DragonSpark Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Curso de tempo

Idioma

zh14
en8
ja4

País

cn22
us4

Actores

Indexsinas1
Calypso1
DragonSpark1
Cobalt Strike1
Meterpreter1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined10
Content Management System6
Router Operating System4
Anti-Malware Software2

Fabricante

Not Defined12
Linksys2
Joomla2
DJI2
Symantec2

Produto

Linksys Router2
Joomla CMS2
DJI Drone2
Symantec Endpoint Protection2
Laravel2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Redis Lua direitos alargados6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.970530.00CVE-2022-0543
2OpenVPN Access Server LDAP Fraca autenticação8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004300.04CVE-2020-8953
3EmbedThis HTTP Library/Appweb httpLib.c authCondition Fraca autenticação7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.04CVE-2018-8715
4Zendesk Support Plugin Falsificação de Pedido Cross Site4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000000.00CVE-2023-23716
5Netty vulnerabilidade desconhecida6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001670.02CVE-2022-41915
6Pureftpd pure-FTPd Directório Traversal5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2011-3171
7DJI Drone AeroScope Protocol Divulgação de Informação3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001150.04CVE-2022-29945
8Oracle MySQL Server Privileges Negação de Serviço7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005640.04CVE-2018-2696
9Linksys Router Fraca autenticação9.89.6$0-$5k$0-$5kHighWorkaround0.000420.02CVE-1999-0508
10Cisco Linksys Router direitos alargados8.57.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.323330.03CVE-2013-5122
11Asus RT-AC68U/RT-AC5300 blocking_request.cgi Excesso de tampão5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.003850.02CVE-2021-45756
12Laravel FileCookieJar.php direitos alargados6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.04CVE-2022-30779
13Watchguard Firebox/XTM Remote Code Execution6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.841700.03CVE-2022-26318
14Joomla CMS Login Injecção SQL9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001940.00CVE-2006-1047
15Joomla Fraca autenticação6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.002010.04CVE-2022-23795
16Grafana Labs Permission Fraca autenticação9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.972400.04CVE-2021-39226
17Grafana Directório Traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.974740.02CVE-2021-43798
18WordPress Injecção SQL6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.04CVE-2022-21664
19WordPress WP_Query Injecção SQL6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.07CVE-2022-21661
20Filter Portfolio Gallery Plugin Gallery Delete Falsificação de Pedido Cross Site4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2021-24795

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
143.129.227.159DragonSpark31/01/2023verifiedAlto
2XXX.XX.XX.XXXXxxxxxxxxxx31/01/2023verifiedAlto
3XXX.XXX.XXX.XXXXxxxxxxxxxx31/01/2023verifiedAlto
4XXX.XXX.XXX.XXXXxxxxxxxxxx31/01/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1068CWE-264Execution with Unnecessary PrivilegespredictiveAlto
3TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/public/plugins/predictiveAlto
2Fileblocking_request.cgipredictiveAlto
3Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
4Libraryxxxx/xxxxxxx.xpredictiveAlto
5Network Portxxx/xxxx (xx-xxx)predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!