Darkkomet Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (74)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	72
de	2

Country

US: USA	56
RU: Russia	12
JP: Japan	2
IR: Iran	2

Actors

Darkkomet	5
Glupteba	1
Ramnit	1
Zusy	1
Shadowbrokers	1

Activities

Interest

Timeline

Type

Not Defined	26
Content Management System	10
JavaScript Library	6
Mail Server Software	2
Router Operating System	2

Vendor

Not Defined	30
Jemjabella	2
Cisco	2
Comcast	2
AccuSoft	2

Product

WordPress	6
Node.js	4
Fail2ban	2
Exim	2
Jemjabella BellaBook	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	possible	0.02956	0.00	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00970	0.00	CVE-2010-0966
3	Microsoft Windows TLS Schannel input validation	4.8	4.6	$25k-$100k	$5k-$25k	Not defined	Official fix		0.07352	0.03	CVE-2015-6112
4	AWStats Config awstats.pl cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix		0.00499	0.03	CVE-2006-3681
5	AccuSoft ImageGear allocate_buffer_for_jpeg_decoding out-of-bounds write	8.5	8.4	$0-$5k	$0-$5k	Not defined	Not defined		0.00151	0.07	CVE-2023-40163
6	Clash for Windows Service Mode access control	6.6	6.6	$0-$5k	$0-$5k	Not defined	Not defined		0.00073	0.02	CVE-2022-40126
7	Autodesk AutoCAD Image Processing memory corruption	6.3	6.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00047	0.00	CVE-2021-40163
8	Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow	9.8	9.5	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00308	0.05	CVE-2024-1783
9	Drag and Drop Multiple File Upload Plugin SVG File dnd_codedropz_upload cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not defined	Official fix		0.09414	0.00	CVE-2022-0595
10	Interactive Contact Form and Multi Step Form Builder Plugin cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not defined	Official fix		0.00380	0.00	CVE-2023-4950
11	Byzoro Smart S85F Management Platform unrestricted upload	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00024	0.07	CVE-2023-4121
12	Byzoro Smart S85F Management Platform importhtml.php command injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined	possible	0.65547	0.06	CVE-2023-4120
13	Campcodes Online Thesis Archiving System view_department.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00053	0.02	CVE-2023-2144
14	CodeIgniter DB_query_builder.php or_like sql injection	8.6	8.6	$0-$5k	$0-$5k	Not defined	Not defined		0.00059	0.08	CVE-2022-40829
15	CodeIgniter DB_query_builder.php sql injection	8.0	7.9	$0-$5k	$0-$5k	Not defined	Not defined		0.00056	0.04	CVE-2022-40835
16	centreon Contact Groups Form formContactGroup.php sql injection	6.3	5.8	$0-$5k	$0-$5k	Not defined	Official fix		0.00034	0.06	CVE-2022-3827
17	Sourcecodehero ERP System Project processlogin.php sql injection	8.1	7.9	$0-$5k	Calculating	Proof-of-Concept	Not defined		0.00056	0.00	CVE-2022-3118
18	CPG Dragonfly CMS MSAnalysis Module index.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not defined	Not defined		0.01355	0.02	CVE-2006-0727
19	Sophos SFOS Administration Service/User Portal sql injection	9.4	9.2	$5k-$25k	$0-$5k	Attacked	Official fix	verified	0.83191	0.02	CVE-2020-12271
20	ampleShop category.cfm sql injection	7.3	7.3	$0-$5k	$0-$5k	Not defined	Unavailable		0.01355	0.00	CVE-2006-2038

