Dust Storm Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en968
zh32

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn996
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mirai4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined230
Web Browser34
Operating System22
Smartphone Operating System20
Image Processing Software18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined216
Oracle34
Apple34
Google32
Microsoft16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome20
Qualcomm Snapdragon Auto14
Qualcomm Snapdragon Mobile14
Qualcomm Snapdragon Consumer IOT12
Qualcomm Snapdragon Industrial IOT12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1librsvg URL Decoder path traversal4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.08CVE-2023-38633
2Pluck CMS Installation install.php cross site scripting3.53.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000510.03CVE-2023-5013
3Windriver VxWorks input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.011320.05CVE-2013-0716
4Windriver VxWorks cryptographic issues7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002090.05CVE-2010-2967
5Windriver VxWorks Hardcoded Credentials credentials management7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.004190.04CVE-2010-2966
6Cisco RV340 Web-based Management Interface memory corruption5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.006990.04CVE-2020-3451
7jeecgboot JimuReport Template injection7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.004570.00CVE-2023-4450
8Adminer adminer.php server-side request forgery7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020920.05CVE-2021-21311
9Moment.js path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.16CVE-2022-24785
10ajenti API privileges management7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.012850.16CVE-2019-25066
11python-jwt authentication spoofing8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.28CVE-2022-39227
12Oracle MySQL Server Client programs unknown vulnerability5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2023-22053
13Google Cloud Platform Security Operations permission5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.07
14ejs unknown vulnerability3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.24CVE-2024-33883
15lodash Template command injection4.74.7$0-$5k$0-$5kNot DefinedOfficial Fix0.006060.04CVE-2021-23337
16Microsoft IIS memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.867420.04CVE-2007-2897
17Synology DiskStation Manager sql injection4.74.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.03CVE-2021-43925

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Dust Storm

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
16.9.2.1Dust StormDust Storm12/23/2020verifiedHigh
223.238.229.128Dust StormDust Storm12/23/2020verifiedHigh
327.255.72.68Dust StormDust Storm12/23/2020verifiedHigh
427.255.72.69Dust StormDust Storm12/23/2020verifiedHigh
527.255.72.78Dust StormDust Storm12/23/2020verifiedHigh
659.120.59.259-120-59-2.hinet-ip.hinet.netDust StormDust Storm12/23/2020verifiedHigh
759.188.13.133Dust StormDust Storm12/23/2020verifiedHigh
8XX.XXX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
9XX.XXX.XXX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
10XX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
11XXX.X.X.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
12XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
13XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
14XXX.XXX.XX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
15XXX.XXX.XX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
16XXX.XX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
17XXX.XX.XXX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
18XXX.XXX.XXX.XXxxxxxx-xx-xx-xxx-xxx-xxx.xxx.xxxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
19XXX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
20XXX.XX.XX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
