Dust Storm 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

语言

en	962
zh	38

国家/地区

cn	994
us	6

演员

Mirai	1

利益

类型

Not Defined	230
Web Browser	28
Operating System	26
Smartphone Operating System	22
Content Management System	18

供应商

Not Defined	176
Apple	44
Oracle	34
Google	26
IBM	20

产品

Google Android	14
Apple Safari	12
Qualcomm Snapdragon Auto	12
Qualcomm Snapdragon Mobile	12
Google Chrome	12

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	librsvg URL Decoder 目录遍历	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00158	0.00	CVE-2023-38633
2	Pluck CMS Installation install.php 跨网站脚本	3.5	3.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00051	0.19	CVE-2023-5013
3	Windriver VxWorks 权限升级	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01132	0.04	CVE-2013-0716
4	Windriver VxWorks 弱加密	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00151	0.04	CVE-2010-2967
5	Windriver VxWorks Hardcoded Credentials 权限升级	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00372	0.04	CVE-2010-2966
6	Cisco RV340 Web-based Management Interface 内存损坏	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00699	0.04	CVE-2020-3451
7	jeecgboot JimuReport Template 权限升级	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00457	0.08	CVE-2023-4450
8	Adminer adminer.php 权限升级	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02092	0.05	CVE-2021-21311
9	Wagtail String Comparison 信息公开	4.0	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-11037
10	Netgear D3600/D6000/D6100/R6100 内存损坏	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00079	0.00	CVE-2018-21217
11	Netgear WNR2050 Reflected 跨网站脚本	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2018-21209
12	pixl-class create 权限升级	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00347	0.00	CVE-2020-7640
13	Mozilla Firefox Private Browsing Password 弱身份验证	2.8	2.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2020-6824
14	Mozilla Firefox/Firefox ESR/Thunderbird 内存损坏	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00309	0.00	CVE-2020-6822
15	Advanced Woo Search Plugin class-aws-search.php 信息公开	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00264	0.03	CVE-2020-12070
16	Nginx Controller TLS 弱身份验证	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00178	0.00	CVE-2020-5864
17	Netgear R7800 权限升级	6.1	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2018-21106

活动 (1)

These are the campaigns that can be associated with the actor:

Dust Storm

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	6.9.2.1		Dust Storm	Dust Storm	2020-12-23	verified	高
2	23.238.229.128		Dust Storm	Dust Storm	2020-12-23	verified	高
3	27.255.72.68		Dust Storm	Dust Storm	2020-12-23	verified	高
4	27.255.72.69		Dust Storm	Dust Storm	2020-12-23	verified	高
5	27.255.72.78		Dust Storm	Dust Storm	2020-12-23	verified	高
6	59.120.59.2	59-120-59-2.hinet-ip.hinet.net	Dust Storm	Dust Storm	2020-12-23	verified	高
7	59.188.13.133		Dust Storm	Dust Storm	2020-12-23	verified	高
8	XX.XXX.XX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
9	XX.XXX.XXX.XX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
10	XX.XXX.XXX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
11	XXX.X.X.XX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
12	XXX.XX.XXX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
13	XXX.XX.XXX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
14	XXX.XXX.XX.XX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
15	XXX.XXX.XX.XX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
16	XXX.XX.XXX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
17	XXX.XX.XXX.XX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
18	XXX.XXX.XXX.XX	xxxxxx-xx-xx-xxx-xxx-xxx.xxx.xxxxxx.xxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
19	XXX.XXX.XXX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
20	XXX.XX.XX.XX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
21	XXX.XXX.XXX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
22	XXX.XX.XX.XX	xxx.xxxxxxx.xxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
23	XXX.XXX.XXX.XXX	xxx.xxxx.xxx.xx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
24	XXX.XXX.XXX.XXX	xxxxx.xxxx.xx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
25	XXX.XXX.XX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
26	XXX.XX.XX.XXX	xx.xx.xx.xxxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
27	XXX.X.XXX.XXX	xxxxxxxxxxxxxxxxxxxx.xxxxx.xxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
28	XXX.XX.XXX.XXX	xxxxxxxxxxxxxxxxxxxx.xxxxx.xxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
29	XXX.XX.XXX.XXX	xxxxxxxxxxxxxxxxxxxx.xxxxx.xxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
30	XXX.XXX.XX.XXX	xxxxxxxxxxxxxxxxxxxx.xxxxx.xxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
31	XXX.XX.XX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
32	XXX.XX.XX.XXX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
33	XXX.XX.XXX.XX	xxx-xx-xxx-xx.xxxxx-xx.xxxxx.xxx	Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高
34	XXX.XX.XXX.XX		Xxxx Xxxxx	Xxxx Xxxxx	2020-12-23	verified	高

