Darkkomet Analysis

IOB - Indicator of Behavior (59)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38
ru10
gb4
ua2
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Darkkomet7
Adwind2
NetWire2
Glupteba1
Ramnit1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
JavaScript Library12
Content Management System6
File Transfer Software4
Vehicle Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
HPE2
CPG Dragonfly2
Comcast2
Daimler2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Node.js10
HPE ArcSight WINC Connector2
CPG Dragonfly CMS2
Comcast DPC39392
Comcast DPC3941T2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.450.04187CVE-2010-0966
3centreon Contact Groups Form formContactGroup.php sql injection6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2022-3827
4Sourcecodehero ERP System Project processlogin.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.110.09029CVE-2022-3118
5CPG Dragonfly CMS MSAnalysis Module index.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01408CVE-2006-0727
6Sophos SFOS Administration Service/User Portal sql injection9.18.7$5k-$25k$0-$5kHighOfficial Fix0.040.86372CVE-2020-12271
7ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.030.01408CVE-2006-2038
8ProFTPD mod_tls cryptographic issues6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.02172CVE-2009-3639
9OpenSSH GSS2 auth-gss2.c Username information disclosure5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.000.05736CVE-2018-15919
10OpenSSH Readonly Mode sftp-server.c process_open permission5.35.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01537CVE-2017-15906
11Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00986CVE-2009-0296
12ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.06790CVE-2005-0936
13MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00000
14Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.030.00986CVE-2008-4879
15lodahs input validation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-19771
16Peplink Balance Cookie admin.cgi sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.33212CVE-2017-8835
17WordPress Comment Content Filter cross site scripting6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.61250CVE-2019-9787
18WordPress Post Type input validation6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01104CVE-2018-20152
19WordPress Metadata deserialization8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.17166CVE-2018-20148
20WordPress code injection7.57.2$5k-$25k$0-$5kHighOfficial Fix0.030.66572CVE-2019-8942

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.189.137.8vending.softjourn.if.uaDarkkometverifiedHigh
212.167.151.119DarkkometverifiedHigh
320.72.235.82DarkKometverifiedHigh
420.81.111.85DarkKometverifiedHigh
523.221.227.172a23-221-227-172.deploy.static.akamaitechnologies.comDarkKometverifiedHigh
635.205.61.6767.61.205.35.bc.googleusercontent.comDarkKometverifiedMedium
7XX.XX.XXX.XXXXxxxxxxxxverifiedHigh
8XX.XX.XXX.XXXxxxxxxxxverifiedHigh
9XX.XX.XXX.XXXXxxxxxxxxverifiedHigh
10XX.XX.XXX.Xxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxxverifiedHigh
11XX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xxXxxxxxxxxverifiedHigh
12XX.XX.X.XXXXxxxxxxxxverifiedHigh
13XX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
14XXX.XX.XXX.XXXxxxxxxxxverifiedHigh
15XXX.XX.XXX.XXXxxxxxxxxverifiedHigh
16XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
17XXX.XXX.XX.XXXXxxxxxxxxverifiedHigh
18XXX.XX.XXX.XXxxxxxxxx-xxxxxx.xxxxxx.xxxXxxxxxxxxverifiedHigh
19XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxxxverifiedHigh
20XXX.XXX.XXX.XXXxxxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
22XXX.XXX.XXX.XXxxxxxxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxverifiedHigh
23XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxxxverifiedHigh
24XXX.XX.XX.XXXXxxxxxxxxverifiedHigh
25XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
26XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
27XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxxverifiedHigh
28XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/pages/processlogin.phppredictiveHigh
2File/SCRIPTPATH/index.phppredictiveHigh
3Fileadmin/index.phppredictiveHigh
4Fileauth-gss2.cpredictiveMedium
5Filecaptcha.phppredictiveMedium
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxx-xxx/xxxxx/xxxxx.xxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxx.xxxxpredictiveMedium
10Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxx_xxxx.xxxpredictiveHigh
14Filexxx?xxxx.xxxpredictiveMedium
15Filexxxx.xpredictiveLow
16Filexxxx.xxxpredictiveMedium
17Filexxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictiveHigh
19Filexxxx-xxxxxx.xpredictiveHigh
20Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
21Library/xxx/xxx/xxxx.xxxpredictiveHigh
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxxpredictiveLow
24ArgumentxxxxpredictiveLow
25ArgumentxxxpredictiveLow
26Argumentxxx_xxpredictiveLow
27Argumentxx_xxpredictiveLow
28Argumentxxxx_xxpredictiveLow
29Argumentxxxxxxx-xxxxxxpredictiveHigh
30ArgumentxxpredictiveLow
31ArgumentxxpredictiveLow
32ArgumentxxxxxpredictiveLow
33ArgumentxxxxxxxpredictiveLow
34ArgumentxxxxpredictiveLow
35ArgumentxxxxpredictiveLow
36Input Value=x' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
37Input Valuexxx?xxxx.xxxpredictiveMedium

References (8)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!