Dofloo Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (89)

Idioma

en	78
de	4
es	4
zh	4

País

us	24
cn	8
to	2
fr	2
pl	2

Actores

Azorult	1
Cobalt Strike	1
Dofloo	1

Interesse

Tipo

Not Defined	40
Web Browser	6
Smartphone Operating System	4
Operating System	4
Wireless LAN Software	4

Fabricante

Not Defined	28
Apple	6
Google	4
Samsung	4
Apache	4

Produto

Apple Safari	4
Real Media Library Plugin	2
Travelmate Travelable Trek Management Solution	2
Google Android	2
Cloak Front End Email Plugin	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	White Bear Solutions WBSAirback Falsificação de Pedido Cross Site	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.00	CVE-2024-3782
2	Totolink EX200 getWiFiExtenderConfig Divulgação de Informação	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-31812
3	Linux Kernel devlink_init Excesso de tampão	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.00	CVE-2024-26734
4	Schneider Electric Harmony Control Relay RMNF22TB30 NFC Fraca autenticação	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.07	CVE-2024-0568
5	PHPEMS Session Data session.cls.php direitos alargados	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00542	0.04	CVE-2023-6654
6	Responsive Filemanager direitos alargados	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00087	0.03	CVE-2022-44276
7	Adobe ColdFusion direitos alargados	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00387	0.04	CVE-2023-44353
8	Slimstat Analytics Plugin Setting Roteiro Cruzado de Sítios	2.4	2.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2023-40676
9	Tenda AC8 SetNetControlList Excesso de tampão	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2023-40900
10	Sentry Debug direitos alargados	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00057	0.03	CVE-2023-36826
11	Travelmate Travelable Trek Management Solution Comment Box Roteiro Cruzado de Sítios	3.1	2.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00046	0.04	CVE-2023-3862
12	Wireshark iSCSI Dissector Negação de Serviço	4.7	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2023-3649
13	WP ERP Plugin Setting process_crm_contact Falsificação de Pedido Cross Site	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2020-36735
14	Netgear RAX30 UPnP direitos alargados	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.02	CVE-2023-35722
15	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.53	CVE-2007-2046
16	Microsoft Windows DNS Server Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00803	0.00	CVE-2023-28256
17	eSyndicat Directory Software suggest-listing.php Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
18	Unisoc S8000 WLAN Driver Negação de Serviço	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2022-47457
19	MediaTek MT8788 ion Condição de Corrida	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2023-20623
20	Apache Sling i18n Dictionary direitos alargados	6.4	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00055	0.00	CVE-2023-25621

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	49.0.248.230	ecs-49-0-248-230.compute.hwclouds-dns.com	Dofloo		20/12/2021	verified	Alto
2	XXX.XXX.XX.XX		Xxxxxx		02/03/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-1	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-492	CWE-XXXX	Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Alto
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX	CAPEC-157	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
14	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/goform/SetNetControlList	predictive	Alto
2	File	/goform/WifiBasicSet	predictive	Alto
3	File	/usr/local/WowzaStreamingEngine/bin/	predictive	Alto
4	File	adclick.php	predictive	Médio
5	File	xxx/xxxx_xxxx_xxxxxx.xxx	predictive	Alto
6	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
7	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	Alto
8	File	xxxxxxx/xxxx/xxxxxxxx/xxxxxxxx.x	predictive	Alto
9	File	xxxxx/xxxx.xxx	predictive	Alto
10	File	xxx	predictive	Baixo
11	File	xxxxxxxx.xxx	predictive	Médio
12	File	xxxxxx	predictive	Baixo
13	File	xxxxxxxxxxx.xxx	predictive	Alto
14	File	xxxxxxxx.x	predictive	Médio
15	File	xxxxxxx-xxxxxxx.xxx	predictive	Alto
16	File	~/xxxxxxxxxxxxx.xxx	predictive	Alto
17	Library	xxx/xxxxxxx.xxx.xxx	predictive	Alto
18	Library	xxxxxxxx.xxx	predictive	Médio
19	Argument	--xxxxx/--xxxxx	predictive	Alto
20	Argument	xxxxxxx	predictive	Baixo
21	Argument	xxxxx	predictive	Baixo
22	Argument	xxxxxxxxxxxxxxxxxx	predictive	Alto
23	Argument	xxxx	predictive	Baixo
24	Argument	xxxxxxxx	predictive	Médio
25	Argument	xxxxx[xxxxx][xx]	predictive	Alto
26	Argument	xxxxxx	predictive	Baixo
27	Argument	xxxx	predictive	Baixo
28	Argument	xxxx	predictive	Baixo
29	Argument	xx_xxxx	predictive	Baixo
30	Argument	x_xxxx	predictive	Baixo
31	Argument	xxxxxxxx	predictive	Médio
32	Argument	xxxxx	predictive	Baixo
33	Network Port	xxx/xxxx (xxxx) & xxx/xxxx (xx-xxxx)	predictive	Alto

Referências (1)

The following list contains external sources which discuss the actor and the associated activities:

https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Dofloo

Samples (2)

The following list contains associated samples:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!