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CWE-88, CWE-94	Argument Injection	predictive	高
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
5	T1068	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	高
6	TXXXX	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	高
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
11	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
12	TXXXX	CWE-XXX	Xxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxx	predictive	高
13	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	高
15	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	高
17	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
18	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
19	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
20	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高
21	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (184)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	.htaccess	predictive	中
2	File	/admin.php?p=/Area/index#tab=t2	predictive	高
3	File	/bin/sh	predictive	低
4	File	/gateway/services/EdgeServiceImpl	predictive	高
5	File	/goform/net\_Web\_get_value	predictive	高
6	File	/HNAP1	predictive	低
7	File	/Maintenance/configfile.cfg	predictive	高
8	File	/module/comment/save	predictive	高
9	File	/rest	predictive	低
10	File	/root	predictive	低
11	File	/scripts/unlock_tasks.php	predictive	高
12	File	/tmp	predictive	低
13	File	/topic	predictive	低
14	File	/upload/localhost	predictive	高
15	File	/wp-admin/admin-ajax.php	predictive	高
16	File	account/login.php	predictive	高
17	File	ActiveMQConnection.java	predictive	高
18	File	ActivityManagerService.java	predictive	高
19	File	admin/app/mediamanager	predictive	高
20	File	admin/cms/template/getTemplates.html?res_path=res	predictive	高
21	File	xxxxx/xxxxxx.xxx	predictive	高
22	File	xxxxx/xxxxxxxx/xxxxxxxxxxxx?xx=xx	predictive	高
23	File	xxxxx/_xxxxxxx.xxx	predictive	高
24	File	xxxxxxx.xxx	predictive	中
25	File	xxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxx	predictive	高
26	File	xxx.xxx/xxx/xxxxxx	predictive	高
27	File	xxx/xxxxxx/xxxxxxxxxx.xxx	predictive	高
28	File	xxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx_xxxxxxx.xxxxx.xxx	predictive	高
29	File	xxxxx/xxx_xxxx.x	predictive	高
30	File	xxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
31	File	xxxxxx/xxxxxx/	predictive	高
32	File	xxxxxxxxx-xxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxx	predictive	高
33	File	xxx_xx_xxx.xx	predictive	高
34	File	xxxxxxxxxx.x	predictive	中
35	File	xxxxx.xx	predictive	中
36	File	xxx-xxx/xxxx/xxxxx/xxxxxxx/xxxxxxxx/xxxxxxxx	predictive	高
37	File	xxx.xxx	predictive	低
38	File	xxx.xxxxxxxx.xxxxxxx.xxx.xxx.xxxxxxxxxxxxx	predictive	高
39	File	xxxxxxxxxx/xxx.xx	predictive	高
40	File	xxxxxx.xxx	predictive	中
41	File	xxxx/xxxxxxxxxxx.xxx	predictive	高
42	File	xxxxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxx	predictive	高