21XXX.XXX.XXX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
22XXX.XX.XX.XXxxx.xxxxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
23XXX.XXX.XXX.XXXxxx.xxxx.xxx.xxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
24XXX.XXX.XXX.XXXxxxxx.xxxx.xxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
25XXX.XXX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
26XXX.XX.XX.XXXxx.xx.xx.xxxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
27XXX.X.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
28XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
30XXX.XXX.XX.XXXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
31XXX.XX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
32XXX.XX.XX.XXXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
33XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh
34XXX.XX.XXX.XXXxxx XxxxxXxxx Xxxxx12/23/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (174)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/admin.php?p=/Area/index#tab=t2predictiveHigh
3File/adminPage/www/addOverpredictiveHigh
4File/gateway/services/EdgeServiceImplpredictiveHigh
5File/goform/net\_Web\_get_valuepredictiveHigh
6File/goform/WriteFacMacpredictiveHigh
7File/HNAP1predictiveLow
8File/Maintenance/configfile.cfgpredictiveHigh
9File/module/comment/savepredictiveHigh
10File/restpredictiveLow
11File/rootpredictiveLow
12File/scripts/unlock_tasks.phppredictiveHigh
13File/topicpredictiveLow
14File/upload/localhostpredictiveHigh
15File/wp-admin/admin-ajax.phppredictiveHigh
16Fileaccount/login.phppredictiveHigh
17FileActiveMQConnection.javapredictiveHigh
18FileActivityManagerService.javapredictiveHigh
19Fileadmin/app/mediamanagerpredictiveHigh
20Filexxxxx/xxx/xxxxxxxx/xxxxxxxxxxxx.xxxx?xxx_xxxx=xxxpredictiveHigh
21Filexxxxx/xxxxxx.xxxpredictiveHigh
22Filexxxxx/xxxxxxxx/xxxxxxxxxxxx?xx=xxpredictiveHigh
23Filexxxxx/_xxxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictiveHigh
26Filexxx.xxx/xxx/xxxxxxpredictiveHigh
27Filexxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
28Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx_xxxxxxx.xxxxx.xxxpredictiveHigh
29Filexxxxx/xxx_xxxx.xpredictiveHigh
30Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
31Filexxxxxx/xxxxxx/predictiveHigh
32Filexxxxxxxxx-xxxxxxx/xxx/xxxx/xxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xxxxpredictiveHigh
33Filexxx_xx_xxx.xxpredictiveHigh
34Filexxxxxxxxxx.xpredictiveMedium
35Filexxxxx.xxpredictiveMedium
36Filexxx-xxx/xxxx/xxxxx/xxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
37Filexxx.xxxxxxxx.xxxxxxx.xxx.xxx.xxxxxxxxxxxxxpredictiveHigh
38Filexxxxxxxxxx/xxx.xxpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxx/xxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
42Filexxxxxx_x_x.xxxpredictiveHigh
43Filexxxxxxxxx_xxx_xxxxxx_xxx/predictiveHigh
44Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxx/xxxx.xpredictiveHigh
45Filexxxxxxx/xx/xxxxxxxx.xpredictiveHigh
46Filexxx_xxx.xpredictiveMedium
47Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
48Filexxx-xxxxx.xpredictiveMedium
49Filexxx/xxxxxx/xxx/?xxxxxx=xxxx&xx=xxxpredictiveHigh
50Filexxxxxxxx_xxx.xpredictiveHigh
51Filexxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
53Filexxxxxxxx.xxpredictiveMedium
54Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexx/xxxx/xxxxx.xpredictiveHigh
56Filexxxxxxxxxx.xpredictiveMedium
57Filexxxxxx/xxxx/xxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxxxx.xxxpredictiveMedium
60Filexxxx/xxxx.xpredictiveMedium
61Filexxxxxxxx/xxxx.xxxpredictiveHigh
62Filexxxxxxxx/xxxxx-xxx-xxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxx.xxx?x=/xxxxx/xxxxxx/xxxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
65Filexxxxx_xxxxxx.xxxpredictiveHigh
66Filexxxxxxx.xxxpredictiveMedium
67Filexxxxxxxxxxxxxxx.xxxxx.xxxxxxpredictiveHigh
68Filexxxxxxxx/xxxxx_xxxxxx.xxxpredictiveHigh
69Filexxxxxxxxxxx.xxpredictiveHigh
70Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
71Filexxxxxxxx.xpredictiveMedium
72Filexxx.xpredictiveLow
73Filexxxxxxx/xxxxx.xpredictiveHigh
