DreamBus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (156)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

de90
en48
ja14
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us120
jp14
me4
th4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DreamBus6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined56
Content Management System18
Web Server8
Web Browser8
WordPress Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Apache10
Oracle10
Google6
SourceCodester4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome6
b2evolution4
Apache HTTP Server4
SourceCodester Library Management System4
Django4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.96CVE-2020-12440
2WikkaWiki wikka.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002630.00CVE-2013-5586
3OpenSSL OCSP Response OCSP_basic_verify certificate validation7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001520.04CVE-2022-1343
4Apache Wicket cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004040.00CVE-2011-2712
5ClamAV Antivirus MIME Parser input validation6.86.8$5k-$25k$5k-$25kNot DefinedNot Defined0.017280.04CVE-2019-15961
6Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2015-0988
7phpBB information disclosure9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002690.00CVE-2008-1766
8Joomla CMS sql injection7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.002640.05CVE-2013-1453
9jQuery IMG Element cross site scripting5.25.0$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2018-18405
10Oracle PeopleSoft Enterprise PeopleTools Elastic Search deserialization9.39.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.008110.00CVE-2022-1471
11F5 BIG-IP Virtual Server cryptographic issues5.75.7$5k-$25k$0-$5kNot DefinedNot Defined0.001280.04CVE-2019-6593
12Hitachi Replication Manager Expression Language expression language injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2022-4146
13SolidWorks Desktop DWG File use after free7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.002210.00CVE-2023-2763
14Schneider Electric StruxureWare Data Center DCE sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.03CVE-2023-37196
15Avast AntiVirus Driver aswSnx.sys denial of service4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2020-20118
16Undici HTTP Header crlf injection6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001260.00CVE-2023-23936
17FreeBSD Unix Domain Socket access control8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000450.00CVE-2019-5596
18Google Chrome Sandbox IPC race condition7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.002480.00CVE-2011-3080
19administrate OAuth cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000740.00CVE-2016-3098
20A-FTP Anonymous FTP Server Command memory corruption7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.002410.00CVE-2001-0794

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.46.6.1DreamBus01/17/2024verifiedHigh
210.0.0.0DreamBus06/28/2023verifiedHigh
392.204.243.155DreamBus09/01/2023verifiedHigh
4XX.XXX.XXX.XXXxxxx.x.xxxxxxxxx.xxXxxxxxxx08/10/2022verifiedHigh
5XX.XXX.XX.XXxx-xxx-xx-xx.xx-xxxx.xxxxxxx.xxxxXxxxxxxx08/10/2022verifiedHigh
6XXX.XXX.XX.XXxxxxxx.xx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx08/10/2022verifiedHigh
7XXX.XX.XXX.XXxxxxxxx06/28/2023verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxxx08/10/2022verifiedHigh
9XXX.XXX.XXX.XXXxxx.xx-xxx-xxx-xxx.xxXxxxxxxx08/10/2022verifiedHigh
10XXX.XX.X.XXxxxxxxx06/28/2023verifiedHigh
11XXX.XXX.X.XXxxxxxxx06/28/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/config/getuserpredictiveHigh
2File/index.php?action=seomatic/file/seo-file-linkpredictiveHigh
3File/librarian/bookdetails.phppredictiveHigh
4File/mgmt/tm/util/bashpredictiveHigh
5File/staff/bookdetails.phppredictiveHigh
6File/student/bookdetails.phppredictiveHigh
7File/text/pdf/PdfReader.javapredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxxxx/xxxxxx.xxx/xxxxxx.xxx.xxxpredictiveHigh
10Filexxxxxxx.xxpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxx-xxxxxx/xxxxxxxx/xxxx-xxxx.xxpredictiveHigh
16Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
17Filexxxx/xxxxpredictiveMedium
18Filexxxx.xxxpredictiveMedium
19Filexxxxxx/xxxxxpredictiveMedium
20Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveHigh
21Filexxxxxxx.xxpredictiveMedium
22Filexxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
23Filexxx_xxxxx_xxxxx.xpredictiveHigh
24Filexxxxxx/xxxxxxx/xxxxxxxxx/xxx/xxxxx_xxx.xxxpredictiveHigh
25Filexxxxx-xxxxxxx/xxx/xxxxx/xxxx_xxxxx/predictiveHigh
26Filexxxxxxxx.xpredictiveMedium
27Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
28Filexxxxxxxxx-xxxxxxxxxxxx-xxx/xxxx/xxxxx-xxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveHigh
33Libraryxxxxxxxx.xxxpredictiveMedium
34Libraryxxxxxx.xxxpredictiveMedium
35Libraryxxx/xxxxxxxx/xxxx.xxxpredictiveHigh
36Argumentxxxxx_xx/xxxxxpredictiveHigh
37Argumentxxxx_xxxxxxxxpredictiveHigh
38ArgumentxxxxxxpredictiveLow
39Argumentxxx_xxxpredictiveLow
40ArgumentxxxxpredictiveLow
41Argumentxx_xxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxxpredictiveMedium
43ArgumentxxpredictiveLow
44ArgumentxxpredictiveLow
45ArgumentxxxxxxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47Argumentxxxxx_xxpredictiveMedium
48ArgumentxxxxxxxxxpredictiveMedium
49Argumentxxxx_xxxxxxpredictiveMedium
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxx_xxpredictiveLow
52ArgumentxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictiveHigh
55ArgumentxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxpredictiveLow
58Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
59Input Value..\/predictiveLow
60Network Portxxx/xxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!