DanaBot Analysis

IOB - Indicator of Behavior (437)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en364
de22
zh16
ru10
it8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us300
cn62
at16
gb14
de10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Joomla CMS10
Apple iOS8
IBM DB28
WordPress6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.04499CVE-2019-7550
3MyBB newthread.php cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01213CVE-2006-1717
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.140.04187CVE-2010-0966
5Microsoft Outlook Privilege Escalation5.64.9$5k-$25k$0-$5kUnprovenOfficial Fix0.050.01789CVE-2021-31949
6vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.420.01136CVE-2015-1419
7Liferay Portal privileges management9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.20307CVE-2011-1571
8Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix1.090.29797CVE-2014-4078
9nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined8.300.00000CVE-2020-12440
10WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01974CVE-2017-5611
11Daimler Mercedes Comand Navigation Route Calculation data processing6.26.1$0-$5k$0-$5kFunctionalUnavailable0.010.00885CVE-2018-18070
12ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.70009CVE-2019-12815
13OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.840.49183CVE-2016-6210
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable2.770.02800CVE-2007-0354
15Zabbix sql injection8.58.2$0-$5k$0-$5kHighOfficial Fix0.020.84003CVE-2013-5743
16Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.04386CVE-2004-0300
17WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.11157CVE-2022-21661
18Joomla CMS sql injection8.68.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00954CVE-2015-8769
19Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.780.25090CVE-2017-0055
20Microsoft Office Excel Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.030.04844CVE-2021-31939

IOC - Indicator of Compromise (40)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.8.55.205carpbaboon.comDanaBotverifiedHigh
25.9.224.217static.217.224.9.5.clients.your-server.deDanaBotverifiedHigh
323.106.122.14DanaBotverifiedHigh
423.106.123.224DanaBotverifiedHigh
523.254.226.52client-23-254-226-52.hostwindsdns.comDanaBotverifiedHigh
631.214.157.12mail.private-mail.nlDanaBotverifiedHigh
745.147.231.79DanaBotverifiedHigh
846.173.218.13DanaBotverifiedHigh
9XX.XX.XXX.XXXXxxxxxxverifiedHigh
10XX.XX.XX.XXXXxxxxxxverifiedHigh
11XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxverifiedHigh
12XX.XXX.XX.XXXXxxxxxxverifiedHigh
13XX.XXX.XX.XXXXxxxxxxverifiedHigh
14XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxxxxxxverifiedMedium
15XXX.XX.XXX.XXXxxxxxxxxxxxx.xxxxxxxx.xxxxxxxxxxxxx.xxx.xxXxxxxxxverifiedHigh
16XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxverifiedHigh
17XXX.XX.XX.XXXxxxxxxverifiedHigh
18XXX.XXX.X.XXXxxxxxxverifiedHigh
19XXX.XXX.X.XXXXxxxxxxverifiedHigh
20XXX.XXX.X.XXXXxxxxxxverifiedHigh
21XXX.XXX.X.XXXXxxxxxxverifiedHigh
22XXX.XXX.XXX.XXxxx.x.xxxxxxx.xxxxxXxxxxxxverifiedHigh
23XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxxxxverifiedHigh
24XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxxxverifiedMedium
25XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
26XXX.XXX.XX.XXxxxxxxx.xxxxxxxxxxx.xx.xxXxxxxxxverifiedHigh
27XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
28XXX.XXX.XXX.XXXxxxxxxverifiedHigh
29XXX.XX.XXX.XXxxx-xx-xxx-xx.xx.xxxxx.xxx.xxXxxxxxxverifiedHigh
30XXX.XX.XXX.XXxxxxxxxxx.xxXxxxxxxverifiedHigh
31XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
32XXX.XX.XXX.XXxx.xxx.xx.xxx.xx-xxxx.xxxxXxxxxxxverifiedHigh
33XXX.XX.XXX.XXxx.xxx.xx.xxx.xx-xxxx.xxxxXxxxxxxverifiedHigh
34XXX.XXX.XXX.XXxxxxx-xxxxxx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
