Dyre Analys

IOB - Indicator of Behavior (305)

Tidslinje

Lang

en296
it6
de2
fr2

Land

ru156
us130
de6
it4
ge2

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

Google Android24
Linux Kernel6
Microsoft Windows6
Apple Mac OS X4
flatCore4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.310.00954CVE-2010-0966
3WoltLab Burning Book addentry.php sql injektion7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
4Codoforum User Registration cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00148CVE-2020-5842
5Exponent CMS user.php getUserByName Blind sql injektion8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00163CVE-2016-7781
6JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00489CVE-2010-5048
7PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.08985CVE-2006-0996
8Grandstream GXP16xx VoIP SSH Configuration Interface privilegier eskalering9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.050.00270CVE-2018-17565
9H Peter Anvin tftp-hpa minneskorruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.09742CVE-2011-2199
10Apple Mac OS X Server Wiki Server sql injektion5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.080.00339CVE-2015-5911
11Microsoft Internet Explorer gopher URI minneskorruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.58261CVE-2002-0371
12OAuth/OpenID privilegier eskalering5.34.7$0-$5k$0-$5kUnprovenUnavailable0.020.00000
13Linux Kernel Crypto Subsystem privilegier eskalering6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00042CVE-2018-14619
14vsftpd deny_file okänd sårbarhet3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.140.00312CVE-2015-1419
15Sierra Wireless ALEOS SSH/Telnet Session informationsgivning8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00448CVE-2015-2897
16AVTECH IP Camera/NVR/DVR CloudSetup.cgi privilegier eskalering9.89.5$0-$5k$0-$5kNot DefinedUnavailable0.030.00000
17Zabbix Dashboard Page svag autentisering8.28.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.31410CVE-2019-17382
18RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php privilegier eskalering6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.120.00061CVE-2024-0185
19Microsoft Windows COM+ Event System Service Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00107CVE-2022-41033
20FreePBX index.php cross site scripting8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00773CVE-2012-4870

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
137.59.2.42ns399064.ip-37-59-2.euDyre30/08/2021verifiedHög
264.70.19.202mailrelay.202.website.wsDyre01/06/2021verifiedHög
369.195.129.75Dyre01/06/2021verifiedHög
480.248.224.75Dyre30/08/2021verifiedHög
585.25.134.53delta526.dedicatedpanel.comDyre30/08/2021verifiedHög
685.25.138.12echo389.startdedicated.deDyre30/08/2021verifiedHög
7XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedHög
8XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx30/08/2021verifiedHög
9XX.XX.XX.XXXxxx.xxxx.xx.xxXxxx30/08/2021verifiedHög
10XX.XX.XXX.XXxxxxxxxxx.xx-xx-xx-xxx.xxXxxx30/08/2021verifiedHög
11XX.XXX.XXX.XXXxxx01/06/2021verifiedHög
12XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedHög
13XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedHög
14XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx30/08/2021verifiedHög
15XXX.XX.XXX.XXXxxx30/08/2021verifiedHög
16XXX.XXX.X.XXxxxxxxxxx.xxxXxxx30/08/2021verifiedHög
17XXX.XXX.XX.XXXxxx30/08/2021verifiedHög
18XXX.XXX.XX.XXXxxx30/08/2021verifiedHög
19XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xx.xxxxxx.xxxXxxx01/06/2021verifiedHög
20XXX.XXX.XX.XXXXxxx30/08/2021verifiedHög
21XXX.XXX.XXX.XXXxxx.xxxxxxxxxx.xxXxxx30/08/2021verifiedHög
22XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx30/08/2021verifiedHög
23XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx30/08/2021verifiedHög
24XXX.XXX.XXX.XXXxxx-xxx-xx.xxxx.xxxXxxx30/08/2021verifiedHög
25XXX.XX.X.XXxxx-xx-x-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx30/08/2021verifiedHög
26XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxx01/06/2021verifiedHög
27XXX.XXX.XXX.XXXXxxx28/07/2023verifiedHög
28XXX.XXX.XXX.Xxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedHög
29XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedHög
30XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxXxxx30/08/2021verifiedHög

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/config.php?display=disa&view=formpredictiveHög
2File/cgi-bin/admin/testserver.cgipredictiveHög
3File/cgi-bin/supervisor/CloudSetup.cgipredictiveHög
4File/framework/modules/users/models/user.phppredictiveHög
5File/iwguestbook/admin/badwords_edit.asppredictiveHög
6File/iwguestbook/admin/messages_edit.asppredictiveHög
7File/private/var/mobile/Containers/Data/ApplicationpredictiveHög
8File/recordings/index.phppredictiveHög
9Fileacp/core/files.browser.phppredictiveHög
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxxxxxxx.xxxpredictiveHög
12Filexxxxx/xxxxx.xxxpredictiveHög
13Filexxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHög
14Filexxxx/xxx/xxx/xxx.xpredictiveHög
15Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHög
16Filexxxx_xxxxxx.xpredictiveHög
17Filexxxxxx/xxxx.xpredictiveHög
18FilexxxxxxxpredictiveLåg
19Filexxxxxxxx_xxxxxxx.xxxpredictiveHög
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
21Filexxxxxxx/xxx/xxx-xxxxxx.xpredictiveHög
22Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHög
23Filexxxxxxx.xpredictiveMedium
24Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHög
25Filexxxxxxxxx.xxxxpredictiveHög
26Filexxxxx/xxxxxx_xpredictiveHög
27Filexxxx-xxxxxxx.xxxpredictiveHög
28Filexxxx_xxxxx.xxxpredictiveHög
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx-xxx.xpredictiveMedium
31Filexxx/xxxxxx.xxxpredictiveHög
32Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHög
33Filexxxx/xxxx/xxxxxx.xpredictiveHög
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxxxxxx/xxxxxx.xpredictiveHög
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxx.xxpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxx/xxxxxxxx-xxxxx.xpredictiveHög
40Filexxx_xxxx_xxxxxxxxx.xxpredictiveHög
41Filexxxxxxxxxxxx.xxxpredictiveHög
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxxxx.xpredictiveMedium
44Filexxxx.xpredictiveLåg
45Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHög
46Filexxxx/xxxxxxxxx/xxx::xxxxxxxxxxpredictiveHög
47Libraryxxx/xxx.xpredictiveMedium
48ArgumentxxxxxxpredictiveLåg
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxpredictiveLåg
51ArgumentxxxpredictiveLåg
52Argumentxxx_xxxpredictiveLåg
53ArgumentxxxxxxpredictiveLåg
54ArgumentxxxxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxpredictiveLåg
56ArgumentxxxxxxpredictiveLåg
57ArgumentxxpredictiveLåg
58ArgumentxxxxxpredictiveLåg
59ArgumentxxxxxpredictiveLåg
60Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHög
61ArgumentxxxxpredictiveLåg
62Argumentxxxxx_xxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxpredictiveLåg
66Argumentxxxxxx_xxxxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxpredictiveLåg
71ArgumentxxxxxxxxpredictiveMedium
72Argumentxxxxxxxx/xxxxpredictiveHög
73Argumentxxxxxx_xxxxxxxxpredictiveHög
74Input Value'>[xxx]predictiveLåg
75Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHög
76Input ValuexxpredictiveLåg
77Input Value[xxx][/xxx]predictiveMedium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!