Dracarys Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (194)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en186
ru4
fr2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38
tr24
ru4
es2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine1
Candiru1
BazarLoader1
FTP Info Stealer1
Bitter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined94
Content Management System20
Operating System16
WordPress Plugin12
JavaScript Library4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined86
Google6
Microsoft6
Netgear4
VMware4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FreeBSD6
Microsoft Windows6
Google Android4
CMS Made Simple4
Huawei HarmonyOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DeDeCMS Backend file_class.php unrestricted upload6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.05CVE-2023-7212
2SmarterTools SmarterMail path traversal6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.04CVE-2019-7213
3cumin Server Certificate Validator certificate validation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000900.05CVE-2013-0264
4PostgreSQL privilege dropping / lowering errors8.07.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.13CVE-2024-0985
5DeDeCMS co_do.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001890.02CVE-2018-19061
6DedeCMS selectimages.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.03CVE-2023-49493
7DeDeCMS select_images_post.php code injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.019580.00CVE-2018-20129
8DedeCMS article_allowurl_edit.php code injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001180.05CVE-2023-2928
9DeDeCMS downmix.inc.php Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.024220.02CVE-2018-6910
10Plesk Obsidian Login Page injection5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.09CVE-2023-24044
11Tenda AC10U fromAddressNat stack-based overflow6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.00CVE-2024-0927
12Xen Orchestra improper authorization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2021-36383
13Unisoc T760/T770/T820/S8000 Sim Service permission5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2023-42655
14Microsoft Windows SmartScreen Remote Code Execution8.88.5$25k-$100k$5k-$25kHighOfficial Fix0.009610.04CVE-2023-32049
15tsolucio corebos cross site scripting5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2023-3073
16SICK FTMg Air Flow Sensor REST Interface observable response discrepancy5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001300.00CVE-2023-23449
17PHP unserialize use after free5.34.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.721200.03CVE-2015-0231
18Microsoft Windows DHCP Server Service Remote Code Execution8.68.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.085100.00CVE-2023-28231
19payload CMS information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.05CVE-2023-30843
20Google Android PowerVR Kernel Driver PVRSRVBridgeRGXKickVRDM integer overflow6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2021-0872

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.140.114.22Dracarys10/07/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
20TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/acms/classes/Master.php?f=delete_cargopredictiveHigh
2File/admin.php/news/admin/topic/savepredictiveHigh
3File/admin/comn/service/update.jsonpredictiveHigh
4File/dev/shmpredictiveMedium
5File/dl/dl_print.phppredictiveHigh
6File/getcfg.phppredictiveMedium
7File/ofcms/company-c-47predictiveHigh
8File/usr/sbin/httpdpredictiveHigh
9File/util/print.cpredictiveHigh
10File/web/MCmsAction.javapredictiveHigh
11Filexxx-xxxx.xpredictiveMedium
12Filexxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
13Filexxxxx.xxx/xxxxx/xxxxxxxxx/xxxxx/xxxxx/xxxxxx.xxxxpredictiveHigh
14Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxx-xxxx.xxxpredictiveMedium
17Filexxxxxxxxx.xpredictiveMedium
18Filexxxx\xx_xx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxxx/xxx/xx/xxxxxxxxxx.xpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxx_xxxxx.xxxpredictiveHigh
23Filexxxxxxx_x.xpredictiveMedium
24Filexxxxx_xxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
26Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
29Filexxxxxxxxx/xxxxxxxxx/xxxxxxxxx_xxxxx_xxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxx_xxxx.xpredictiveHigh
31Filexxx_xxxxxx_xxxxxx.xxpredictiveHigh
32Filexxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
33Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
34Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
36Filexxxxxxx/xx_xxxxx_xxxx/xxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxxx.xxxpredictiveHigh
41Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
42Filexx_xxxx/xx_xxxxxx.xpredictiveHigh
43Filexxx_xxxxxxxx.xpredictiveHigh
44Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
45Filexxxxxx/xxx/xx/xxx.xpredictiveHigh
46Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx/xxxxxxxxx/xxxx-xxx.xxx.xxxpredictiveHigh
48Filexxxxxxx/xxxxx.xxxpredictiveHigh
49Filexxxxxxxxxxx_xxxxxx_xxxx.xxxx.xxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxxx/xxxx/xxxxxxx_xxxxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
53Filexxxxxxxx/xxxxxxxxpredictiveHigh
54Filexxxxx/xxxxx.xxpredictiveHigh
55Filexxxxxx/xx/xxxx.xxxpredictiveHigh
56Filexxxxxxxxx.xxxpredictiveHigh
57Argument$_xxxxxxx["xxx"]predictiveHigh
58ArgumentxxxxxxxpredictiveLow
59Argumentxxx_xxxxxxxxxxpredictiveHigh
60Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
61ArgumentxxxxxxxxxpredictiveMedium
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxxxxxxxxpredictiveHigh
64ArgumentxxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxxpredictiveMedium
66Argumentxxxxxx x xxx xxxxxxxxxxpredictiveHigh
67Argumentxxxxx/xxxxxxxxpredictiveHigh
68Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
69Argumentxxxxxx/xxxxxxxxxxxx/xxxxpredictiveHigh
70ArgumentxxxxxxxxxpredictiveMedium
71ArgumentxxxxpredictiveLow
72ArgumentxxpredictiveLow
73ArgumentxxxpredictiveLow
74ArgumentxxxpredictiveLow
75ArgumentxxxxxxxxxpredictiveMedium
76ArgumentxxxxpredictiveLow
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxpredictiveLow
81Argumentx_xxpredictiveLow
82Argumentxxxxxx xxxxpredictiveMedium
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxxxxpredictiveMedium
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxpredictiveLow
88ArgumentxxxxxpredictiveLow
89Input Valuexxxxx%xxxxxx.xxx ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!