Darkkomet Analysisinfo

IOB - Indicator of Behavior (74)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en72
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Node.js4
Fail2ban2
Exim2
Jemjabella BellaBook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.00CVE-2010-0966
3Microsoft Windows TLS Schannel input validation4.84.6$25k-$100k$5k-$25kNot definedOfficial fix 0.073520.03CVE-2015-6112
4AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.004990.03CVE-2006-3681
5AccuSoft ImageGear allocate_buffer_for_jpeg_decoding out-of-bounds write8.58.4$0-$5k$0-$5kNot definedNot defined 0.001510.07CVE-2023-40163
6Clash for Windows Service Mode access control6.66.6$0-$5k$0-$5kNot definedNot defined 0.000730.02CVE-2022-40126
7Autodesk AutoCAD Image Processing memory corruption6.36.3$0-$5k$0-$5kNot definedNot defined 0.000470.00CVE-2021-40163
8Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow9.89.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.003080.05CVE-2024-1783
9Drag and Drop Multiple File Upload Plugin SVG File dnd_codedropz_upload cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.094140.00CVE-2022-0595
10Interactive Contact Form and Multi Step Form Builder Plugin cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.003800.00CVE-2023-4950
11Byzoro Smart S85F Management Platform unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000240.07CVE-2023-4121
12Byzoro Smart S85F Management Platform importhtml.php command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.655470.06CVE-2023-4120
13Campcodes Online Thesis Archiving System view_department.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.02CVE-2023-2144
14CodeIgniter DB_query_builder.php or_like sql injection8.68.6$0-$5k$0-$5kNot definedNot defined 0.000590.08CVE-2022-40829
15CodeIgniter DB_query_builder.php sql injection8.07.9$0-$5k$0-$5kNot definedNot defined 0.000560.04CVE-2022-40835
16centreon Contact Groups Form formContactGroup.php sql injection6.35.8$0-$5k$0-$5kNot definedOfficial fix 0.000340.06CVE-2022-3827
17Sourcecodehero ERP System Project processlogin.php sql injection8.17.9$0-$5kCalculatingProof-of-ConceptNot defined 0.000560.00CVE-2022-3118
18CPG Dragonfly CMS MSAnalysis Module index.php sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.013550.02CVE-2006-0727
19Sophos SFOS Administration Service/User Portal sql injection9.49.2$5k-$25k$0-$5kAttackedOfficial fixverified0.831910.02CVE-2020-12271
20ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot definedUnavailable 0.013550.00CVE-2006-2038

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.189.137.8vending.softjourn.if.uaDarkkomet01/24/2023verifiedMedium
212.167.151.119Darkkomet04/13/2022verifiedLow
320.72.235.82DarkKomet09/07/2022verifiedMedium
420.81.111.85DarkKomet09/07/2022verifiedMedium
523.49.102.35a23-49-102-35.deploy.static.akamaitechnologies.comDarkkomet06/03/2023verifiedMedium
623.221.227.172a23-221-227-172.deploy.static.akamaitechnologies.comDarkKomet09/07/2022verifiedMedium
735.205.61.6767.61.205.35.bc.googleusercontent.comDarkKomet09/07/2022verifiedMedium
8XX.XX.XXX.XXXXxxxxxxxx04/07/2022verifiedLow
9XX.XX.XXX.XXXxxxxxxxx04/07/2022verifiedLow
10XX.XX.XXX.XXXXxxxxxxxx04/07/2022verifiedLow
11XX.XX.XXX.Xxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxx04/13/2022verifiedVery Low
12XX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xxXxxxxxxxx09/07/2022verifiedMedium
13XX.XX.X.XXXXxxxxxxxx04/13/2022verifiedLow
14XX.XXX.XXX.XXXXxxxxxxxx06/03/2023verifiedMedium
15XX.XXX.XXX.XXXXxxxxxxxx04/08/2022verifiedLow
16XX.XXX.XXX.XXXXxxxxxxxx06/03/2023verifiedMedium
17XXX.XX.XXX.XXXxxxxxxxx04/13/2022verifiedLow
18XXX.XX.XXX.XXXxxxxxxxx04/13/2022verifiedLow
19XXX.XXX.XXX.XXXXxxxxxxxx09/24/2022verifiedMedium
20XXX.XXX.XX.XXXXxxxxxxxx09/07/2022verifiedMedium
21XXX.XX.XXX.XXxxxxxxxx-xxxxxx.xxxxxx.xxxXxxxxxxxx04/13/2022verifiedVery Low
22XXX.XXX.X.XXXxxxxxxxx04/25/2023verifiedMedium
23XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxxx04/07/2022verifiedLow
24XXX.XXX.XXX.XXXxxxxxxxx09/24/2022verifiedMedium
25XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxx09/07/2022verifiedMedium
26XXX.XXX.XXX.XXxxxxxxxx.xx-xxx-xxx-xxx.xxXxxxxxxxx09/07/2022verifiedMedium
27XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxxx01/24/2023verifiedMedium
28XXX.XX.XX.XXXXxxxxxxxx09/07/2022verifiedMedium
29XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx12/06/2021verifiedLow
30XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx04/07/2022verifiedLow
31XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx04/07/2022verifiedLow
32XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxxx04/13/2022verifiedVery Low

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/departments/view_department.phppredictiveHigh
2File/cgi-bin/cstecgi.cgipredictiveHigh
3File/pages/processlogin.phppredictiveHigh
4File/SCRIPTPATH/index.phppredictiveHigh
5Fileadmin/index.phppredictiveHigh
6Fileauth-gss2.cpredictiveMedium
7Filexxxxxxx.xxpredictiveMedium
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxxpredictiveMedium
13Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxx.xxxpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxx_xxxx.xxxpredictiveHigh
18Filexxx?xxxx.xxxpredictiveMedium
19Filexxxx.xpredictiveLow
20Filexxxx.xxxpredictiveMedium
21Filexxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
24Filexxxx-xxxxxx.xpredictiveHigh
25Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxxx.xpredictiveHigh
27Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
28Library/xxx/xxx/xxxx.xxxpredictiveHigh
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxpredictiveLow
31ArgumentxxxxpredictiveLow
32ArgumentxxxpredictiveLow
33Argumentxxx_xxpredictiveLow
34Argumentxx_xxpredictiveLow
35Argumentxxxx_xxpredictiveLow
36ArgumentxxxxxxpredictiveLow
37Argumentxxxxxxx-xxxxxxpredictiveHigh
38Argumentxxxx_xxxxxxpredictiveMedium
39ArgumentxxpredictiveLow
40Argumentxxxx_xxxxpredictiveMedium
41ArgumentxxpredictiveLow
42ArgumentxxxxxpredictiveLow
43Argumentxx_xxxxpredictiveLow
44ArgumentxxxxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxxpredictiveLow
47ArgumentxxxxpredictiveLow
48Input Value=x' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
49Input Valuexxx?xxxx.xxxpredictiveMedium

References (10)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!