Dracarys Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (193)

Idioma

en	186
fr	4
ja	2
de	2

País

us	42
tr	20
ru	2
cn	2
es	2

Actores

RedLine	1
Candiru	1
BazarLoader	1
FTP Info Stealer	1
Bitter	1

Interesse

Tipo

Not Defined	94
Operating System	16
Content Management System	16
WordPress Plugin	10
Smartphone Operating System	8

Fabricante

Not Defined	78
Google	8
Microsoft	8
Netgear	6
VMware	4

Produto

Microsoft Windows	8
FreeBSD	6
Google Android	6
DedeCMS	4
GitLab Enterprise Edition	4

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	DeDeCMS Backend file_class.php direitos alargados	6.4	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.09	0.00063	CVE-2023-7212
2	SmarterTools SmarterMail Directório Traversal	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00062	CVE-2019-7213
3	cumin Server Certificate Validator Fraca autenticação	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00090	CVE-2013-0264
4	DeDeCMS co_do.php Injecção SQL	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00190	CVE-2018-19061
5	DedeCMS selectimages.php Roteiro Cruzado de Sítios	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00046	CVE-2023-49493
6	DeDeCMS select_images_post.php direitos alargados	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.01958	CVE-2018-20129
7	DedeCMS article_allowurl_edit.php direitos alargados	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00087	CVE-2023-2928
8	DeDeCMS downmix.inc.php Path Divulgação de Informação	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.02422	CVE-2018-6910
9	Plesk Obsidian Login Page direitos alargados	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00174	CVE-2023-24044
10	Tenda AC10U fromAddressNat Excesso de tampão	6.4	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00086	CVE-2024-0927
11	Xen Orchestra direitos alargados	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00058	CVE-2021-36383
12	Unisoc T760/T770/T820/S8000 Sim Service direitos alargados	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00042	CVE-2023-42655
13	Microsoft Windows SmartScreen Remote Code Execution	8.8	8.4	$25k-$100k	$5k-$25k	Functional	Official Fix	0.04	0.00961	CVE-2023-32049
14	tsolucio corebos Roteiro Cruzado de Sítios	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2023-3073
15	SICK FTMg Air Flow Sensor REST Interface Divulgação de Informação	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00092	CVE-2023-23449
16	PHP unserialize Excesso de tampão	5.3	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.72120	CVE-2015-0231
17	Microsoft Windows DHCP Server Service Remote Code Execution	8.6	8.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.07344	CVE-2023-28231
18	payload CMS Divulgação de Informação	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00069	CVE-2023-30843
19	Google Android PowerVR Kernel Driver PVRSRVBridgeRGXKickVRDM Excesso de tampão	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00043	CVE-2021-0872
20	Cththemes Outdoor Theme Roteiro Cruzado de Sítios	5.7	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00047	CVE-2023-29236

