
Apple42
Oracle38
Google36
Cisco22

製品

Google Android26
Qualcomm Snapdragon Auto18
Qualcomm Snapdragon Mobile18
Qualcomm Snapdragon Compute16
Qualcomm Snapdragon Consumer IOT16

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft Edge Scripting Engine メモリ破損6.05.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.951400.09CVE-2018-0777
2Cisco RV340 Web-based Management Interface メモリ破損5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.006990.04CVE-2020-3451
3librsvg URL Decoder ディレクトリトラバーサル4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.07CVE-2023-38633
4jeecgboot JimuReport Template 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.004570.16CVE-2023-4450
5Adminer adminer.php 特権昇格7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020920.06CVE-2021-21311
6jens-maus RaspberryMatic ディレクトリトラバーサル9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-24578
7Google Chrome Blink メモリ破損7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.014460.04CVE-2016-5182
8Online Piggery Management System POST Request add-pig.php 特権昇格8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.137900.07CVE-2023-37629
9Cisco Small Business RV345 メモリ破損9.99.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.962500.04CVE-2022-20699
10Red Hat Linux rpc.lockd サービス拒否5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.011600.04CVE-2000-0508
11darylldoyle svg-sanitizer Attribute 特権昇格5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2019-18857
12IBM QRadar Web UI クロスサイトスクリプティング4.84.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.02CVE-2019-4470
13openstack-mistral Log File 情報の漏洩5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2019-3866
14Portainer クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2019-16878
15Portainer Access Control 特権昇格6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.05CVE-2019-16874
16ldap-git-backup Directory Permission Password 特権昇格4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.04CVE-2013-1425