43	File	xxxxxx_x_x.xxx	predictive	高
44	File	xxxxxxxxx_xxx_xxxxxx_xxx/	predictive	高
45	File	xxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxx/xxxx.x	predictive	高
46	File	xxxxxxx/xx/xxxxxxxx.x	predictive	高
47	File	xxx_xxx.x	predictive	中
48	File	xxxxxxx/xxxxxxxx.xxx	predictive	高
49	File	xxx-xxxxx.x	predictive	中
50	File	xxx/xxxxxx/xxx/?xxxxxx=xxxx&xx=xxx	predictive	高
51	File	xxxxxxxx_xxx.x	predictive	高
52	File	xxxxxx.xxx	predictive	中
53	File	xxxxxxxxxxxxxxxxx.xxxx	predictive	高
54	File	xxxxxxxx.xx	predictive	中
55	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxx	predictive	高
56	File	xx/xxxx/xxxxx.x	predictive	高
57	File	xxxxxxxxxx.x	predictive	中
58	File	xxxxxx/xxxx/xxxxxx.xxx	predictive	高
59	File	xxxxxxxxxxxxx.xxx	predictive	高
60	File	xxxxx.xxx	predictive	中
61	File	xxxx/xxxx.x	predictive	中
62	File	xxxxxxxx/xxxx.xxx	predictive	高
63	File	xxxxxxxx/xxxxx-xxx-xxxxxx.xxx	predictive	高
64	File	xxxxx.xxx	predictive	中
65	File	xxxxx.xxx?x=/xxxxx/xxxxxx/xxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx	predictive	高
66	File	xxxxx_xxxxxx.xxx	predictive	高
67	File	xxxxxxx.xxx	predictive	中
68	File	xxxxxxxxxxxxxxx.xxxxx.xxxxxx	predictive	高
69	File	xxxxxxxx/xxxxx_xxxxxx.xxx	predictive	高
70	File	xxx-xxxx.x	predictive	中
71	File	xxxxxxxxxxx.xx	predictive	高
72	File	xxxxxxx-xxxxxxx.xxx	predictive	高
73	File	xxxxxxxx.x	predictive	中
74	File	xxx.x	predictive	低
75	File	xxxxxxxxxx/xxxxxx.x	predictive	高
76	File	xxxxxxx/xxxxx.x	predictive	高
77	File	xxxxxx.x	predictive	中
78	File	xxxxxx_xxxx_xx_xx_xxx.x	predictive	高
79	File	xxxxxxx/xxxxx_xxxx.xxx	predictive	高
80	File	xxxx.x	predictive	低
81	File	xxxxxxxx.xxx	predictive	中
82	File	xxxxxx.x	predictive	中
83	File	xxxxxxxx.xxx	predictive	中
84	File	xxxxx.x	predictive	低
85	File	xxx/xxxxxxxxxx/xxxxxx.x	predictive	高
86	File	xxx/xxxx/xx_xxxx.x	predictive	高
87	File	xxxxxx.x	predictive	中
88	File	xxxx_xxxx.xxx	predictive	高
89	File	xxxxx/xxxx-xxxxx.xxx	predictive	高
90	File	xxxxxxxx.xxx	predictive	中
91	File	xxxx.xxx	predictive	中
92	File	xxxxxxxxxxxxxx.xxx	predictive	高
93	File	xxxxxxxx_xxx.xxx	predictive	高
94	File	xx-xxxxx/xxxxx.xxx?xxx=xxxx&xxx=xxxxxx	predictive	高
95	File	xxxxxxx.xxx	predictive	中
96	File	xxxxxx/xxx.xxx	predictive	高
97	File	xxxxx.xxx	predictive	中
98	File	x/xxxxx/xxxxxxx/xxxx/xxx	predictive	高
99	File	xxxxxxx/xxxxxxxxxx.xxx	predictive	高
100	File	xxxxxx-xxx-xxxx.x	predictive	高
101	File	xxxxxxxxxxxxxxxxxxx.xxxx	predictive	高
102	File	xxxxxxxxxx.x	predictive	中
103	File	xxxxxx/xxxx_xxxxxxx?xxx	predictive	高
104	File	xxxxxxxxxxxx/xxxxx.xx	predictive	高
105	File	xxx_xxxxx.x	predictive	中
106	File	xxxxx/xxxx_xxxx.x	predictive	高
107	File	xxx.xxx	predictive	低
108	File	xxxx/xxxx.xxx	predictive	高
109	File	xxxxx/x/xxxx	predictive	中
110	File	xxxx_xxxxxx.xxx	predictive	高
111	File	xxx_xxxxxx.x	predictive	中
112	File	xxxxxxxxxx	predictive	中
113	File	xxxxxxxxxxxxx.xxx	predictive	高
114	File	xxxxxxxxxxx.xxx	predictive	高
