DNSpionage Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (20)

Lang

en	14
fr	4
pl	2

Land

us	18
ua	2

Skådespelare

DNSpionage	2
APT34	1
Hydra	1
Cobalt Strike	1
FIN7	1

Intressera

Typ

Not Defined	6
Programming Language Software	4
Mail Client Software	2
Messaging Software	2
Bug Tracking Software	2

Säljare

Zemanta	2
Phplinkdirectory	2
Roundcube	2
AOL	2
GitLab	2

Produkt

Zemanta Search Everything	2
Phplinkdirectory PHP Link Directory	2
Roundcube Webmail	2
AOL ICQ	2
GitLab Enterprise Edition	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Microsoft PowerPoint minneskorruption	6.5	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.24904	0.03	CVE-2017-8743
2	Joomla CMS sql injektion	7.3	6.9	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00264	0.00	CVE-2013-1453
3	PHP Link Directory Administration Page index.html cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00374	0.56	CVE-2007-0529
4	Phplinkdirectory PHP Link Directory conf_users_edit.php förfalskning på begäran över webbplatsen	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00526	0.00	CVE-2011-0643
5	AlienVault Open Source Security Information Management privilegier eskalering	9.8	9.4	$0-$5k	$0-$5k	High	Official Fix	0.95527	0.02	CVE-2014-3804
6	Intelliants Subrion CMS Members Administrator förfalskning på begäran över webbplatsen	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00150	0.00	CVE-2020-18326
7	SonicWALL SMA 100/SMA 200/SMA 210/SMA 400/SMA 410/SMA 500v File Path privilegier eskalering	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.78714	0.00	CVE-2021-20034
8	HGiga OAKlouds Mobile Portal Network Interface Card Setting Page privilegier eskalering	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00336	0.00	CVE-2021-37913
9	Siemens Cerberus DMS/Desigo CC Compact/Desigo CC CCOM Communication privilegier eskalering	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00478	0.00	CVE-2021-37181
10	Apache Struts OGNL Evaluation Privilege Escalation	6.3	6.3	$5k-$25k	$5k-$25k	Proof-of-Concept	Official Fix	0.97232	0.04	CVE-2020-17530
11	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
12	OSClass index.php findBySlug sql injektion	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00589	0.00	CVE-2012-0973
13	AOL ICQ MCRegEx__Search minneskorruption	7.3	6.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.35348	0.05	CVE-2006-4662
14	GitLab Enterprise Edition Access Control privilegier eskalering	6.7	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00064	0.00	CVE-2019-16170
15	Joomla CMS index.php privilegier eskalering	7.0	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02958	0.00	CVE-2012-1563
16	Zemanta Search Everything index.php sql injektion	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00279	0.00	CVE-2014-2316
17	Roundcube Webmail rcube_washtml.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00489	0.00	CVE-2015-1433
18	WordPress Password Reset wp-login.php mail privilegier eskalering	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02827	0.02	CVE-2017-8295

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Middle East

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	185.20.184.138	185.20.184.138.deltahost-ptr	DNSpionage	Middle East	27/03/2022	verified	Hög
2	XXX.XX.XXX.X	xxx.xx.xxx.x.xxxxxxxxx-xxx	Xxxxxxxxxx	Xxxxxx Xxxx	27/03/2022	verified	Hög
3	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxx-xxx	Xxxxxxxxxx	Xxxxxx Xxxx	27/03/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1059	CWE-94	Argument Injection	predictive	Hög
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Hög
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	admin/conf_users_edit.php	predictive	Hög
2	File	data/gbconfiguration.dat	predictive	Hög
3	File	xxxxx.xxxx	predictive	Medium
4	File	xxxxx.xxx	predictive	Medium
5	File	xx-xxxxx.xxx	predictive	Medium
6	Library	xxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxx	predictive	Hög
7	Argument	xxxxxxxxx	predictive	Medium
8	Argument	xxxx	predictive	Låg
9	Argument	xxxx xxxxxxx	predictive	Medium
10	Argument	xxxxx[xxxxxx]	predictive	Hög
11	Argument	xxxxxxxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!