DazzleSpy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (13)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh10
en4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DazzleSpy1
Cobalt Strike1
ShadowPad1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined4
Network Encryption Software2
Router Operating System2
E-Commerce Management Software2
Jenkins Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

DPTech2
Ubiquiti2
SourceCodester2
osCommerce2
TrueConf2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

DPTech VPN2
Ubiquiti EdgeMAX EdgeRouter2
SourceCodester Guest Management System2
osCommerce Online Merchant2
TrueConf Server2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TrueConf Server sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006560.04CVE-2022-46764
2NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
3AddToAny Share Buttons Plugin Image Button Setting cross site scripting2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.03CVE-2021-24616
4DPTech VPN information disclosure3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.001500.02CVE-2022-34593
5Apache Tomcat Request Header information disclosure5.65.6$5k-$25k$5k-$25kNot DefinedNot Defined0.003000.04CVE-2020-17527
6Ganglia Ganglia-web Remote Code Execution7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.214700.03CVE-2012-3448
7Openfind Mail2000 Access Control privileges management6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000870.02CVE-2020-12776
8SourceCodester Guest Management System myform.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001380.00CVE-2022-2811
9osCommerce Online Merchant unknown vulnerability5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002140.00CVE-2012-2991
10Oracle Database Oracle Application Express unknown vulnerability5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2020-2973
11Minio Console Operator Console missing authentication8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.053830.00CVE-2021-41266
12Ubiquiti EdgeMAX EdgeRouter Firmware Update channel accessible8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003150.04CVE-2021-22909
13Active Choices Plugin cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2021-21616

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
188.218.192.12888.218.192.128.static.xtom.comDazzleSpy03/05/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filemyform.phppredictiveMedium
2ArgumentxxxxpredictiveLow
3Argumentxx_xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!