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Dust Storm

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
16.9.2.1Dust StormDust Storm2020年12月23日verified
223.238.229.128Dust StormDust Storm2020年12月23日verified
327.255.72.68Dust StormDust Storm2020年12月23日verified
427.255.72.69Dust StormDust Storm2020年12月23日verified
527.255.72.78Dust StormDust Storm2020年12月23日verified
659.120.59.259-120-59-2.hinet-ip.hinet.netDust StormDust Storm2020年12月23日verified
759.188.13.133Dust StormDust Storm2020年12月23日verified
8XX.XXX.XX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
9XX.XXX.XXX.XXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
10XX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
11XXX.X.X.XXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
12XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
13XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
14XXX.XXX.XX.XXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
15XXX.XXX.XX.XXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
16XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
17XXX.XX.XXX.XXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
18XXX.XXX.XXX.XXxxxxxx-xx-xx-xxx-xxx-xxx.xxx.xxxxxx.xxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
19XXX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
20XXX.XX.XX.XXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
21XXX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
22XXX.XX.XX.XXxxx.xxxxxxx.xxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
23XXX.XXX.XXX.XXXxxx.xxxx.xxx.xxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
24XXX.XXX.XXX.XXXxxxxx.xxxx.xxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
25XXX.XXX.XX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
26XXX.XX.XX.XXXxx.xx.xx.xxxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
27XXX.X.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
28XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
29XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
30XXX.XXX.XX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
31XXX.XX.XX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
32XXX.XX.XX.XXXXxxx XxxxxXxxx Xxxxx2020年12月23日verified
33XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx2020年12月23日verified
34XXX.XX.XXX.XXXxxx XxxxxXxxx Xxxxx2020年12月23日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (209)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/admin.phppredictive
3File/admin.php?p=/Area/index#tab=t2predictive
4File/admin/list_ipAddressPolicy.phppredictive
5File/bin/shpredictive
6File/cgi-bin/cstecgi.cgipredictive
7File/gateway/services/EdgeServiceImplpredictive
8File/goform/net\_Web\_get_valuepredictive
9File/goform/SetStaticRouteCfgpredictive
10File/HNAP1predictive
11File/Maintenance/configfile.cfgpredictive
12File/ossim/report/wizard_email.phppredictive
13File/restpredictive
14File/rootpredictive
15File/scripts/unlock_tasks.phppredictive
16File/src/dede/friendlink_edit.phppredictive
17File/tmppredictive
18File/tmp/clipedit$$predictive
19File/topicpredictive
20File/upload/localhostpredictive
21File/usr/sbin/httpdpredictive
22File/wp-admin/admin-ajax.phppredictive
23File/ZHGXTV/index.php/admin/index/web_upload_template.htmlpredictive
24Filexxxxxxx/xxxxx.xxxpredictive
25Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
26Filexxx-xxx.xxxpredictive
27Filexxxxx/xxx/xxxxxxxxxxxxpredictive
28Filexxxxx/xxx/xxxxxxxx/xxxxxxxxxxxx.xxxx?xxx_xxxx=xxxpredictive
29Filexxxxx/xxxxxxxx/xxxxxxxxxxxx?xx=xxpredictive
30Filexxxxx/xxxxxxxxxxxx.xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictive
33Filexxxxx.xpredictive
34Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx_xxxxxxx.xxxxx.xxxpredictive
35Filexxxxxx/xx/xxxxxxxx.xxpredictive
36Filexxxxx/xxx_xxxx.xpredictive
37Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
38Filexxxxxx/xxxxxx/predictive
39Filexxxxxxxxx-xxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxxpredictive
40Filexxx_xx_xxx.xxpredictive
41Filexxxxxxxxxx.xpredictive
42Filexxxxx.xxpredictive
43Filexxx.xxxpredictive
44Filexxxxxx/xxxxxxxxx.xpredictive
45Filexxxxxx/xxx.xpredictive
46Filexxxxxx/xxxxxxx.xpredictive
47Filexxx.xxxxxxxx.xxxxxxx.xxx.xxx.xxxxxxxxxxxxxpredictive
48Filexxxxxxxxxx/xxx.xxpredictive
49Filexxxxxx.xxxpredictive
50Filexxxx/xxxxxxxxxxx.xxxpredictive
51Filexxxx\xxxxx\xxxxxxxxxxx.xxxpredictive
52Filexxxxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxxpredictive
53Filexxxxxx_x_x.xxxpredictive
54Filexxxxxxx/xxx/xxxxx/xxxx_xx.xpredictive
55Filexxxxxxxx/xxxx_xxxx.xxxpredictive
56Filexxx_xxx.xpredictive
57Filexxx-xxxxx.xpredictive
58Filexxx/xxxxxx/xxx/?xxxxxx=xxxx&xx=xxxpredictive
59Filexxxxxxxx_xxx.xpredictive
60Filexxxxxx.xxxpredictive
61Filexxxxxxxxxxxxxxxxx.xxxxpredictive
62Filexxxxxxxx.xxpredictive
63Filexx/xxxx/xxxxx.xpredictive
64Filexxx.xxxpredictive
65Filexxxxxxxxxx.xpredictive
66Filexxxxxx/xxxx/xxxxxx.xxxpredictive
67Filexxxxxxxxxxxxx.xxxpredictive
68Filexxxxx.xxxpredictive
69Filexxxx/xxxx.xpredictive