115	File	xx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxxx_xxxx_xxxxxxx	predictive	高
116	File	xx.xxx	predictive	低
117	File	xxxxxxxx.x	predictive	中
118	Library	xxxxxxxxx.xxx	predictive	高
119	Library	xxx/xxxx/xxxxxxxxxx.xx	predictive	高
120	Library	xxxxxxx_xxxxx_xxxxxx	predictive	高
121	Library	xxxxx.xxx	predictive	中
122	Library	xxxxxx/xxxx/xxxxxx/xxxxx.x	predictive	高
123	Library	xxxxx.xxx	predictive	中
124	Library	xxxxx.xxx	predictive	中
125	Argument	-x	predictive	低
126	Argument	xxxxxxxxxxx	predictive	中
127	Argument	xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxx/xxxxx/xxxxx_xxxxxxx	predictive	高
128	Argument	xxxxx	predictive	低
129	Argument	xxxxxxx/xxxxxxxx	predictive	高
130	Argument	xxxxxxxx	predictive	中
131	Argument	xxxxxxx/xxxx	predictive	中
132	Argument	xxxxxxxx	predictive	中
133	Argument	xxxxx	predictive	低
134	Argument	xxxxxxxxxxxxxxxx	predictive	高
135	Argument	xxx	predictive	低
136	Argument	xxxxxx	predictive	低
137	Argument	xxxxx_xxxx	predictive	中
138	Argument	xxxxxx[xxxxxxxxxxxxxx]	predictive	高
139	Argument	xxxxxxxxx/xxxxxxxxxx/xxxxx/xxxxxxx/xxxxxxx/xxxxxxxx	predictive	高
140	Argument	xxxx	predictive	低
141	Argument	xxxxxx	predictive	低
142	Argument	xxxxxxxxx	predictive	中
143	Argument	xxxxx	predictive	低
144	Argument	xxxxxxx	predictive	低
145	Argument	xxx	predictive	低
146	Argument	x_xx	predictive	低
147	Argument	xxxx	predictive	低
148	Argument	xxxx_xx	predictive	低
149	Argument	xxxxxxxx	predictive	中
150	Argument	xxx	predictive	低
151	Argument	xxxxxxxxxx/xxxxxxxxxxxx	predictive	高
152	Argument	xxxxx	predictive	低
153	Argument	xxx_xxxxx	predictive	中
154	Argument	xxxxxxxx	predictive	中
155	Argument	xxxxxxxx	predictive	中
156	Argument	xxxxxxxx	predictive	中
157	Argument	xxxxxxxx	predictive	中
158	Argument	xxxx_xx	predictive	低
159	Argument	xxxxxxxxxxxxxxxx	predictive	高
160	Argument	xxxxxxxxxxxxxx	predictive	高
161	Argument	xxxxxx	predictive	低
162	Argument	xxxxxxxxxxxxxxxxxxx	predictive	高
163	Argument	xxxxxxxxxxxxxxx	predictive	高
164	Argument	xxxxxxxx/xxxxxxxxxxxxx	predictive	高
165	Argument	xxx	predictive	低
166	Argument	xxxx	predictive	低
167	Argument	xxxxxx-xxx	predictive	中
168	Argument	xxxxxx xxxxx/xxxxxx xxxx	predictive	高
169	Argument	xxxxxxxxx	predictive	中
170	Argument	xxxxxxxxxx	predictive	中
171	Argument	xx_xxxx_xxxxxxx/xx_xxxxxx_xxxxxxxx	predictive	高
172	Input Value	../	predictive	低
173	Input Value	x xxx xxxxx(x)	predictive	高
174	Input Value	<?xxx	predictive	低
175	Input Value	<xxxxxx>xxxxx('xxx')</xxxxxx>	predictive	高
176	Input Value	xxxx@xx	predictive	低
177	Input Value	xxxxxxxx	predictive	中
178	Input Value	xxxxxxxxxx&#x;:xxxxx	predictive	高
179	Input Value	xxxx=xxx-xxxxxxxx-xxxxxxx	predictive	高
180	Network Port	xxxx	predictive	低
181	Network Port	xxx/xx (xxx)	predictive	中
182	Network Port	xxx/xxx	predictive	低
183	Network Port	xxx/xxxx	predictive	中
184	Network Port	xxx/xxxxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!