Darkkomet Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en68
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us48
ru12
it2
fr2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Darkkomet9
Adwind2
NetWire2
NjRAT2
Nanocore RAT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

JavaScript Library12
Not Defined10
Content Management System8
Programming Language Software6
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Cisco2
Schoolhos2
Campcodes2
ISC2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Node.js10
WordPress6
Drag and Drop Multiple File Upload Plugin2
Cisco IOS XE2
Schoolhos CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.58CVE-2010-0966
3Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.10CVE-2024-1783
4Drag and Drop Multiple File Upload Plugin SVG File dnd_codedropz_upload cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2022-0595
5Interactive Contact Form and Multi Step Form Builder Plugin cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.02CVE-2023-4950
6Byzoro Smart S85F Management Platform unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002070.13CVE-2023-4121
7Byzoro Smart S85F Management Platform importhtml.php command injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.006170.07CVE-2023-4120
8Campcodes Online Thesis Archiving System view_department.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.09CVE-2023-2144
9CodeIgniter DB_query_builder.php or_like sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2022-40829
10CodeIgniter DB_query_builder.php sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.02CVE-2022-40835
11centreon Contact Groups Form formContactGroup.php sql injection6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002120.08CVE-2022-3827
12Sourcecodehero ERP System Project processlogin.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.03CVE-2022-3118
13CPG Dragonfly CMS MSAnalysis Module index.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.009180.03CVE-2006-0727
14Sophos SFOS Administration Service/User Portal sql injection9.18.9$5k-$25k$0-$5kHighOfficial Fix0.016550.08CVE-2020-12271
15ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.02CVE-2006-2038
16ProFTPD mod_tls cryptographic issues6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004730.00CVE-2009-3639
17OpenSSH GSS2 auth-gss2.c Username information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.002570.00CVE-2018-15919
18OpenSSH Readonly Mode sftp-server.c process_open permission5.35.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.00CVE-2017-15906
19Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
20ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.189.137.8vending.softjourn.if.uaDarkkomet01/24/2023verifiedHigh
212.167.151.119Darkkomet04/13/2022verifiedHigh
320.72.235.82DarkKomet09/07/2022verifiedHigh
420.81.111.85DarkKomet09/07/2022verifiedHigh
523.49.102.35a23-49-102-35.deploy.static.akamaitechnologies.comDarkkomet06/03/2023verifiedHigh
623.221.227.172a23-221-227-172.deploy.static.akamaitechnologies.comDarkKomet09/07/2022verifiedHigh
735.205.61.6767.61.205.35.bc.googleusercontent.comDarkKomet09/07/2022verifiedMedium
8XX.XX.XXX.XXXXxxxxxxxx04/07/2022verifiedHigh
9XX.XX.XXX.XXXxxxxxxxx04/07/2022verifiedHigh
10XX.XX.XXX.XXXXxxxxxxxx04/07/2022verifiedHigh
11XX.XX.XXX.Xxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxx04/13/2022verifiedHigh
12XX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xxXxxxxxxxx09/07/2022verifiedHigh
13XX.XX.X.XXXXxxxxxxxx04/13/2022verifiedHigh
14XX.XXX.XXX.XXXXxxxxxxxx06/03/2023verifiedHigh
15XX.XXX.XXX.XXXXxxxxxxxx04/08/2022verifiedHigh
16XX.XXX.XXX.XXXXxxxxxxxx06/03/2023verifiedHigh
17XXX.XX.XXX.XXXxxxxxxxx04/13/2022verifiedHigh
18XXX.XX.XXX.XXXxxxxxxxx04/13/2022verifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxxx09/24/2022verifiedHigh
20XXX.XXX.XX.XXXXxxxxxxxx09/07/2022verifiedHigh
21XXX.XX.XXX.XXxxxxxxxx-xxxxxx.xxxxxx.xxxXxxxxxxxx04/13/2022verifiedHigh
22XXX.XXX.X.XXXxxxxxxxx04/25/2023verifiedHigh
23XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxxx04/07/2022verifiedHigh
24XXX.XXX.XXX.XXXxxxxxxxx09/24/2022verifiedHigh
25XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxx09/07/2022verifiedHigh
26XXX.XXX.XXX.XXxxxxxxxx.xx-xxx-xxx-xxx.xxXxxxxxxxx09/07/2022verifiedHigh
27XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxxx01/24/2023verifiedHigh
28XXX.XX.XX.XXXXxxxxxxxx09/07/2022verifiedHigh
29XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx12/06/2021verifiedHigh
30XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx04/07/2022verifiedHigh
31XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx04/07/2022verifiedHigh
32XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxxx04/13/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/departments/view_department.phppredictiveHigh
2File/cgi-bin/cstecgi.cgipredictiveHigh
3File/pages/processlogin.phppredictiveHigh
4File/SCRIPTPATH/index.phppredictiveHigh
5Fileadmin/index.phppredictiveHigh
6Fileauth-gss2.cpredictiveMedium
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxxxx.xxxpredictiveMedium
9Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxxpredictiveMedium
12Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxx.xxxpredictiveHigh
14Filexxx/xxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxx_xxxx.xxxpredictiveHigh
17Filexxx?xxxx.xxxpredictiveMedium
18Filexxxx.xpredictiveLow
19Filexxxx.xxxpredictiveMedium
20Filexxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
23Filexxxx-xxxxxx.xpredictiveHigh
24Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
25Filexxx/xxxxxxx.xpredictiveHigh
26Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
27Library/xxx/xxx/xxxx.xxxpredictiveHigh
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxxxxpredictiveLow
30ArgumentxxxxpredictiveLow
31ArgumentxxxpredictiveLow
32Argumentxxx_xxpredictiveLow
33Argumentxx_xxpredictiveLow
34Argumentxxxx_xxpredictiveLow
35Argumentxxxxxxx-xxxxxxpredictiveHigh
36Argumentxxxx_xxxxxxpredictiveMedium
37ArgumentxxpredictiveLow
38Argumentxxxx_xxxxpredictiveMedium
39ArgumentxxpredictiveLow
40ArgumentxxxxxpredictiveLow
41Argumentxx_xxxxpredictiveLow
42ArgumentxxxxxxxpredictiveLow
43ArgumentxxxxpredictiveLow
44ArgumentxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46Input Value=x' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
47Input Valuexxx?xxxx.xxxpredictiveMedium

References (10)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!