74Filexxxxxx.xpredictiveMedium
75Filexxxxxx_xxxx_xx_xx_xxx.xpredictiveHigh
76Filexxxxxxx/xxxxx_xxxx.xxxpredictiveHigh
77Filexxxx.xpredictiveLow
78Filexxxxxxxx.xxxpredictiveMedium
79Filexxxxxx.xpredictiveMedium
80Filexxxxxxxx.xxxpredictiveMedium
81Filexxxxx.xpredictiveLow
82Filexxx/xxxxxxxxxx/xxxxxx.xpredictiveHigh
83Filexxx/xxxx/xx_xxxx.xpredictiveHigh
84Filexxxxxx.xpredictiveMedium
85Filexxxx_xxxx.xxxpredictiveHigh
86Filexxxxx/xxxx-xxxxx.xxxpredictiveHigh
87Filexxxxxxxx.xxxpredictiveMedium
88Filexxxx.xxxpredictiveMedium
89Filexxxxxxxxxxxxxx.xxxpredictiveHigh
90Filexxxxxxxx_xxx.xxxpredictiveHigh
91Filexx-xxxxx/xxxxx.xxx?xxx=xxxx&xxx=xxxxxxpredictiveHigh
92Filexxxxxxx.xxxpredictiveMedium
93Filexxxxxx/xxx.xxxpredictiveHigh
94Filexxxxx.xxxpredictiveMedium
95Filex/xxxxx/xxxxxxx/xxxx/xxxpredictiveHigh
96Filexxxxxx-xxx-xxxx.xpredictiveHigh
97Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
98Filexxxxxxxxxx.xpredictiveMedium
99Filexxxxxx/xxxx_xxxxxxx?xxxpredictiveHigh
100Filexxxxxxxxxxxx/xxxxx.xxpredictiveHigh
101Filexxxxx/xxxx_xxxx.xpredictiveHigh
102Filexxx.xxxpredictiveLow
103Filexxxx/xxxx.xxxpredictiveHigh
104Filexxxxx/x/xxxxpredictiveMedium
105Filexxxx_xxxxxx.xxxpredictiveHigh
106Filexxx_xxxxxx.xpredictiveMedium
107FilexxxxxxxxxxpredictiveMedium
108Filexxxxxxxxxxxxx.xxxpredictiveHigh
109Filexxxxxxxxxxx.xxxpredictiveHigh
110Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxxx_xxxx_xxxxxxxpredictiveHigh
111Filexxxxxxxx.xpredictiveMedium
112Libraryxxxxxxxxx.xxxpredictiveHigh
113Libraryxxx/xxxx/xxxxxxxxxx.xxpredictiveHigh
114Libraryxxxxxxx_xxxxx_xxxxxxpredictiveHigh
115Libraryxxxxx.xxxpredictiveMedium
116Libraryxxxxxx/xxxx/xxxxxx/xxxxx.xpredictiveHigh
117Libraryxxxxx.xxxpredictiveMedium
118Libraryxxxxx.xxxpredictiveMedium
119Argument-xpredictiveLow
120ArgumentxxxxxxxxxxxpredictiveMedium
121Argumentxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxx/xxxxx/xxxxx_xxxxxxxpredictiveHigh
122ArgumentxxxxxpredictiveLow
123Argumentxxxxxxx/xxxxxxxxpredictiveHigh
124ArgumentxxxxxxxxpredictiveMedium
125Argumentxxxxxxx/xxxxpredictiveMedium
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxxpredictiveLow
128ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
129ArgumentxxxpredictiveLow
130ArgumentxxxxxxpredictiveLow
131Argumentxxxxx_xxxxpredictiveMedium
132Argumentxxxxxx[xxxxxxxxxxxxxx]predictiveHigh
133Argumentxxxxxxxxx/xxxxxxxxxx/xxxxx/xxxxxxx/xxxxxxx/xxxxxxxxpredictiveHigh
134ArgumentxxxxpredictiveLow
135ArgumentxxxxxxpredictiveLow
136ArgumentxxxpredictiveLow
137ArgumentxxxxxxxpredictiveLow
138ArgumentxxxpredictiveLow
139Argumentx_xxpredictiveLow
140ArgumentxxxxpredictiveLow
141Argumentxxxx_xxpredictiveLow
142ArgumentxxxxxxxxpredictiveMedium
143ArgumentxxxpredictiveLow
144Argumentxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
145ArgumentxxxxxpredictiveLow
146Argumentxxx_xxxxxpredictiveMedium
147ArgumentxxxxxxxxpredictiveMedium
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxxxxpredictiveMedium
150Argumentxxxx_xxpredictiveLow
151ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
152ArgumentxxxxxxxxxxxxxxpredictiveHigh
153ArgumentxxxxxxpredictiveLow
154ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
155ArgumentxxxxxxxxxxxxxxxpredictiveHigh
156Argumentxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
157ArgumentxxxpredictiveLow
158ArgumentxxxxpredictiveLow
159Argumentxxxxxx-xxxpredictiveMedium
160Argumentxxxxxx xxxxx/xxxxxx xxxxpredictiveHigh
161ArgumentxxxxxxxxxpredictiveMedium
162ArgumentxxxxxxxxxxpredictiveMedium
163Input Value../predictiveLow
164Input Valuex xxx xxxxx(x)predictiveHigh
165Input Value<?xxxpredictiveLow
166Input Value<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh
167Input Valuexxxx@xxpredictiveLow
168Input Valuexxxxxxxxxx&#x;:xxxxxpredictiveHigh
169Input Valuexxxx=xxx-xxxxxxxx-xxxxxxxpredictiveHigh
170Network PortxxxxpredictiveLow
171Network Portxxx/xx (xxx)predictiveMedium
172Network Portxxx/xxxpredictiveLow
173Network Portxxx/xxxxpredictiveMedium
174Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!