Dragonfly Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en906
de32
fr16
es14
ru14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us902
ru26
gb14
lu4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dragonfly12
Cobalt Strike3
Meterpreter2
Ryuk1
TA4061

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined70
Operating System34
Content Management System12
Router Operating System8
File Transfer Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined66
Microsoft22
Apple16
Linux6
Invision Power Services4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Apple Mac OS X Server10
Linux Kernel6
Microsoft IIS4
Excite EWS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.75CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.62CVE-2007-1167
4Apple Mac OS X Server input validation6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2010-1821
5OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
6Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003390.91CVE-2015-5911
7Microsoft Windows OLE olecnv32.dll access control7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.638640.00CVE-2017-8487
8Apple Mac OS X Server Profile Manager input validation7.56.5$5k-$25k$0-$5kUnprovenOfficial Fix0.018760.03CVE-2013-0269
9Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.21CVE-2005-4222
10Microsoft Windows SPNEGO Extended Negotiation Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.006620.00CVE-2022-37958
11Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.00CVE-2006-3347
12Article Dashboard signup.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002400.00CVE-2007-4333
13PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
14Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.08CVE-2006-6338
15Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.46
16Microsoft Windows Mark of the Web unknown vulnerability5.45.1$25k-$100k$5k-$25kHighOfficial Fix0.003430.00CVE-2022-41091
17Synacor Zimbra Collaboration Suite sudo Configuration zmslapd access control8.38.3$0-$5k$0-$5kHighOfficial Fix0.001140.04CVE-2022-37393
18vsftpd Service Port 6200 os command injection8.58.4$25k-$100k$25k-$100kNot DefinedWorkaround0.858610.16CVE-2011-2523
19MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.91CVE-2007-0354
20Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.40CVE-2020-15906

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Karagany

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.119.124Dragonfly06/16/2021verifiedHigh
25.135.104.77DragonflyKaragany12/16/2020verifiedHigh
35.196.167.184ip184.ip-5-196-167.euDragonfly06/16/2021verifiedHigh
437.139.7.16Dragonfly06/16/2021verifiedHigh
551.159.28.10151-159-28-101.rev.poneytelecom.euDragonfly06/16/2021verifiedHigh
6XX.XX.XX.XXXXxxxxxxxx12/24/2020verifiedHigh
7XX.XXX.XXX.XXXxxxxxx.xxxxxxx-xxxxx.xxXxxxxxxxx12/16/2020verifiedHigh
8XX.XXX.XX.XXxxx.xxxxxxxx.xxXxxxxxxxx06/16/2021verifiedHigh
9XX.XXX.XXX.XXXxxxxxx-xx.xxxxxxx.xxxXxxxxxxxx01/01/2021verifiedHigh
10XX.XXX.XXX.XXXXxxxxxxxx01/01/2021verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxx06/16/2021verifiedHigh
12XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxx06/16/2021verifiedHigh
13XXX.X.XX.XXXxxxxxxxx06/16/2021verifiedHigh
14XXX.XX.XX.XXxxxxxxxx.xx-xxx-xx-xx.xxxXxxxxxxxx06/16/2021verifiedHigh
15XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxx.xxxXxxxxxxxxXxxxxxxx12/16/2020verifiedHigh
16XXX.XX.XXX.XXxx.xxxxxxxxxxxxxx.xxxxxXxxxxxxxxXxxxxxxx12/16/2020verifiedHigh
17XXX.XX.XXX.XXXxxxxxxxx06/16/2021verifiedHigh
18XXX.XXX.XXX.XXXXxxxxxxxx12/24/2020verifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxxx12/24/2020verifiedHigh
20XXX.XXX.XX.XXXxxxxxx.xxxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx06/16/2021verifiedHigh
21XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxxxxxxx.xxxXxxxxxxxx06/16/2021verifiedHigh
22XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxxxxxxx.xxxXxxxxxxxx06/16/2021verifiedHigh
23XXX.XX.XXX.XXxxxxxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXEpredictiveHigh
2File/cgi-bin/system_mgr.cgipredictiveHigh
3File/s/predictiveLow
4File/secure/admin/ImporterFinishedPage.jspapredictiveHigh
5File/uncpath/predictiveMedium
6File/wbg/core/_includes/authorization.inc.phppredictiveHigh
7File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
8Fileadclick.phppredictiveMedium
9Fileadmin/import/class-import-settings.phppredictiveHigh
10Fileajax/comments.phppredictiveHigh
11Filearchitext.confpredictiveHigh
12Fileattachment_send.phppredictiveHigh
13Fileauth2-gss.cpredictiveMedium
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxx.xxxpredictiveMedium
23Filexxxx.xpredictiveLow
24Filexxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxx.xxxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxx/xxxxxx.xxxpredictiveHigh
29Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx/xxxxx.xxxpredictiveHigh
32Filexxxxxx/xxxxx.xpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxx_xxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexxxx.xpredictiveLow
38Filexxxxxxxxxxxxxxx/predictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxxxx.xpredictiveMedium
43Filexxxxxx_xxxxxx.xxxpredictiveHigh
44Filexxxxxx.xxxpredictiveMedium
45Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
48Filexxxx-xxxxx.xxxpredictiveHigh
49Filexxxx-xxxxxxxx.xxxpredictiveHigh
50Filexx_xxxxx.xxxpredictiveMedium
51Filexxxxxxxxxxx.xxxx.xxxpredictiveHigh
52Filexxxxxxx.xpredictiveMedium
53Filexxxx_xxxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxx/xxxxx/xxxxx.xxxpredictiveHigh
56Filexxxxx/xxxxxxxxpredictiveHigh
57Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
58Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
59Filexxxxxxxxxx.xxxpredictiveHigh
60FilexxxxxxxpredictiveLow
61File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
62Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
63Libraryxxx/xxxxxx/xxxxxxxxx.xxpredictiveHigh
64Libraryxxxxxxxx.xxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66Argumentxxxxxx_xx[]predictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxpredictiveLow
72ArgumentxxxpredictiveLow
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxpredictiveLow
78Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
79Argumentxxxxxx/xxxxxxxxx/xxxxxx_xxxxpredictiveHigh
80ArgumentxxxxpredictiveLow
81Argumentxx_xxxxxxpredictiveMedium
82Argumentxxxxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHigh
83Argumentxxxx_xxxxpredictiveMedium
84ArgumentxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86Argumentxxxx_xxxxpredictiveMedium
87ArgumentxxxpredictiveLow
88ArgumentxxxxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxpredictiveLow
91ArgumentxxxpredictiveLow
92ArgumentxxxpredictiveLow
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxxx_xxpredictiveLow
96Argumentxxx_xxxxxpredictiveMedium
97Argument_xxx_xxxxxxxxxxx_predictiveHigh
98Argument__xxxxxxxxxpredictiveMedium
99Input ValuexxxxxxxxpredictiveMedium
100Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
101Network Portxxx/xxxxpredictiveMedium
102Network Portxxx/xxxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!