70Filexxxxx.xxxpredictive
71Filexxxxx.xxx?x=/xxxxx/xxxxxx/xxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
72Filexxxxx_xxxxxx.xxxpredictive
73Filexxxxxxx.xxxpredictive
74Filexxxxxxxxxxxxxxx.xxxxx.xxxxxxpredictive
75Filexxxxxxxx/xxxxx_xxxxxx.xxxpredictive
76Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
77Filexxx-xxxx.xpredictive
78Filexxxx_xxxx_xxxxxx.xxxpredictive
79Filexxxxxxxxxxx.xxpredictive
80Filexxxxxxx-xxxxxxx.xxxpredictive
81Filexxxxxxxx.xpredictive
82Filexxx.xpredictive
83Filexxxxxx.xpredictive
84Filexxxxxxxxxx/xxxxxx.xpredictive
85Filexxxxxxxxxx.xxpredictive
86Filexxxxxx.xpredictive
87Filexxxxxx_xxxx_xx_xx_xxx.xpredictive
88Filexxxxxx/xxxxxx.xpredictive
89Filexxxxxxx/xxxxx_xxxx.xxxpredictive
90Filexxxx.xpredictive
91Filexxxxxxxx.xxxpredictive
92Filexxxxxx.xpredictive
93Filexxxxxxxx.xxxpredictive
94Filexxxxx.xpredictive
95Filexxx/xxxxxxxxxx/xxxxxx.xpredictive
96Filexxx/xxxx/xxxxxx_xxxx.xpredictive
97Filexxx/xxxx/xx_xxxx.xpredictive
98Filexxx/xxxxxxxxx/xx_xxx.xpredictive
99Filexxxxxx.xpredictive
100Filexxxx/xxxxx/xxxxxxx/xxxxxxxx.xxpredictive
101Filexxxxxx/xxxxxxx/xxxxxxxxx/xxx/xxxxx_xxx.xxxpredictive
102Filexxxxx/xxxx-xxxxx.xxxpredictive
103Filexxxxxxxx.xxxpredictive
104Filexxxx.xxxpredictive
105Filexxxxxxxxxxxxxx.xxxpredictive
106Filexxxxxxx/xxx/xxxxx/xxxxx.xxxxxx.xxxpredictive
107Filexxxxxxxx_xxx.xxxpredictive
108Filexx-xxxxx/xxxxx.xxx?xxx=xxxx&xxx=xxxxxxpredictive
109Filexxxxxxxxx.xxxpredictive
110Filexxxxxxx.xxxpredictive
111Filexxxxx/xxxx_xxxxx.xpredictive
112Filexxxxxx/xxx.xxxpredictive
113Filexxxxx.xxxpredictive
114Filexxxxxxx/xxxxxxxxxxxx.xxpredictive
115Filexxxxxxx/xxxxxxxxxx.xxxpredictive
116Filexxxxxx-xxx-xxxx.xpredictive
117Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
118Filexxxxx/xxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictive
119Filexxxxxx.xxxpredictive
120Filexxxxxx/xxxx_xxxxxxx?xxxpredictive
121Filexxxxxxxxxxxx/xxxxx.xxpredictive
122Filexxx_xxxxx.xpredictive
123Filexxxxx/xxxx_xxxx.xpredictive
124Filexxxx.xpredictive
125Filexxx.xxxpredictive
126Filexxxxxx_xxxx_xx.xxxpredictive
127Filexxxx/xxxx.xxxpredictive
128Filexxxxx/x/xxxxpredictive
129Filexxxx_xxxxxx.xxxpredictive
130Filexxx_xxxxxx.xpredictive
131Filexxxxxxxxxxx.xxxpredictive
132Filexxxxxxxxxxxxx.xxxpredictive
133Filexxxxxxxxxxx.xxxpredictive
134Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxxx_xxxx_xxxxxxxpredictive
135Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
136Filexx.xxxpredictive
137Filexxxxxxxx.xpredictive
138Libraryxxxxxx.xxxpredictive
139Libraryxxx/xxxx/xxxxxxxxxx.xxpredictive
140Libraryxxxxxxx_xxxxx_xxxxxxpredictive
141Libraryxxxxx.xxxpredictive
142Libraryxxxxx.xxxpredictive
143Libraryxxx.xxxpredictive
144Argument$xxxxxxxxxxxxxxxxxxxxxxpredictive
145Argument-xpredictive
146Argumentxxxxxxxxxxxpredictive
147Argumentxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxx/xxxxx/xxxxx_xxxxxxxpredictive
148Argumentxxxxxpredictive
149Argumentxxxxxxx/xxxxxxxxpredictive
150Argumentxxxxxxxxpredictive
151Argumentxxxxxxxpredictive
152Argumentxxxxxpredictive
153Argumentxxxx-xxxxxxxpredictive
154Argumentxxxxxxxxxxxxxxxxpredictive
155Argumentxxxpredictive
156Argumentxxxxxxpredictive
157Argumentxxxxx_xxxxpredictive
158Argumentxxxxpredictive
159Argumentxxxxxx[xxxxxxxxxxxxxx]predictive
160Argumentxxxxxxxxx/xxxxxxxxxx/xxxxx/xxxxxxx/xxxxxxx/xxxxxxxxpredictive
161Argumentxxxxx_xxxx/xxxx_xxxx/xxxxxxxpredictive
162Argumentxxxxxxxpredictive
163Argumentxxxx_xxxxpredictive
164Argumentxxxxpredictive
165Argumentxxpredictive
166Argumentxxxxxxpredictive
167Argumentxxxxpredictive
168Argumentxxxxxxxxxpredictive
169Argumentxxxxxpredictive
170Argumentxxxpredictive
171Argumentx_xxpredictive
172Argumentxxxxpredictive
173Argumentxxxxxxxxpredictive
174Argumentxxx_xxxxxpredictive
175Argumentxxxxxxxxpredictive
176Argumentxxxxxxxxpredictive
177Argumentxxxxpredictive
178Argumentxxxxxxxxpredictive
179Argumentxxxx_xxxxpredictive
180Argumentxxxpredictive
181Argumentxxxxxxxxpredictive
182Argumentxxxx_xxpredictive
183Argumentxxxxxxxxxxxxxxxxpredictive
184Argumentxxxxxxxxxxxxxxpredictive
185Argumentxxx_xxxxxxxx_xxxxxxxxxx_xxxxxxxpredictive
186Argumentxxxxxpredictive
187Argumentxxxxxxpredictive
188Argumentxxxxxxxxxxxxxxxxxxxpredictive
189Argumentxxxxxx_xxpredictive
190Argumentxxxxxxxxx/xxxxxxxxxxx /xxxxxxx/xxxxxxxxxpredictive
191Argumentxxxxxx-xxxpredictive
192Argumentxxxxxx xxxxx/xxxxxx xxxxpredictive
193Argumentxxxxxxxxxpredictive
194Argumentxxxxxxxpredictive
195Argumentxx_xxxx_xxxxxxx/xx_xxxxxx_xxxxxxxxpredictive
196Input Value..predictive
197Input Value../predictive
198Input Value.:predictive
199Input Valuex xxx xxxxx(x)predictive
200Input Valuexxxxxxxxpredictive
201Input Value<?xxxpredictive
202Input Valuexxxx@xxpredictive
203Input Valuexxxxxxxxpredictive
204Input Valuexxxxxxxxxx&#x;:xxxxxpredictive
205Network Portxxxxpredictive
206Network Portxxx/xx (xxx)predictive
207Network Portxxx/xxxpredictive
208Network Portxxx/xxxxpredictive
209Network Portxxx/xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!