Darkode Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (362)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en348
de4
fr4
es4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA156
RU: Russia18
GB: Great Britain12
DK: Denmark8
IR: Iran8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ngioweb3
Zeus2
Moobot2
Dorkbot2
Sandworm2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined124
Operating System24
Content Management System18
Firewall Software16
Router Operating System14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined92
Cisco32
Microsoft24
Apache14
IBM10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA14
Linux Kernel10
Microsoft Windows8
Apache Atlas8
Google Android6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003030.09CVE-2023-6648
3Schneider Electric Modicon M340 SNMP Server Truncate unusual condition6.46.2$0-$5k$0-$5kNot definedWorkaround 0.005100.00CVE-2019-6813
4aliyun-oss-client information disclosure4.34.3$0-$5k$0-$5kNot definedOfficial fix 0.000540.00CVE-2022-39397
5Samsung Galaxy Store AppsPackageInstaller input validation6.56.4$0-$5k$0-$5kNot definedOfficial fix 0.000360.08CVE-2022-33708
6EPrints Latex cal os command injection8.08.0$0-$5k$0-$5kNot definedOfficial fix 0.028690.00CVE-2021-26476
7Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget authorization5.75.7$0-$5k$0-$5kNot definedOfficial fix 0.001030.00CVE-2021-24914
8Google Chrome WebView Remote Code Execution6.36.0$25k-$100k$5k-$25kNot definedOfficial fix 0.002480.00CVE-2021-37990
9Microsoft Exchange Server Remote Code Execution7.47.2$5k-$25k$0-$5kHighOfficial fixverified0.770910.00CVE-2021-26858
10CentOS Web Panel ajax_list_accounts.php sql injection6.46.4$0-$5k$0-$5kNot definedNot defined 0.010950.00CVE-2020-15619
11Ay System Solutions CMS home.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.012370.00CVE-2006-4441
12Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.09CVE-2017-0055
13MikroTik RouterOS Winbox improper authentication8.58.4$0-$5k$0-$5kHighOfficial fixverified0.894100.00CVE-2018-14847
14WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.088390.00CVE-2017-5611
15Cisco IOS XR access control7.87.5$5k-$25k$0-$5kNot definedOfficial fix 0.000730.02CVE-2016-9215
16StarSea99 starsea-mall update cross site scripting2.42.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000500.00CVE-2025-0400
17KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot definedNot defined 0.000170.03CVE-2024-54306
18man-group dtale Setting cross site scripting4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.003500.00CVE-2024-55890
19코드엠샵 소셜톡 Plugin cross site scripting4.94.9$0-$5k$0-$5kNot definedNot defined 0.000310.03CVE-2024-11904
20IBM QRadar SIEM Web UI cross site scripting4.94.9$0-$5k$0-$5kNot definedOfficial fix 0.000350.02CVE-2024-47107

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
180.82.66.204no-reverse-dns-configured.comDarkode10/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-104CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
23TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (185)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.predictiveHigh
2File/add_new_supplier.phppredictiveHigh
3File/admin/categories/updatepredictiveHigh
4File/admin/maintenance/view_designation.phppredictiveHigh
5File/admin/process_category_add.phppredictiveHigh
6File/admin/quizquestion.phppredictiveHigh
7File/admin/search-appointment.phppredictiveHigh
8File/app/api/controller/caiji.phppredictiveHigh
9File/buscar_integrada.phppredictiveHigh
10File/cgi-bin/user/Config.cgipredictiveHigh
11File/cgi-bin/wlogin.cgipredictiveHigh
12File/classes/Master.phppredictiveHigh
13File/config/php.inipredictiveHigh
14File/endpoint/add-calorie.phppredictiveHigh
15File/htdocs/cgibinpredictiveHigh
16File/manage_supplier.phppredictiveHigh
17File/myprofile.phppredictiveHigh
18File/pda/workflow/check_seal.phppredictiveHigh
19File/teacher.phppredictiveMedium
20File/uncpath/predictiveMedium
21File/videotalkpredictiveMedium
22File/xxxxxxxxxxx.xxxpredictiveHigh
23File/xxx/xxxxxxxxxx.xxxxpredictiveHigh
24Filexxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxxpredictiveHigh
25Filexxxxxxxx_xxx.xxxpredictiveHigh
26Filexxx/xxxxxxxx.xxxpredictiveHigh
27Filexxxxx/xxxxxxxx.xxxpredictiveHigh
