DarkHydrus Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (173)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en152
es6
de6
it4
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA164

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DarkHydrus (.iqy)2
DarkHydrus1
Cobalt Strike1
APT331
Loki Password Stealer (PWS)1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Content Management System16
Forum Software6
Operating System6
Groupware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Tiki4
Apple4
Softbiz2
Francisco Burzi2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X Server4
WordPress4
Tiki Wiki CMS Groupware2
Softbiz FAQ Script2
Francisco Burzi PHP-Nuke2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.51CVE-2010-0966
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869681.72CVE-2020-15906
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042772.43CVE-2006-6168
5PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.140281.83CVE-2007-1287
6Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000001.32
7jforum username User input validation5.35.3$0-$5k$0-$5kNot definedNot defined 0.004430.09CVE-2019-7550
8JForum jforum.page cross-site request forgery4.34.2$0-$5k$0-$5kNot definedNot defined 0.002690.02CVE-2022-26173
9Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot definedOfficial fix 0.002970.06CVE-2018-25085
10Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.002580.00CVE-2010-4240
11Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot definedNot defined 0.004990.41CVE-2009-2814
12Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial fix 0.005532.13CVE-2015-5911
13PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002850.20CVE-2007-0529
14Smartisoft phpBazar classified_right.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable 0.036360.03CVE-2006-2528
15JForum Login input validation6.56.5$0-$5k$0-$5kNot definedNot defined 0.002240.02CVE-2012-5338
16cpCommerce register.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable 0.004750.07CVE-2007-2968
17eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000001.42
18SimpleHelp Remote Support Software HTTP Request path traversal6.86.8$0-$5k$0-$5kHighNot definedverified0.934600.00CVE-2024-57727
19SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.010202.33CVE-2022-28959
20Wazzum Wazzum Dating Software profile_view.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.001690.30CVE-2009-0293

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • DarkHydrus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.130.88.9cm16.debounce.ioDarkHydrus12/22/2020verifiedLow
2XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx08/29/2021verifiedLow
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx12/16/2020verifiedLow
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx12/16/2020verifiedLow
5XXX.XX.XXX.XXXxxxxxxxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxXxxxxxxxxx12/22/2020verifiedLow

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/obs/book.phppredictiveHigh
4File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
5File/register.dopredictiveMedium
6File/spip.phppredictiveMedium
7File4.3.0.CP04predictiveMedium
8Fileadclick.phppredictiveMedium
9Fileaddentry.phppredictiveMedium
10Fileadd_comment.phppredictiveHigh
11Filebook.phppredictiveMedium
12Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxx/xxx.xpredictiveMedium
15Filexxxxxxx_xxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
21Filexxxx.xxxpredictiveMedium
22Filexxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxxpredictiveHigh
24Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveHigh
25Filexxx/xxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxxpredictiveMedium
29Filexxx/xxxx/xxx.xpredictiveHigh
30Filexxxxxxxxx.xpredictiveMedium
31Filexxxxxxx_xxxx.xxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxpredictiveMedium
37Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
38Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
39Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
40Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
41Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
44Filexxxx-xxxxxxxx.xxxpredictiveHigh
45Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxx-xxxxx.xxxpredictiveHigh
47Filexxxx-xxxxxxxx.xxxpredictiveHigh
48Filexxxx/xxxxxxxx.xxxpredictiveHigh
49Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
50Filexx-xxxxx.xxxpredictiveMedium
51Filexx-xxxxxxxx.xxxpredictiveHigh
52Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveHigh
53Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
54Argument$xxxxpredictiveLow
55ArgumentxxxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxpredictiveMedium
59Argumentxxxx_xxxxpredictiveMedium
60ArgumentxxxxxxxxxxpredictiveMedium
61ArgumentxxxxxxpredictiveLow
62Argumentxxxxxxxxx[x]predictiveMedium
63Argumentxx_xx_xxxx_xxxxpredictiveHigh
64Argumentxxxxx_xxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67Argumentxxxxxx/xxxxxpredictiveMedium
68ArgumentxxpredictiveLow
69Argumentxxxxxxxx_xxxpredictiveMedium
70Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxxxxxxxxxxxpredictiveHigh
73ArgumentxxxxxpredictiveLow
74Argumentxx_xxxxpredictiveLow
75ArgumentxxxxxxxxxxpredictiveMedium
76ArgumentxxpredictiveLow
77ArgumentxxxpredictiveLow
78ArgumentxxxxxpredictiveLow
79ArgumentxxxxpredictiveLow
80ArgumentxxxpredictiveLow
81ArgumentxxxxxxpredictiveLow
82Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
83Argumentxxxx_xxxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!