D3F@ckLoader Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en14
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

DE: Germany12
RU: Russia2
TK: Tokelau2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

D3F@ckLoader5
Vidar3
RedLine Stealer2
Bashlite1
AcidPour1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Survey Software2
Web Server2
Business Process Management Software2
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
JetBrains2
Apache2
Proxy22
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

JetBrains Hub2
Apache UIMA2
Proxy2 Advanced Poll2
nginx2
Smarter Coffee Maker2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.03CVE-2010-0966
2Proxy2 Advanced Poll get_admin.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.060790.00CVE-2010-2003
3nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.17CVE-2020-12440
4Microsoft Windows SMB data processing7.57.4$25k-$100k$0-$5kNot definedOfficial fix 0.337380.08CVE-2019-0633
5Rarlab WinRAR ZIP File Parser out-of-bounds4.64.6$0-$5k$0-$5kNot definedOfficial fix 0.012390.07CVE-2022-43650
6Firebase PHP-JWT kid Header privilege escalation5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.010170.00CVE-2021-46743
7Apache UIMA PEAR Management FileUtil path traversal6.96.9$5k-$25k$5k-$25kNot definedNot defined 0.002130.00CVE-2022-32287
8TP-LINK EAP Controller RMI Service missing authentication8.58.5$0-$5k$0-$5kNot definedNot defined 0.157410.02CVE-2018-5393
9JetBrains Hub SAML Request privilege escalation5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.000260.00CVE-2022-25262
10Oracle Business Intelligence Enterprise Edition Analytics Web General Remote Code Execution9.89.4$100k and more$5k-$25kNot definedOfficial fixpossible0.692780.08CVE-2021-2456
11Oracle WebLogic Server Coherence Container Remote Code Execution9.89.4$100k and more$5k-$25kNot definedOfficial fix 0.226220.06CVE-2021-2135
12OpenLiteSpeed WebAdmin Console input validation9.89.6$0-$5k$0-$5kNot definedOfficial fix 0.005180.00CVE-2020-5519
13Smarter Coffee Maker Firmware Update improper authorization7.37.1$0-$5k$0-$5kNot definedOfficial fix 0.003090.00CVE-2020-15501
14WebsiteBaker cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.005720.00CVE-2015-0553
15Shopware Backend load input validation8.58.4$0-$5k$0-$5kHighOfficial fix 0.345890.05CVE-2016-3109

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.75.213.183static.183.213.75.5.clients.your-server.deD3F@ckLoader09/04/2024verifiedHigh
25.75.214.104static.104.214.75.5.clients.your-server.deD3F@ckLoader09/04/2024verifiedHigh
35.75.215.51static.51.215.75.5.clients.your-server.deD3F@ckLoader09/04/2024verifiedHigh
45.75.232.183static.183.232.75.5.clients.your-server.deD3F@ckLoader09/04/2024verifiedHigh
5XX.XX.XXX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
6XX.XX.XXX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
7XX.XX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxx@xxxxxxxx09/04/2024verifiedVery High
8XX.XX.XXX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
9XX.XXX.XX.Xxxxxxx.xx-xxx-xx-x.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
10XX.XXX.XXX.XXXxxxxxx.xx-xxx-xxx-xxx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
11XX.XXX.XXX.XXXxxxxxx.xx-xxx-xxx-xxx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
12XXX.XXX.X.XXXxxxxxx.xxx.x.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
13XXX.XXX.X.XXXxxxxxx.xxx.x.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
14XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx05/06/2024verifiedMedium
15XXX.XXX.X.XXXxxxxxx.xxx.x.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
16XXX.XX.XX.XXxxxxxx.xx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx@xxxxxxxx09/04/2024verifiedHigh
17XXX.XXX.XX.XXXXxx@xxxxxxxx05/06/2024verifiedHigh
18XXX.XX.XX.XXXXxx@xxxxxxxx09/04/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2TXXXXCAPEC-XXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebackend/Login/load/predictiveHigh
2Fileinc/config.phppredictiveHigh
3Filexxxx/xxx_xxxxx.xxxpredictiveHigh
4ArgumentxxxxxxxxpredictiveMedium
5Argumentxxxxx_xxxxpredictiveMedium
6Argumentxxxx_xxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!