DragonSpark Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh16
en10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Indexsinas1
Calypso1
DragonSpark1
Cobalt Strike1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System6
Not Defined6
Software Library2
Operating System2
Database Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
EmbedThis2
Grafana Labs2
Asus2
DJI2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

EmbedThis HTTP Library2
EmbedThis Appweb2
Joomla2
Grafana Labs Grafana2
Asus RT-AC68U2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Redis Lua sandbox6.36.3$0-$5k$0-$5kHighNot Defined0.971350.00CVE-2022-0543
2OpenVPN Access Server LDAP improper authentication8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004300.04CVE-2020-8953
3EmbedThis HTTP Library/Appweb httpLib.c authCondition improper authentication7.77.5$0-$5k$0-$5kHighOfficial Fix0.009270.04CVE-2018-8715
4Zendesk Support Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000000.00CVE-2023-23716
5Netty response splitting6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001670.02CVE-2022-41915
6Pureftpd pure-FTPd path traversal5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000420.03CVE-2011-3171
7DJI Drone AeroScope Protocol information disclosure3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001150.04CVE-2022-29945
8Oracle MySQL Server Privileges denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005640.04CVE-2018-2696
9Linksys Router hard-coded credentials9.89.6$0-$5k$0-$5kHighWorkaround0.000420.02CVE-1999-0508
10Cisco Linksys Router backdoor8.57.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.323330.03CVE-2013-5122
11Asus RT-AC68U/RT-AC5300 blocking_request.cgi buffer overflow5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.003850.02CVE-2021-45756
12Laravel FileCookieJar.php deserialization6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.04CVE-2022-30779
13Watchguard Firebox/XTM Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.841700.00CVE-2022-26318
14Joomla CMS Login sql injection9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.002010.00CVE-2006-1047
15Joomla improper authentication6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.002010.05CVE-2022-23795
16Grafana Labs Permission improper authentication9.89.6$0-$5k$0-$5kHighOfficial Fix0.972400.06CVE-2021-39226
17Grafana path traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.974740.03CVE-2021-43798
18WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
19WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.935360.05CVE-2022-21661
20Filter Portfolio Gallery Plugin Gallery Delete cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2021-24795

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
143.129.227.159DragonSpark01/31/2023verifiedHigh
2XXX.XX.XX.XXXXxxxxxxxxxx01/31/2023verifiedHigh
3XXX.XXX.XXX.XXXXxxxxxxxxxx01/31/2023verifiedHigh
4XXX.XXX.XXX.XXXXxxxxxxxxxx01/31/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1068CWE-264Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/public/plugins/predictiveHigh
2Fileblocking_request.cgipredictiveHigh
3Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
4Libraryxxxx/xxxxxxx.xpredictiveHigh
5Network Portxxx/xxxx (xx-xxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!