Decoy Dog Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
zh8
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn22
us8
ru6
ga4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Decoy Dog3
Cobalt Strike2
Mirai_ptea1
Sliver1
Mirai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Content Management System6
Mail Server Software4
Unified Communication Software2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Apache4
Cisco2
Tortoise2
Fiyo2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Exim4
Apache NiFi2
Cisco Unity Connection2
Tortoise ORM2
Fiyo CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apache NiFi ExtractCCDAAttributes Processor xml external entity reference6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001290.00CVE-2023-22832
2imgurl localhost sql injection4.64.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.03CVE-2022-29305
3atoms183 CMS product_admin.php sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001570.04CVE-2021-35283
4Cisco Unity Connection unrestricted upload8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001270.06CVE-2024-20272
5Tortoise ORM Mass Update sql injection6.35.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.04CVE-2020-11010
6Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.34CVE-2014-4078
7National Education Technologies Boomerang Parental Control App ADB Backup information disclosure1.81.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.00CVE-2023-36620
8Seiko Epson Product untrusted search path6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000900.02CVE-2020-5674
9Lexmark Device input validation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.191210.00CVE-2023-26068
10Skipper File unrestricted upload5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.003430.02CVE-2022-27262
11jQuery Cookie Prototype cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000680.02CVE-2022-23395
12Node.js permission6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001460.03CVE-2023-23918
13OpenSSH Supplemental Group privileges management4.64.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000560.09CVE-2021-41617
14zzcms Cookie search.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.05CVE-2018-18791
15Fuel CMS 1 sql injection8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.411000.00CVE-2020-24791
16gVectors wpDiscuz Plugin wmuUploadFiles code injection9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.974900.03CVE-2020-24186
17WP Visitor Statistics Plugin AJAX Action refDetails sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.019450.00CVE-2021-24750
18ImpressCMS findusers.php sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.009390.00CVE-2021-26599
19Xerte fileupload.php path traversal6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.062880.00CVE-2021-44664
20ChurchCRM WhyCameEditor.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.008550.02CVE-2022-31325

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.22.152.227exdamnhust.comDecoy Dog02/19/2024verifiedHigh
2XXX.XXX.XXX.XXXxxxx Xxx02/19/2024verifiedHigh
3XXX.XX.XX.XXxxxxx.xxxxxxxxxxxx.xxxXxxxx Xxx02/19/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/churchcrm/WhyCameEditor.phppredictiveHigh
2File/newpredictiveLow
3File/upload/localhostpredictiveHigh
4Filexxxx_xxxxxxxx.xxxpredictiveHigh
5Filexxxxxx.xxxpredictiveMedium
6Filexxxxx/predictiveLow
7Filexxx/xxxxxxx.xxxpredictiveHigh
8Filexxxxxxx/xxxxxxxxx.xxxpredictiveHigh
9Filexxxxx/xxxxxxx/xpredictiveHigh
10Filexxxxxxx_xxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxx\xxxxxxx\xxxxx\xxxxxxx.xxxpredictiveHigh
13Filexxxxxxx_xxxx/xxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
14Filexx/xxxxxx.xxxpredictiveHigh
15Argumentxxx=xxxx/xxx=xxxxpredictiveHigh
16Argumentxxxx_xxxxxxx_xxpredictiveHigh
17ArgumentxxxxxxpredictiveLow
18ArgumentxxxxxxxxxpredictiveMedium
19Argumentxxxx/xxxxx/xxpredictiveHigh
20ArgumentxxxxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxxxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24Input Valuexxxx+x@!xxxx+predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!