35XXX.XXX.XXX.Xxxxxxx-xxx-xxx-xxx-x.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
36XXX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
37XXX.XX.XX.XXxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
38XXX.XX.XXX.XXXxxxxxxverifiedHigh
39XXX.XX.XXX.XXXxxxxxxverifiedHigh
40XXX.XXX.XX.XXXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (186)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/account/ResetPasswordpredictiveHigh
3File/addnews.htmlpredictiveHigh
4File/cm/deletepredictiveMedium
5File/downloadpredictiveMedium
6File/forum/away.phppredictiveHigh
7File/GetSimpleCMS-3.3.15/admin/log.phppredictiveHigh
8File/lms/admin.phppredictiveHigh
9File/my_photo_gallery/image.phppredictiveHigh
10File/redpass.cgipredictiveMedium
11File/reps/classes/Users.php?f=delete_agentpredictiveHigh
12File/rom-0predictiveLow
13File/secure/admin/ImporterFinishedPage.jspapredictiveHigh
14File/uncpath/predictiveMedium
15File/usr/ucb/mailpredictiveHigh
16Fileadclick.phppredictiveMedium
17Fileadd-category.phppredictiveHigh
18Fileadd_comment.phppredictiveHigh
19Fileadmin.phppredictiveMedium
20Fileadmin/admin.shtmlpredictiveHigh
21Fileadmin/content.phppredictiveHigh
22Filexxxxx/xxxx.xxx?xxxx=xxxxxx_x&xxxx_xxxxpredictiveHigh
23Filexx_xxxxxxxxxx.xxxpredictiveHigh
24Filexxx_xxxxxxx.xxxpredictiveHigh
25Filexxxx-xxxx.xpredictiveMedium
26Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
27Filexxx_xxxxxx_xxxx.xxxpredictiveHigh
28Filexxxx.xpredictiveLow
29Filexxx.xxxpredictiveLow
30Filexxx-xxx/xxxxxxx.xxpredictiveHigh
31Filexxx-xxx/xx.xxxpredictiveHigh
32Filexxxx_xxx.xxxpredictiveMedium
33Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
34Filexxxx/xxxxxx/xxxx/xxxx_xxxxxxxx_xxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx/xxxx_xxxxxxxx_xxxx_xxxx_xxxxxx.xxxpredictiveHigh
35Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxx.xpredictiveMedium
37Filexxxx_xxxxx.xxxpredictiveHigh
38Filexxxx/xxxxx.xxxpredictiveHigh
39Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
40Filexxxxxx/xxxpredictiveMedium
41Filexxxxxxx/xxx/xxx/xxxx_xxxxxxx.xpredictiveHigh
42Filexxxx_xxxxx/xxxxx_xxx.xxxpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
46Filexxx/xxxx/xxxx.xpredictiveHigh
47Filexxx/xxxx/xxx.xpredictiveHigh
48Filexxx.xxxpredictiveLow
49Filexxxxxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxxx_xxxxxxx.xxxpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
53Filexx-xxxxxxx/xxxxxxxpredictiveHigh
54Filexxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
55Filexxx/xxxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxx.xxxpredictiveHigh
58Filexxxxx.xxxpredictiveMedium
59Filexxxx.xxxpredictiveMedium
60Filexxxx_xxxx.xxxpredictiveHigh
61Filexxxxxxxxx.xpredictiveMedium
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxxxxx.xpredictiveMedium
64Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
65Filexxxxx.xxxxpredictiveMedium
66Filexxxxx.xxxpredictiveMedium
67Filexxxxx_xx.xxxxpredictiveHigh
68Filexxxxxx.xxxpredictiveMedium
69Filexxx/xxxxxx.xpredictiveMedium
70Filexxxxxxxxx.xxxpredictiveHigh
71Filexxx_xxxxx.xpredictiveMedium
72Filexxxxx.xxxpredictiveMedium
73Filexxxxxxxx/xxx/xxxx_xxxxxxxxx/xxxx_xxxxxx_xxxxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
74Filexxxxxxxx.xxxpredictiveMedium
75Filexxxxxx.xpredictiveMedium
76Filexxxxxxx.xxxpredictiveMedium
77Filexxxx.xxxpredictiveMedium
78Filexxxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxx.xxpredictiveMedium
80Filexxxxxxx_xxxx.xxxpredictiveHigh
81Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
82Filexxxx.xxxpredictiveMedium
83Filexxxxx.xxxpredictiveMedium
84Filexxxxxxxx.xxxpredictiveMedium
85Filexxxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
87Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
88Filexxxxxxxxxxx-xxxxxxx.xxxpredictiveHigh
89Filexxxxx.xpredictiveLow
90Filexxxxxx.xxpredictiveMedium
91Filexxxxxxxxxxxxx.xxxxpredictiveHigh
92Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
93Filexxxxxxxx.xxxpredictiveMedium
94Filexxxxx.xxxpredictiveMedium
95Filexxxxx/xxxxx.xxxpredictiveHigh
96Filexxxx.xxxpredictiveMedium
97Filexxxxxxxxxxxxxx.xxxpredictiveHigh
98Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
99Filexxxx.xx.xxpredictiveMedium
100Filexxxxxx.xxxpredictiveMedium
101Filexxxxxxxxx.xxxpredictiveHigh
102Filexxxxxxxx.xxxpredictiveMedium
103Filexxxxxx.xxxpredictiveMedium
104Filexxx.xxxpredictiveLow
105Filexxxxxxxx.xxxpredictiveMedium
106Filexxxxx/xxxxx.xxpredictiveHigh
107Filexxxx_xxxx.xxxpredictiveHigh
108Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxxxxxx_xxx_xxxxx_xxxxxx_xxxx&xxx_xxx=xxxx_xxxxpredictiveHigh
109Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
110Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
111Filexx-xxxxx.xxxpredictiveMedium
112Filexxxx.xxpredictiveLow
113Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
114Filexxxx/xxxx_xxxxxx.xpredictiveHigh
115File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
116Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxx.xxxpredictiveHigh
117Libraryxxxxxxxxxxx.xxxpredictiveHigh
118Libraryxxxxxxxx.xxxpredictiveMedium
119LibraryxxxxxxpredictiveLow
120Libraryxxxxxx.xxxpredictiveMedium
121Argument$xxxxpredictiveLow
122Argumentxxxxxxxx_xxxxpredictiveHigh
123Argumentxxx_xxxxpredictiveMedium
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxxxpredictiveLow
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxxpredictiveLow
128ArgumentxxxpredictiveLow
129ArgumentxxxxxxxxxpredictiveMedium
130Argumentxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
131Argumentxxx_xxpredictiveLow
132ArgumentxxxxxpredictiveLow
133Argumentxxxxxxxx_xxxxxpredictiveHigh
134ArgumentxxxxxxxxxxxxxxxpredictiveHigh
135Argumentxxxx_xxpredictiveLow
136ArgumentxxxxxxpredictiveLow
137Argumentxxxxxxx_xxxx_xxxxpredictiveHigh
138ArgumentxxxxxxxxpredictiveMedium
139ArgumentxxxxpredictiveLow
140ArgumentxxpredictiveLow
141Argumentxx/xxxxxxpredictiveMedium
142Argumentxxx_xxxxxxxxxxxpredictiveHigh
143ArgumentxxxxxpredictiveLow
144Argumentxxxxxxxx?xxxxxxxxx/xxxxxxx/xx_xxxx_xxxxpredictiveHigh
145ArgumentxxxxxxxxxpredictiveMedium
146ArgumentxxpredictiveLow
147ArgumentxxxxxxpredictiveLow
148Argumentxxx_xxxxxxxxpredictiveMedium
149ArgumentxxxxpredictiveLow
150ArgumentxxxxxxpredictiveLow
151Argumentx_xxpredictiveLow
152Argumentxx_xxxx_xxxxpredictiveMedium
153ArgumentxxxxxxxxpredictiveMedium
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxxxxxxxxpredictiveMedium
156Argumentxxxxxxxx_xxxxxxpredictiveHigh
157Argumentxxxx_xxpredictiveLow
158ArgumentxxxxpredictiveLow
159ArgumentxxxxpredictiveLow
160ArgumentxxxxxxxxxxxpredictiveMedium
161ArgumentxxxxxxxpredictiveLow
162Argumentxxxxx_x/xxxxx_x_xxxx/xxxxx_x_xxxx_xxxxxxxxpredictiveHigh
163Argumentxxxxxx xxxxx/xxxxxx xxxxpredictiveHigh
164ArgumentxxxpredictiveLow
165ArgumentxxxxpredictiveLow
166Argumentx_xxxxxxpredictiveMedium
167ArgumentxxxpredictiveLow
168Argumentxxxx-xxxxx/xxxxxxxpredictiveHigh
169ArgumentxxxxxxpredictiveLow
170ArgumentxxxxxxxxpredictiveMedium
171Argumentxxxxxxxxxxxxxxxxxx=xxxx:/xxxxxxxxx:xxxx/xxxxxxxxxxxxx/predictiveHigh
172ArgumentxxxxxpredictiveLow
173Argumentxxxx->xxxxxxxpredictiveHigh
174Argument_xpredictiveLow
175Input Value../predictiveLow
176Input Value/%xxpredictiveLow
177Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveHigh
178Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
179Input Valuexxxxx%xxxx%xxxx%xxxxxxxxxx%xxxxxxxxx%xxxxx%xxxx%xxxx%xxxxxxxxxx%xxxxxxxxx=xpredictiveHigh
180Input Valuexxx_xxxxxxxxpredictiveMedium
181Input Value\xpredictiveLow
182Network PortxxxxxpredictiveLow
183Network Portxxx/xxxx (xx-xxx)predictiveHigh
184Network Portxxx/xxxx (xx-xxx)predictiveHigh
185Network Portxxx/xxxx (xx-xxx-xxxxxxx)predictiveHigh
186Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!