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	94.140.114.22		Dracarys		07/10/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
4	T1059	CWE-88, CWE-94	Argument Injection	predictive	Alto
5	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXXX	Xxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
12	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
13	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
14	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
15	TXXXX	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx	predictive	Alto
16	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
17	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx Xxxxxxxx	predictive	Alto
18	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
19	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Alto
20	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
21	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
22	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/acms/classes/Master.php?f=delete_cargo	predictive	Alto
2	File	/admin.php/news/admin/topic/save	predictive	Alto
3	File	/admin/comn/service/update.json	predictive	Alto
4	File	/dev/shm	predictive	Médio
5	File	/dl/dl_print.php	predictive	Alto
6	File	/getcfg.php	predictive	Médio
7	File	/ofcms/company-c-47	predictive	Alto
8	File	/usr/sbin/httpd	predictive	Alto
9	File	/util/print.c	predictive	Alto
10	File	/web/MCmsAction.java	predictive	Alto
11	File	xxx-xxxx.x	predictive	Médio
12	File	xxxxxxxx/xxxxxxx_xxxxxxx.xxx	predictive	Alto
13	File	xxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxx	predictive	Alto
14	File	xxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxx	predictive	Alto
15	File	xxxxxxxx.xxx	predictive	Médio
16	File	xxx-xxxx.xxx	predictive	Médio
17	File	xxxxxxxxx.x	predictive	Médio
18	File	xxxx\xx_xx.xxx	predictive	Alto
19	File	xxxxxxx.xxx	predictive	Médio
20	File	xxxxxxx/xxx/xx/xxxxxxxxxx.x	predictive	Alto
21	File	xxxxxxxx.xxx	predictive	Médio
22	File	xxxx_xxxxx.xxx	predictive	Alto
23	File	xxxxxxx_x.x	predictive	Médio
24	File	xxxxx_xxxxxxxx.xxx	predictive	Alto
25	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
26	File	xxxxxxx/xxxxxxx.xxx.xxx	predictive	Alto
27	File	xxxxx.xxx	predictive	Médio
28	File	xxxxx.xxx?x=/xxxx/xxxxxxxx	predictive	Alto
29	File	xxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxx	predictive	Alto
30	File	xxxxxxxx/xxxx_xxxx.x	predictive	Alto
31	File	xxx_xxxxxx_xxxxxx.xx	predictive	Alto
32	File	xxxxxx/xxxxxxxx/xxx.xxx	predictive	Alto
33	File	xxx/xxxxxxxxx/x_xxxxxx.x	predictive	Alto
34	File	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
35	File	xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
36	File	xxxxxxx/xx_xxxxx_xxxx/xxxx.xxx	predictive	Alto
37	File	xxxxxxx.xxx	predictive	Médio
38	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	Alto
39	File	xxxxxxx.xxx	predictive	Médio
40	File	xxxxxxxxxxxx.xxx	predictive	Alto
41	File	xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
42	File	xx_xxxx/xx_xxxxxx.x	predictive	Alto
43	File	xxx_xxxxxxxx.x	predictive	Alto
44	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
45	File	xxxxxx/xxx/xx/xxx.x	predictive	Alto
46	File	xxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
47	File	xxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxx	predictive	Alto
48	File	xxxxxxx/xxxxx.xxx	predictive	Alto
49	File	xxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxx	predictive	Alto
50	File	xxxxxx.xxx	predictive	Médio
51	File	xxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxx	predictive	Alto
52	File	xxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxx	predictive	Alto
53	File	xxxxxxxx/xxxxxxxx	predictive	Alto
54	File	xxxxx/xxxxx.xx	predictive	Alto
55	File	xxxxxx/xx/xxxx.xxx	predictive	Alto
56	File	xxxxxxxxx.xxx	predictive	Alto
57	Argument	$_xxxxxxx["xxx"]	predictive	Alto
58	Argument	xxxxxxx	predictive	Baixo
59	Argument	xxx_xxxxxxxxxx	predictive	Alto
60	Argument	xxxxxxxx_x/xxxxxxxx_x	predictive	Alto
61	Argument	xxxxxxxxx	predictive	Médio
62	Argument	xxx	predictive	Baixo
63	Argument	xxxxxxxxxxxxxxx	predictive	Alto
64	Argument	xxxxxxxxx	predictive	Médio
65	Argument	xxxxxxxxx	predictive	Médio
66	Argument	xxxxxx x xxx xxxxxxxxxx	predictive	Alto
67	Argument	xxxxx/xxxxxxxx	predictive	Alto
68	Argument	xxxxxx_xxxx_xxxxxxxx	predictive	Alto
69	Argument	xxxxxx/xxxxxxxxxxxx/xxxx	predictive	Alto
70	Argument	xxxxxxxxx	predictive	Médio
71	Argument	xxxx	predictive	Baixo
72	Argument	xx	predictive	Baixo
73	Argument	xxx	predictive	Baixo
74	Argument	xxx	predictive	Baixo
75	Argument	xxxxxxxxx	predictive	Médio
76	Argument	xxxx	predictive	Baixo
77	Argument	xxxxxx	predictive	Baixo
78	Argument	xxxxxxx	predictive	Baixo
79	Argument	xxxxxxxx	predictive	Médio
80	Argument	xxxxx	predictive	Baixo
81	Argument	x_xx	predictive	Baixo
82	Argument	xxxxxx xxxx	predictive	Médio
83	Argument	xxxx	predictive	Baixo
84	Argument	xxxxxxxx	predictive	Médio
85	Argument	xxxxxxxx	predictive	Médio
86	Argument	xxxxxxxx	predictive	Médio
87	Argument	xxxxx	predictive	Baixo
88	Argument	xxxxx	predictive	Baixo
89	Input Value	xxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!