Dyre Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (305)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en290
fr8
it6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru138
us132
nl8
de8
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dyre7
RTM1
LinuxMoose1
LockBit1
Chthonic1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined52
Smartphone Operating System38
Operating System14
Content Management System12
Web Browser6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined46
Google36
Apple14
Microsoft12
Adobe8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android36
Apple tvOS6
Adobe Flash Player4
flatCore4
Lantronix xPrintServer4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.77CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
4Codoforum User Registration cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.00CVE-2020-5842
5Exponent CMS user.php getUserByName Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001630.00CVE-2016-7781
6JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.00CVE-2010-5048
7PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
8Grandstream GXP16xx VoIP SSH Configuration Interface command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002700.03CVE-2018-17565
9H Peter Anvin tftp-hpa memory corruption7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.097420.00CVE-2011-2199
10Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.38CVE-2015-5911
11Microsoft Internet Explorer gopher URI memory corruption7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.582610.00CVE-2002-0371
12OAuth/OpenID privileges management5.34.7$0-$5k$0-$5kUnprovenUnavailable0.000000.04
13Linux Kernel Crypto Subsystem input validation6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2018-14619
14vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.09CVE-2015-1419
15Sierra Wireless ALEOS SSH/Telnet Session information disclosure8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004480.00CVE-2015-2897
16AVTECH IP Camera/NVR/DVR CloudSetup.cgi command injection9.89.5$0-$5k$0-$5kNot DefinedUnavailable0.000000.00
17Zabbix Dashboard Page improper authentication8.28.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.355200.00CVE-2019-17382
18RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload6.15.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.17CVE-2024-0185
19Microsoft Windows COM+ Event System Service Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.001130.00CVE-2022-41033
20FreePBX index.php cross site scripting8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007730.00CVE-2012-4870

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
137.59.2.42ns399064.ip-37-59-2.euDyre08/30/2021verifiedHigh
264.70.19.202mailrelay.202.website.wsDyre06/01/2021verifiedHigh
369.195.129.75Dyre06/01/2021verifiedHigh
480.248.224.75Dyre08/30/2021verifiedHigh
585.25.134.53delta526.dedicatedpanel.comDyre08/30/2021verifiedHigh
685.25.138.12echo389.startdedicated.deDyre08/30/2021verifiedHigh
7XX.XX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedHigh
8XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx08/30/2021verifiedHigh
9XX.XX.XX.XXXxxx.xxxx.xx.xxXxxx08/30/2021verifiedHigh
10XX.XX.XXX.XXxxxxxxxxx.xx-xx-xx-xxx.xxXxxx08/30/2021verifiedHigh
11XX.XXX.XXX.XXXxxx06/01/2021verifiedHigh
12XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx08/30/2021verifiedHigh
13XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx08/30/2021verifiedHigh
14XXX.XXX.XX.XXXxxxxxxxxx-xxx-xx-xxx.xxxx-xxxxxxx.xxxXxxx08/30/2021verifiedHigh
15XXX.XX.XXX.XXXxxx08/30/2021verifiedHigh
16XXX.XXX.X.XXxxxxxxxxx.xxxXxxx08/30/2021verifiedHigh
17XXX.XXX.XX.XXXxxx08/30/2021verifiedHigh
18XXX.XXX.XX.XXXxxx08/30/2021verifiedHigh
19XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xx.xxxxxx.xxxXxxx06/01/2021verifiedHigh
20XXX.XXX.XX.XXXXxxx08/30/2021verifiedHigh
21XXX.XXX.XXX.XXXxxx.xxxxxxxxxx.xxXxxx08/30/2021verifiedHigh
22XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx08/30/2021verifiedHigh
23XXX.XX.XXX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxx.xxxXxxx08/30/2021verifiedHigh
24XXX.XXX.XXX.XXXxxx-xxx-xx.xxxx.xxxXxxx08/30/2021verifiedHigh
25XXX.XX.X.XXxxx-xx-x-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxx08/30/2021verifiedHigh
26XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxx-xxxxxx.xxxxXxxx06/01/2021verifiedHigh
27XXX.XXX.XXX.XXXXxxx07/28/2023verifiedHigh
28XXX.XXX.XXX.Xxxxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedHigh
29XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedHigh
30XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxxxxx.xxXxxx08/30/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=disa&view=formpredictiveHigh
2File/cgi-bin/admin/testserver.cgipredictiveHigh
3File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
4File/framework/modules/users/models/user.phppredictiveHigh
5File/iwguestbook/admin/badwords_edit.asppredictiveHigh
6File/iwguestbook/admin/messages_edit.asppredictiveHigh
7File/private/var/mobile/Containers/Data/ApplicationpredictiveHigh
8File/recordings/index.phppredictiveHigh
9Fileacp/core/files.browser.phppredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
12Filexxxxx/xxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx/xxx/xxx/xxx.xpredictiveHigh
15Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
16Filexxxx_xxxxxx.xpredictiveHigh
17Filexxxxxx/xxxx.xpredictiveHigh
18FilexxxxxxxpredictiveLow
19Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxx/xxx-xxxxxx.xpredictiveHigh
22Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
23Filexxxxxxx.xpredictiveMedium
24Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHigh
25Filexxxxxxxxx.xxxxpredictiveHigh
26Filexxxxx/xxxxxx_xpredictiveHigh
27Filexxxx-xxxxxxx.xxxpredictiveHigh
28Filexxxx_xxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx-xxx.xpredictiveMedium
31Filexxx/xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
33Filexxxx/xxxx/xxxxxx.xpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxx.xxpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxx/xxxxxxxx-xxxxx.xpredictiveHigh
40Filexxx_xxxx_xxxxxxxxx.xxpredictiveHigh
41Filexxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxxxx.xpredictiveMedium
44Filexxxx.xpredictiveLow
45Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
46Filexxxx/xxxxxxxxx/xxx::xxxxxxxxxxpredictiveHigh
47Libraryxxx/xxx.xpredictiveMedium
48ArgumentxxxxxxpredictiveLow
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxpredictiveLow
51ArgumentxxxpredictiveLow
52Argumentxxx_xxxpredictiveLow
53ArgumentxxxxxxpredictiveLow
54ArgumentxxxxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxxxxpredictiveLow
57ArgumentxxpredictiveLow
58ArgumentxxxxxpredictiveLow
59ArgumentxxxxxpredictiveLow
60Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
61ArgumentxxxxpredictiveLow
62Argumentxxxxx_xxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66Argumentxxxxxx_xxxxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72Argumentxxxxxxxx/xxxxpredictiveHigh
73Argumentxxxxxx_xxxxxxxxpredictiveHigh
74Input Value'>[xxx]predictiveLow
75Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
76Input ValuexxpredictiveLow
77Input Value[xxx][/xxx]predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!