DarkHydrus Analysis

IOB - Indicator of Behavior (118)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en100
es8
fr4
sv2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us106

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

OpenSIS Community Edition2
PHP Link Directory2
Apple Mac OS X Server2
Softbiz FAQ Script2
JContentSubscription2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.790.04187CVE-2010-0966
3Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.040.01018CVE-2010-4240
4Smartisoft phpBazar classified_right.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.030.01319CVE-2006-2528
5JForum Login input validation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2012-5338
6jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04499CVE-2019-7550
7cpCommerce register.php cross site scripting4.34.2$0-$5kCalculatingHighUnavailable0.010.01319CVE-2007-2968
8SourceCodester Simple Online Book Store System book.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.160.00885CVE-2022-2770
9SourceCodester Simple Online Book Store book.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.230.00885CVE-2022-2747
10GraphicsMagick png.c ReadOneJNGImage use after free6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2017-15238
11Linux Kernel tcp.c __tcp_disconnect divide by zero5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01282CVE-2017-14106
12OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.610.00986CVE-2005-1612
13cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar path traversal6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2022-4065
14PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined1.000.01213CVE-2007-0529
15E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.060.00986CVE-2008-2867
16QEMU VGA Command vmware_vga.c vmsvga_fifo_run resource management6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01104CVE-2016-4453
17Fad Solutions DRZES HMS register_domain.php cross site scripting5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01213CVE-2005-4367
18Phorum register.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01213CVE-2007-0769
19Genetechsolutions Pie-Register wp-login.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.02255CVE-2013-4954
20Cisco Unified Communications Manager Call Detail Records Analysis/Reporting Page cross-site request forgery4.34.3$5k-$25k$0-$5kHighUnavailable0.010.01136CVE-2014-0740

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • DarkHydrus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (60)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/obs/book.phppredictiveHigh
3File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
4File/register.dopredictiveMedium
5File4.3.0.CP04predictiveMedium
6Fileadclick.phppredictiveMedium
7Fileaddentry.phppredictiveMedium
8Fileadd_comment.phppredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
11Filexxxxxx/xxx.xpredictiveMedium
12Filexxxxxxx_xxx.xxxpredictiveHigh
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxx.xxxpredictiveMedium
17Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveHigh
18Filexxx/xxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxx/xxxx/xxx.xpredictiveHigh
22Filexxxxxxxxx.xpredictiveMedium
23Filexxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxxxxx.xxpredictiveMedium
27Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
28Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
31Filexxxx-xxxxxxxx.xxxpredictiveHigh
32Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
33Filexxxx/xxxxxxxx.xxxpredictiveHigh
34Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
35Filexx-xxxxx.xxxpredictiveMedium
36Filexx-xxxxxxxx.xxxpredictiveHigh
37Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveHigh
38Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
39Argument$xxxxpredictiveLow
40ArgumentxxxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxpredictiveMedium
44Argumentxxxx_xxxxpredictiveMedium
45Argumentxx_xx_xxxx_xxxxpredictiveHigh
46ArgumentxxxxpredictiveLow
47Argumentxxxxxx/xxxxxpredictiveMedium
48ArgumentxxpredictiveLow
49Argumentxxxxxxxx_xxxpredictiveMedium
50Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
51ArgumentxxxxpredictiveLow
52ArgumentxxxxxpredictiveLow
53Argumentxx_xxxxpredictiveLow
54ArgumentxxxxxxxxxxpredictiveMedium
55ArgumentxxpredictiveLow
56ArgumentxxxpredictiveLow
57ArgumentxxxxpredictiveLow
58ArgumentxxxpredictiveLow
59Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
60Argumentxxxx_xxxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!