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	5.189.137.8	vending.softjourn.if.ua	Darkkomet	01/24/2023	verified	Medium
2	12.167.151.119		Darkkomet	04/13/2022	verified	Low
3	20.72.235.82		DarkKomet	09/07/2022	verified	Medium
4	20.81.111.85		DarkKomet	09/07/2022	verified	Medium
5	23.49.102.35	a23-49-102-35.deploy.static.akamaitechnologies.com	Darkkomet	06/03/2023	verified	Medium
6	23.221.227.172	a23-221-227-172.deploy.static.akamaitechnologies.com	DarkKomet	09/07/2022	verified	Medium
7	35.205.61.67	67.61.205.35.bc.googleusercontent.com	DarkKomet	09/07/2022	verified	Medium
8	XX.XX.XXX.XXX		Xxxxxxxxx	04/07/2022	verified	Low
9	XX.XX.XXX.XX		Xxxxxxxxx	04/07/2022	verified	Low
10	XX.XX.XXX.XXX		Xxxxxxxxx	04/07/2022	verified	Low
11	XX.XX.XXX.X	xxx-xxxxxxxx.xxx.xxx.xxx	Xxxxxxxxx	04/13/2022	verified	Very Low
12	XX.XXX.XXX.XXX	xxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xx	Xxxxxxxxx	09/07/2022	verified	Medium
13	XX.XX.X.XXX		Xxxxxxxxx	04/13/2022	verified	Low
14	XX.XXX.XXX.XXX		Xxxxxxxxx	06/03/2023	verified	Medium
15	XX.XXX.XXX.XXX		Xxxxxxxxx	04/08/2022	verified	Low
16	XX.XXX.XXX.XXX		Xxxxxxxxx	06/03/2023	verified	Medium
17	XXX.XX.XXX.XX		Xxxxxxxxx	04/13/2022	verified	Low
18	XXX.XX.XXX.XX		Xxxxxxxxx	04/13/2022	verified	Low
19	XXX.XXX.XXX.XXX		Xxxxxxxxx	09/24/2022	verified	Medium
20	XXX.XXX.XX.XXX		Xxxxxxxxx	09/07/2022	verified	Medium
21	XXX.XX.XXX.XX	xxxxxxxx-xxxxxx.xxxxxx.xxx	Xxxxxxxxx	04/13/2022	verified	Very Low
22	XXX.XXX.X.XX		Xxxxxxxxx	04/25/2023	verified	Medium
23	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxxxxx	04/07/2022	verified	Low
24	XXX.XXX.XXX.XX		Xxxxxxxxx	09/24/2022	verified	Medium
25	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxx	09/07/2022	verified	Medium
26	XXX.XXX.XXX.XX	xxxxxxxx.xx-xxx-xxx-xxx.xx	Xxxxxxxxx	09/07/2022	verified	Medium
27	XXX.XXX.XX.XX	xxxxxxxx.xxxx.xxx	Xxxxxxxxx	01/24/2023	verified	Medium
28	XXX.XX.XX.XXX		Xxxxxxxxx	09/07/2022	verified	Medium
29	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	12/06/2021	verified	Low
30	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxxxxx	04/07/2022	verified	Low
31	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxxxxx	04/07/2022	verified	Low
32	XXX.XXX.XX.XX	xxxxxxx-xxx.xxxxxx.xxx	Xxxxxxxxx	04/13/2022	verified	Very Low

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Basic Cross Site Scripting	predictive	High
4	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX		CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
7	TXXXX		CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
8	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
10	TXXXX		CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
11	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/departments/view_department.php	predictive	High
2	File	/cgi-bin/cstecgi.cgi	predictive	High
3	File	/pages/processlogin.php	predictive	High
4	File	/SCRIPTPATH/index.php	predictive	High
5	File	admin/index.php	predictive	High
6	File	auth-gss2.c	predictive	Medium
7	File	xxxxxxx.xx	predictive	Medium
8	File	xxxxxxx.xxx	predictive	Medium
9	File	xxxxxxxx.xxx	predictive	Medium
10	File	xxx-xxx/xxxxx/xxxxx.xxx	predictive	High
11	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
12	File	xxxxxxx.xxxx	predictive	Medium
13	File	xxxxxxxxxxxxxxxx.xxx	predictive	High
14	File	xxxxxxxxxx.xxx	predictive	High
15	File	xxx/xxxxxx.xxx	predictive	High
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxx_xxxx.xxx	predictive	High
18	File	xxx?xxxx.xxx	predictive	Medium
19	File	xxxx.x	predictive	Low
20	File	xxxx.xxx	predictive	Medium
21	File	xxxxxxxxxx.xxx	predictive	High
22	File	xxxxxxxx.xxx	predictive	Medium
23	File	xxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxx	predictive	High
24	File	xxxx-xxxxxx.x	predictive	High
25	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
26	File	xxx/xxxxxxx.x	predictive	High
27	File	xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx	predictive	High
28	Library	/xxx/xxx/xxxx.xxx	predictive	High
29	Argument	xxxxxxxx	predictive	Medium
30	Argument	xxxxx	predictive	Low
31	Argument	xxxx	predictive	Low
32	Argument	xxx	predictive	Low
33	Argument	xxx_xx	predictive	Low
34	Argument	xx_xx	predictive	Low
35	Argument	xxxx_xx	predictive	Low
36	Argument	xxxxxx	predictive	Low
37	Argument	xxxxxxx-xxxxxx	predictive	High
38	Argument	xxxx_xxxxxx	predictive	Medium
39	Argument	xx	predictive	Low
40	Argument	xxxx_xxxx	predictive	Medium
41	Argument	xx	predictive	Low
42	Argument	xxxxx	predictive	Low
43	Argument	xx_xxxx	predictive	Low
44	Argument	xxxxxxx	predictive	Low
45	Argument	xxxx	predictive	Low
46	Argument	xxx	predictive	Low
47	Argument	xxxx	predictive	Low
48	Input Value	=x' xxx xxxx=xxxx xxx 'xxxx'='xxxx	predictive	High
49	Input Value	xxx?xxxx.xxx	predictive	Medium

References (10)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!