Dofloo Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (90)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en86
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us28
es2
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Azorult1
Cobalt Strike1
Dofloo1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Operating System10
Programming Tool Software6
Smartphone Operating System6
File Transfer Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Microsoft8
Google4
Netgear4
Apple4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
Microsoft Visual Studio4
Unisoc T6104
Unisoc T6064
Unisoc T7604

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1CmsEasy GET Request image.admin.php path traversal4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-31551
2White Bear Solutions WBSAirback cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-3782
3Totolink EX200 getWiFiExtenderConfig information disclosure4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-31812
4Linux Kernel devlink_init use after free5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2024-26734
5Schneider Electric Harmony Control Relay RMNF22TB30 NFC improper authentication8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-0568
6PHPEMS Session Data session.cls.php deserialization7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.005420.06CVE-2023-6654
7Responsive Filemanager unrestricted upload6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.03CVE-2022-44276
8Adobe ColdFusion deserialization8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003870.04CVE-2023-44353
9Slimstat Analytics Plugin Setting cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-40676
10Tenda AC8 SetNetControlList stack-based overflow7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.04CVE-2023-40900
11Sentry Debug improper authorization6.26.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.03CVE-2023-36826
12Travelmate Travelable Trek Management Solution Comment Box cross site scripting3.12.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.09CVE-2023-3862
13Wireshark iSCSI Dissector buffer over-read4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2023-3649
14WP ERP Plugin Setting process_crm_contact cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2020-36735
15Netgear RAX30 UPnP command injection8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.02CVE-2023-35722
16Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.17CVE-2007-2046
17Microsoft Windows DNS Server Privilege Escalation6.66.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.008030.00CVE-2023-28256
18eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.23
19Unisoc S8000 WLAN Driver denial of service4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2022-47457
20MediaTek MT8788 ion toctou5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2023-20623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
149.0.248.230ecs-49-0-248-230.compute.hwclouds-dns.comDofloo12/20/2021verifiedHigh
2XXX.XXX.XX.XXXxxxxx03/02/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/goform/SetNetControlListpredictiveHigh
2File/goform/WifiBasicSetpredictiveHigh
3File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
4Fileadclick.phppredictiveMedium
5Filexxx/xxxx_xxxx_xxxxxx.xxxpredictiveHigh
6Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
7Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
8Filexxxxxxx/xxxx/xxxxxxxx/xxxxxxxx.xpredictiveHigh
9Filexxxxx/xxxx.xxxpredictiveHigh
10FilexxxpredictiveLow
11Filexxxxxxxx.xxxpredictiveMedium
12FilexxxxxxpredictiveLow
13Filexxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xpredictiveMedium
15Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
16File~/xxxxxxxxxxxxx.xxxpredictiveHigh
17Libraryxxx/xxxxx/xxxxx.xxxxx.xxxpredictiveHigh
18Libraryxxx/xxxxxxx.xxx.xxxpredictiveHigh
19Libraryxxxxxxxx.xxxpredictiveMedium
20Argument--xxxxx/--xxxxxpredictiveHigh
21ArgumentxxxxxxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
24ArgumentxxxxpredictiveLow
25ArgumentxxxxxxxxpredictiveMedium
26Argumentxxxxx[xxxxx][xx]predictiveHigh
27ArgumentxxxxxxpredictiveLow
28ArgumentxxxxpredictiveLow
29ArgumentxxxxpredictiveLow
30Argumentxx_xxxxpredictiveLow
31Argumentx_xxxxpredictiveLow
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxxpredictiveLow
34Network Portxxx/xxxx (xxxx) & xxx/xxxx (xx-xxxx)predictiveHigh

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!