Dharma Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en992
de4
sv2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us34
de2
bg2
ru2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dharma2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined166
Web Browser38
Mail Client Software32
WordPress Plugin26
Content Management System22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined102
Mozilla68
Huawei30
Tenda22
Dataprobe6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Thunderbird32
Huawei HarmonyOS30
Mozilla Firefox30
Tenda F120320
OpenImageIO18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1smoothie cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2022-25929
2Fuji Electric Tellus Lite V-Simulator out-of-bounds write8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.05CVE-2022-3087
3Wp Social Plugin information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000490.00CVE-2022-47160
4Libksba CRL Signature Parser integer overflow7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001960.05CVE-2022-47629
5abacus-ext-cmdline execute command injection7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.015880.00CVE-2022-24431
6ActiveCampaign for WooCommerce Plugin Error Log authorization4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.01CVE-2022-3923
7Mozilla Thunderbird denial of service5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2022-42929
8Mozilla Thunderbird URL Parser use after free5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-40960
9Mozilla Thunderbird getEntries cross-domain policy7.27.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.00CVE-2022-42927
10Mozilla Thunderbird Garbage Collector memory corruption7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001380.00CVE-2022-42928
11Mozilla Thunderbird denial of service5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-40957
12Mozilla Thunderbird session fixiation5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-40958
13Mozilla Thunderbird initialization6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2022-40959
14Mozilla Thunderbird Email Message unknown vulnerability4.24.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000640.00CVE-2022-1520
15Mozilla Firefox ESR PK11_ChangePW use after free6.96.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2022-38476
16Mozilla Thunderbird protection mechanism6.26.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001200.00CVE-2022-40956
17Mozilla Firefox ESR VR Process use after free5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2022-1196
18Fuji Electric Tellus Lite V-Simulator stack-based overflow8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.05CVE-2022-3085
19Mozilla Thunderbird Digital Signature unknown vulnerability5.65.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000690.00CVE-2021-4126
20Mozilla Thunderbird Notification Remote Code Execution6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000970.00CVE-2022-45408

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1178.239.173.172172.173.239.178.baremetal.zare.comDharma04/26/2022verifiedHigh
2XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxx-xxxXxxxxx05/31/2021verifiedHigh
3XXX.XXX.XXX.XXXXxxxxx04/26/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-121CWE-XXXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxx Xxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/scripts/pi-hole/phpqueryads.phppredictiveHigh
2File/api/Index/getFileBinarypredictiveHigh
3File/api/User/download_imgpredictiveHigh
4File/aya/module/admin/fst_del.inc.phppredictiveHigh
5File/aya/module/admin/fst_down.inc.phppredictiveHigh
6File/conf/predictiveLow
7File/cupseasylive/countrylist.phppredictiveHigh
8File/etc/sudoerspredictiveMedium
9File/forum/away.phppredictiveHigh
10File/goform/addressNatpredictiveHigh
11File/goform/addWifiMacFilterpredictiveHigh
12File/goform/DhcpListClientpredictiveHigh
13File/goform/exeCommandpredictiveHigh
14File/goform/fast_setting_wifi_setpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
21File/xxxxxx/xxxxxxxxxxxpredictiveHigh
22File/xxxxxx/xxxxxxxxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
24File/xxxxxx/xxxxxxxxxxxpredictiveHigh
25File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
27Filexxx/xxxx/xxxxxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
28Filexxx-xxxxxxx.xxxpredictiveHigh
29Filexxxxxxxx/xxx/xxxxxxxxxxx/__xxxx__.xxpredictiveHigh
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxx/xxx/xxxx/xxxx/xx/xxxxxxxxxx/xxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
32Filexxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx.xxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxx/xxxxxxxxxx/xxxxxx.xxpredictiveHigh
35Filexxxxxxxxxx/xxxxxx/xxxxxxxxxxx.xxpredictiveHigh
36Filexxx/xxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxx/xxxx_xxxxxxx/xxxxxxxxxxx.xxpredictiveHigh
40Filexxxxx.xxxxpredictiveMedium
41Filexxxx.xxpredictiveLow
42Filexxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44FilexxxxxxxxxxxxxxpredictiveHigh
45Filexxx_xxx.xxpredictiveMedium
46Filexxxx_xxxxxxxxpredictiveHigh
47Filexxxxx.xpredictiveLow
48Filexxxxxx/xx/xxxxxxx/xxxxxxx.xxpredictiveHigh
49Filexxxxxx/xxxxxxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxx/xxxxxxxxxxxx.xxpredictiveHigh
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxxxxx/xx/xxxxxx.xxpredictiveHigh
54Filexxx/xxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxx.xxpredictiveHigh
55Filexxx/xxxxx.xxpredictiveMedium
56Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
57Filexxx/xxxxxxx-xxxx.xxxpredictiveHigh
58Filexxxxxx/xx/xxxxxx.xxpredictiveHigh
59Filexxxxxxxxx/xxxxxx.xxxxpredictiveHigh
60Filexxxx-xxxxxxxx.xxxpredictiveHigh
61Filexxx_xxx.xxx.xxxpredictiveHigh
62Filexxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxx_xxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxxx.xxxpredictiveHigh
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxpredictiveLow
67Argumentxx-xxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxpredictiveLow
70ArgumentxxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxpredictiveLow
77ArgumentxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxxxxpredictiveMedium
80ArgumentxxpredictiveLow
81ArgumentxxxxxpredictiveLow
82Argumentxxxx/xxxxxx_xxxxpredictiveHigh
83ArgumentxxxxxxpredictiveLow
84ArgumentxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86Argumentxxxxxx_xxpredictiveMedium
87ArgumentxxxpredictiveLow
88Argumentxxx_xxxxpredictiveMedium
89Argumentx_xxxx.xxxxxxpredictiveHigh
90ArgumentxxxxxxpredictiveLow
91ArgumentxxxxxxxxxxxxxxxpredictiveHigh
92ArgumentxxxxpredictiveLow
93ArgumentxxxxpredictiveLow
94ArgumentxxxxxpredictiveLow
95Argumentxxxxxxx_xxxxpredictiveMedium
96ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxxxxxx_xxpredictiveMedium
99Argumentxxxxx_xxxpredictiveMedium
100ArgumentxxxxpredictiveLow
101ArgumentxxxxxxxpredictiveLow
102ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
103Argumentxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxpredictiveLow
106Argumentxxxxxxxxxxx/xxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
108ArgumentxxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112ArgumentxxxxpredictiveLow
113Argument_xxxxxxxxx[xxx_xxxxxxxxxx]predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!