Operation Dragon Castling Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (104)

Idioma

en	80
zh	22
it	2

País

us	54
cn	38
gb	12

Actores

Cobalt Strike	3
Operation Dragon Castling	3
APT10	1
ZuoRAT	1
pupy	1

Interesse

Tipo

Not Defined	26
Router Operating System	12
Content Management System	10
Groupware Software	8
Firewall Software	4

Fabricante

Not Defined	20
Microsoft	8
Joomla	6
Cisco	6
Synacor	4

Produto

Joomla CMS	6
Synacor Zimbra Collaboration	4
Juniper Junos OS	4
Microsoft Windows	4
Forcepoint Email Security	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	jforum User direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.04	CVE-2019-7550
2	MantisBT API SOAP mc_project_get_users Injecção SQL	5.0	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00098	0.05	CVE-2020-28413
3	Hughes HX200/HX90/HX50L/HN9460/HN7000S Roteiro Cruzado de Sítios	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00113	0.00	CVE-2023-22971
4	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.04	CVE-2017-0055
5	Schneider Electric Interactive Graphical SCADA System Excesso de tampão	10.0	10.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.70109	0.04	CVE-2013-0657
6	Deltek Vision RPC over HTTP SQL Injecção SQL	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00576	0.04	CVE-2018-18251
7	Fortinet FortiWeb Authorization Header Injecção SQL	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00131	0.05	CVE-2020-29015
8	Cisco IOS XE Web UI Remote Code Execution	9.9	9.7	$25k-$100k	$5k-$25k	High	Official Fix	0.87328	0.04	CVE-2023-20198
9	phpMyAdmin Error Reporting Page File direitos alargados	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00159	0.00	CVE-2014-8961
10	Ignition Automation Ignition JavaSerializationCodec direitos alargados	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.02	CVE-2023-39476
11	Redis Lua Script Execution Environment direitos alargados	4.6	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00218	0.01	CVE-2022-24735
12	Apache Struts ParametersInterceptor getClass Negação de Serviço	5.3	4.6	$5k-$25k	$0-$5k	High	Official Fix	0.97093	0.00	CVE-2014-0094
13	QNAP QTS Photo Station direitos alargados	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96341	0.00	CVE-2019-7192
14	Hikvision Hybrid SAN Web Module direitos alargados	8.2	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.26770	0.00	CVE-2022-28171
15	Synacor Zimbra Collaboration mboximport Directório Traversal	4.7	4.5	$0-$5k	$0-$5k	High	Official Fix	0.94758	0.00	CVE-2022-27925
16	Gitblit Directório Traversal	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00773	0.08	CVE-2022-31268
17	Open Webmail openwebmail-main.pl Roteiro Cruzado de Sítios	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00235	0.00	CVE-2007-4172
18	Johannes Sixt Kdbg .kdbgrc direitos alargados	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2003-0644
19	GitLab Project Import direitos alargados	8.7	8.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.63436	0.04	CVE-2022-2185
20	Mail2000 go Roteiro Cruzado de Sítios	5.2	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00633	0.02	CVE-2019-15071

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	23.106.123.196		Operation Dragon Castling	19/03/2024	verified	Alto
2	XXX.XXX.XXX.XX		Xxxxxxxxx Xxxxxx Xxxxxxxx	19/03/2024	verified	Alto
3	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx Xxxxxx Xxxxxxxx	19/03/2024	verified	Alto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Alto
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto
14	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
15	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	.kdbgrc	predictive	Baixo
2	File	/cgi-bin/go	predictive	Médio
3	File	/public/plugins/	predictive	Alto
4	File	/resources//../	predictive	Alto
5	File	/rom-0	predictive	Baixo
6	File	/xxxxxxx/	predictive	Médio
7	File	xxxx_xxxxx.xxx	predictive	Alto
8	File	xxx/xxxxxx.xxx	predictive	Alto
9	File	xxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxx	predictive	Alto
10	File	xxxxx.xxx	predictive	Médio
11	File	xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx	predictive	Alto
12	File	xxxxxx.xxx	predictive	Médio
13	File	xxxxxxxxxxx-xxxx.xx	predictive	Alto
14	File	xxxxx_xxxxxx_xxx.xxx	predictive	Alto
15	File	xxxx.xxx	predictive	Médio
16	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
17	File	xxxxxxxx_xxxx.xxx	predictive	Alto
18	File	xxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxx	predictive	Alto
19	File	xxxx.xx.xx	predictive	Médio
20	File	xxxxxxxxxx.xxx	predictive	Alto
21	File	xxxx.xx	predictive	Baixo
22	Argument	xxxxxx	predictive	Baixo
23	Argument	xxxxxx	predictive	Baixo
24	Argument	xxxxx	predictive	Baixo
25	Argument	xxxxxxxx	predictive	Médio
26	Argument	xxxxx	predictive	Baixo
27	Argument	xxxxx	predictive	Baixo
28	Argument	xxxxxx_xxxxx_xxx	predictive	Alto
29	Argument	xx	predictive	Baixo
30	Argument	xx_xxxx_xxxx	predictive	Médio
31	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Alto
32	Argument	xxxx_xx	predictive	Baixo
33	Argument	xxxx	predictive	Baixo
34	Argument	xxx	predictive	Baixo
35	Input Value	xxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxx	predictive	Alto
36	Input Value	\x	predictive	Baixo
37	Network Port	xxxxx	predictive	Baixo
38	Network Port	xxx/xx (xxx)	predictive	Médio
39	Network Port	xxx/xxxx (xx-xxx-xxxxxxx)	predictive	Alto
40	Network Port	xxx xxxxxx xxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!