Dharma Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Tidslinje

Lang

en998
de2

Land

us30
gb4
bg2

Skådespelare

Dharma3
Silence1
Cardinal RAT1
DNSpionage1
Smoke Loader (Trickbot Payload)1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined186
Mail Client Software34
Web Browser32
WordPress Plugin18
Content Management System10

Säljare

Not Defined112
Mozilla66
Tenda18
Huawei16
Dataprobe10

Produkt

Mozilla Thunderbird34
Mozilla Firefox30
OpenImageIO24
Tenda F120314
Huawei HarmonyOS14

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1smoothie cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2022-25929
2Fuji Electric Tellus Lite V-Simulator minneskorruption8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.05CVE-2022-3087
3Wp Social Plugin informationsgivning5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.00CVE-2022-47160
4Libksba CRL Signature Parser minneskorruption7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001960.03CVE-2022-47629
5abacus-ext-cmdline execute privilegier eskalering7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.015880.00CVE-2022-24431
6ActiveCampaign for WooCommerce Plugin Error Log privilegier eskalering4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.01CVE-2022-3923
7Mozilla Thunderbird förnekande av tjänsten5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2022-42929
8Mozilla Thunderbird URL Parser minneskorruption5.45.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000970.00CVE-2022-40960
9Mozilla Thunderbird getEntries privilegier eskalering7.27.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.00CVE-2022-42927
10Mozilla Thunderbird Garbage Collector minneskorruption7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001380.00CVE-2022-42928
11Mozilla Thunderbird förnekande av tjänsten5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-40957
12Mozilla Thunderbird svag autentisering5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-40958
13Mozilla Thunderbird Remote Code Execution6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2022-40959
14Mozilla Thunderbird Email Message okänd sårbarhet4.24.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000640.00CVE-2022-1520
15Mozilla Firefox ESR PK11_ChangePW minneskorruption6.96.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.001290.00CVE-2022-38476
16Mozilla Thunderbird privilegier eskalering6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001200.00CVE-2022-40956
17Mozilla Firefox ESR VR Process minneskorruption5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2022-1196
18Fuji Electric Tellus Lite V-Simulator minneskorruption8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.05CVE-2022-3085
19Mozilla Thunderbird Digital Signature okänd sårbarhet5.65.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000690.00CVE-2021-4126
20Mozilla Thunderbird Notification Remote Code Execution6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-45408

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
1178.239.173.172172.173.239.178.baremetal.zare.comDharma26/04/2022verifiedHög
2XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxx-xxxXxxxxx31/05/2021verifiedHög
3XXX.XXX.XXX.XXXXxxxxx26/04/2022verifiedHög

