Dfni 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

时间轴

语言

en28
es2
ru2

国家/地区

us14
ua12
de2
ru2

演员

Dfni2
BEAR1
GreyEnergy1
Dridex1
Clop1

活动

利益

时间轴

类型

Not Defined14
Web Browser2
Content Management System2
Router Operating System2
WordPress Plugin2

供应商

Not Defined16
Mozilla2
D-Link2
Juniper2
APC2

产品

Mozilla Firefox2
D-Link DCS-930L2
D-Link DCS-932L2
Drupal2
cocoapods-downloader2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1IBM Security AppScan Enterprise Enterprise Source Database 弱加密9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.000820.00CVE-2013-3989
2raspap-webgui activate_ovpncfg.php 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.899660.00CVE-2022-39986
3PHP Everywhere Plugin Shortcode Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.02CVE-2022-24663
4Add Link to Facebook Plugin profile.php 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000570.03CVE-2018-5214
5openmosix libmosix.c this 内存损坏4.04.0$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2008-1865
6User Post Gallery Plugin 权限升级8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.042520.00CVE-2022-4060
7eSST Monitoring 权限升级7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-41631
8Boa Web Server HEAD Method 权限升级6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.001120.02CVE-2022-45956
9GitLab Privilege Escalation5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.04CVE-2021-22263
10ThinkPHP 权限升级7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2022-44289
11SuiteCRM Accounts/Contacts/Opportunities/Leads 权限升级6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2020-15301
12cocoapods-downloader 权限升级6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.00CVE-2022-21223
13PHP Everywhere Plugin Metabox Privilege Escalation8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001080.00CVE-2022-24664
14APC UPS Network Management Card 2 AOS Remote Monitoring Credentials 信息公开7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002220.00CVE-2018-7820
15APC Switched Rack Pdu 弱身份验证7.56.6$0-$5k$0-$5kUnprovenUnavailable0.012630.00CVE-2007-6226
16Dropbear SSH dropbearconvert 权限升级8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009560.02CVE-2016-7407
17Dropbear SSH 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.029110.09CVE-2016-7406
18Supermicro H8dgu-f Intelligent Platform Management Interface PrivilegeCallBack 权限升级9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.016150.00CVE-2013-3609
19Drupal 权限升级5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.00CVE-2017-6928
20D-Link DCS-930L/DCS-932L Authentication 信息公开5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000000.02

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.149.248.134Dfni2022-04-08verified
2XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx2022-04-08verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1059CWE-88Argument Injectionpredictive
2T1059.007CWE-79Cross Site Scriptingpredictive
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXXxx Xxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/ajax/openvpn/activate_ovpncfg.phppredictive
2FileFlexCell.ocxpredictive
3Filexxxxxxxx.xpredictive
4Filexxxxx-xxxxxxx.xxxpredictive
5Filexx-xxxxx/xxxxxxx.xxxpredictive
6Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictive
7Argumentxxxxx_xxxxxxxx_xxpredictive
8Argumentxxx_xxpredictive
9Argumentxxpredictive
10Argumentxxxxpredictive
11Argumentxxx_xxpredictive
12Argumentxxxxpredictive
13Argumentxxxxxxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!