DragonOK Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (4)

Język

en	4

Kraj

us	4

Aktorzy

DragonOK	2

Wysiłek

Rodzaj

Database Software	2
Word Processing Software	2

Sprzedawca

Dameng	2
Microsoft	2

Produkt

Dameng DM Database Server	2
Microsoft Word	2
Microsoft Office	2
Microsoft Outlook	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	PHP phpinfo cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
2	Dameng DM Database Server wdm_dll.dll memory corruption	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02347	0.00	CVE-2010-2159
3	Microsoft Word/Office/Outlook RTF Document memory corruption	10.0	9.6	$25k-$100k	$0-$5k	High	Official Fix	0.61445	0.00	CVE-2014-1761
4	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.13	CVE-2016-6210

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	23.229.234.160	ip-23-229-234-160.ip.secureserver.net	DragonOK	2022-03-27	verified	Wysoki
2	58.64.156.140		DragonOK	2022-03-27	verified	Wysoki
3	XX.XXX.XXX.XXX		Xxxxxxxx	2021-01-01	verified	Wysoki
4	XX.XXX.XXX.XX		Xxxxxxxx	2021-01-01	verified	Wysoki
5	XXX.XX.XXX.XX		Xxxxxxxx	2022-03-27	verified	Wysoki
6	XXX.XX.XXX.XX		Xxxxxxxx	2022-03-27	verified	Wysoki
7	XXX.XXX.XXX.XXX		Xxxxxxxx	2021-01-01	verified	Wysoki
8	XXX.XX.XXX.XXX		Xxxxxxxx	2021-01-01	verified	Wysoki

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1059.007	CWE-80	Cross Site Scripting	predictive	Wysoki
2	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	Library	wdm_dll.dll	predictive	Medium
2	Argument	xxxxxxxx	predictive	Medium

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!