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-22Path TraversalpredictiveHög
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHög
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHög
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-121CWE-XXXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxx Xxxxx XxxxxxxxxxpredictiveHög
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
14TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHög
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
20TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/scripts/pi-hole/phpqueryads.phppredictiveHög
2File/api/Index/getFileBinarypredictiveHög
3File/api/User/download_imgpredictiveHög
4File/aya/module/admin/fst_del.inc.phppredictiveHög
5File/aya/module/admin/fst_down.inc.phppredictiveHög
6File/conf/predictiveLåg
7File/cupseasylive/countrylist.phppredictiveHög
8File/etc/sudoerspredictiveMedium
9File/forum/away.phppredictiveHög
10File/goform/addressNatpredictiveHög
11File/goform/addWifiMacFilterpredictiveHög
12File/goform/DhcpListClientpredictiveHög
13File/goform/exeCommandpredictiveHög
14File/goform/fast_setting_wifi_setpredictiveHög
15File/xxxxxx/xxxxxxxxxxxxxxxxxxxxpredictiveHög
16File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHög
17File/xxxxxx/xxxxxxxxxxxpredictiveHög
18File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHög
19File/xxxxxx/xxxxxxxxxxxxxxpredictiveHög
20File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHög
21File/xxxxxx/xxxxxxxxxxxpredictiveHög
22File/xxxxxx/xxxxxxxxxxpredictiveHög
23File/xxxxxx/xxxxxxxxxxxxpredictiveHög
24File/xxxxxx/xxxxxxxxxxxpredictiveHög
25File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictiveHög
26Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHög
27Filexxx/xxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHög
28Filexxx-xxxxxxx.xxxpredictiveHög
29Filexxxxxxxx/xxx/xxxxxxxxxxx/__xxxx__.xxpredictiveHög
30Filexxxxxxxxx.xxxpredictiveHög
31Filexxxx/xxx/xxxx/xxxx/xx/xxxxxxxxxx/xxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
32Filexxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx.xxpredictiveHög
33Filexxxx.xxxpredictiveMedium
34Filexxxx/xxxxxxxxxx/xxxxxx.xxpredictiveHög
35Filexxxxxxxxxx/xxxxxx/xxxxxxxxxxx.xxpredictiveHög
36Filexxx/xxxxxx.xxxpredictiveHög
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxx/xxxx_xxxxxxx/xxxxxxxxxxx.xxpredictiveHög
40Filexxxxx.xxxxpredictiveMedium
41Filexxxx.xxpredictiveLåg
42Filexxxxxxxxxxxx.xxxpredictiveHög
43Filexxxxxx.xxxpredictiveMedium
44FilexxxxxxxxxxxxxxpredictiveHög
45Filexxx_xxx.xxpredictiveMedium
46Filexxxx_xxxxxxxxpredictiveHög
47Filexxxxx.xpredictiveLåg
48Filexxxxxx/xx/xxxxxxx/xxxxxxx.xxpredictiveHög
49Filexxxxxx/xxxxxxxpredictiveHög
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxx/xxxxxxxxxxxx.xxpredictiveHög
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxx/xx/xxxxxx.xxpredictiveHög
54Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxx.xxpredictiveHög
55Filexxx/xxxxx.xxpredictiveMedium
56Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
57Filexxx/xxxxxxx-xxxx.xxxpredictiveHög
58Filexxxxxx/xx/xxxxxx.xxpredictiveHög
59Filexxxxxxxxx/xxxxxx.xxxxpredictiveHög
60Filexxxx-xxxxxxxx.xxxpredictiveHög
61Filexxx_xxx.xxx.xxxpredictiveHög
62Filexxxxxxxxxxxx.xxxpredictiveHög
63Filexxxx_xxxxxxx.xxxpredictiveHög
64Filexxxxxxxxxx.xxxpredictiveHög
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxpredictiveLåg
67Argumentxx-xxxpredictiveLåg
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxpredictiveLåg
70ArgumentxxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxpredictiveLåg
77ArgumentxxxxpredictiveLåg
78ArgumentxxxxpredictiveLåg
79ArgumentxxxxxxxxxpredictiveMedium
80ArgumentxxpredictiveLåg
81ArgumentxxxxxpredictiveLåg
82Argumentxxxx/xxxxxx_xxxxpredictiveHög
83ArgumentxxxxxxpredictiveLåg
84ArgumentxxxxpredictiveLåg
85ArgumentxxxxpredictiveLåg
86Argumentxxxxxx_xxpredictiveMedium
87ArgumentxxxpredictiveLåg
88Argumentxxx_xxxxpredictiveMedium
89Argumentx_xxxx.xxxxxxpredictiveHög
90ArgumentxxxxxxpredictiveLåg
91ArgumentxxxxxxxxxxxxxxxpredictiveHög
92ArgumentxxxxpredictiveLåg
93ArgumentxxxxpredictiveLåg
94ArgumentxxxxxpredictiveLåg
95Argumentxxxxxxx_xxxxpredictiveMedium
96ArgumentxxxxxxxxxxxxxxxxxpredictiveHög
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxxxxxx_xxpredictiveMedium
99Argumentxxxxx_xxxpredictiveMedium
100ArgumentxxxxpredictiveLåg
101ArgumentxxxxxxxpredictiveLåg
102ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHög
103Argumentxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHög
104ArgumentxxxxpredictiveLåg
105ArgumentxxxxxpredictiveLåg
106Argumentxxxxxxxxxxx/xxxxxxxxpredictiveHög
107ArgumentxxxxxxxxxxxxxxxxpredictiveHög
108ArgumentxxxxpredictiveLåg
109ArgumentxxxpredictiveLåg
110ArgumentxxxxpredictiveLåg
111ArgumentxxxxpredictiveLåg
112ArgumentxxxxpredictiveLåg
113Argument_xxxxxxxxx[xxx_xxxxxxxxxx]predictiveHög

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!