28Filexxxxx/xxxxx/xxxxx.xxx"predictiveHigh
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxx/xxxx/xxx_xxxxxx.xxxpredictiveHigh
32Filexxxx-xxxxxxx.xpredictiveHigh
33Filexxxxxxx/xxx/xxxxxxxx/xx_xxxx.xxpredictiveHigh
34Filexxx.xpredictiveLow
35Filexxx-xxx/xxxxxxpredictiveHigh
36Filexxx.xxxpredictiveLow
37Filexxx/xxx?xxxxpredictiveMedium
38Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
39Filexxxxxx/xxx.xpredictiveMedium
40Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxx-xxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx.xxxpredictiveHigh
48Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
49Filexx/xxxxxxx.xpredictiveMedium
50Filexxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
51Filexxxx.xxxpredictiveMedium
52Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
53Filexxxx.xxxpredictiveMedium
54Filexxxxxxxxxx.xxxpredictiveHigh
55Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
56Filexxx/xxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexx/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
60Filexxxxxx.xpredictiveMedium
61Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveHigh
62Filexxx.xxxpredictiveLow
63Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
64Filexxxxxxxxxx/xxxx.xpredictiveHigh
65Filexxxx.xxxpredictiveMedium
66Filexxxxxxxx.xpredictiveMedium
67Filexx/xxxxxxxxx.xpredictiveHigh
68Filexxx_xxx_xxxxxx.xpredictiveHigh
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
71Filexxx.xpredictiveLow
72Filexxx/xxxxx/xxx_xxxxx.xpredictiveHigh
73Filexxxxx.xxxpredictiveMedium
74Filexxxxxxxx.xpredictiveMedium
75Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
76Filexxxxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
78Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
79Filexxxxxxx.xxxpredictiveMedium
80Filexxxxxxx.xxxpredictiveMedium
81Filexxxxx_xxxxx.xxxpredictiveHigh
82Filexxxxx_xxxxx.xxxpredictiveHigh
83Filexxxxxx.xxxpredictiveMedium
84Filexxxxxx.xxxxpredictiveMedium
85Filexxxxxx.xxxpredictiveMedium
86Filexxxx.xxxpredictiveMedium
87Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
88Filexxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
89Filexxx_xxxxxxxx.xpredictiveHigh
90Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
91Filexxxx-xxxxxxxx.xxxpredictiveHigh
92Filexxx/xxx/xxx_xx.xpredictiveHigh
93Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
94Filexxxxxxxxxxxxxx.xxxpredictiveHigh
95Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
96Filexxxx.xxxpredictiveMedium
97Filexxxxxxxxxxxx.xxxpredictiveHigh
98Filexxxxxxxx.xxxpredictiveMedium
99Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
100Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
101Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveHigh
102Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictiveHigh
103Filexx-xxxxx/xxxx.xxxpredictiveHigh
104Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
105Filexx-xxxx.xxxpredictiveMedium
106Library/xxxxxxxxxxx/xxxxxxxx_xxx.xpredictiveHigh
107Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
108Libraryxxxxxx.xxxpredictiveMedium
109Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
110Argumentxx/xxpredictiveLow
111ArgumentxxxxxxpredictiveLow
112ArgumentxxxxxxxpredictiveLow
113ArgumentxxxxxxxxpredictiveMedium
114Argumentxxxx_xxxpredictiveMedium
115Argumentxxxxxxx_xxxx/xxxxxxx_xxxxpredictiveHigh
116ArgumentxxxpredictiveLow
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxxxxxxxxxpredictiveMedium
119Argumentxxx_xxpredictiveLow
120ArgumentxxxpredictiveLow
121Argumentxxxxxxx-xxxxxxpredictiveHigh
122Argumentxxxx_xxxx_xxxxxxx_xxxxx_xxxxxxxpredictiveHigh
123ArgumentxxxpredictiveLow
124ArgumentxxxxxpredictiveLow
125Argumentxxxxx->xxxxpredictiveMedium
126Argumentxxxxx xxxxxpredictiveMedium
127Argumentxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxxxpredictiveLow
130ArgumentxxxxxxxxpredictiveMedium
131Argumentxxxx_xxpredictiveLow
132Argumentxxxx_xxxxxxxxxx_xxxpredictiveHigh
133ArgumentxxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135ArgumentxxpredictiveLow
136ArgumentxxpredictiveLow
137Argumentxx/xxxxxpredictiveMedium
138Argumentxxxxx_xxpredictiveMedium
139Argumentxxxx_xxpredictiveLow
140ArgumentxxxxxxxpredictiveLow
141ArgumentxxxxpredictiveLow
142Argumentxx_xxxxxxx_xxxxpredictiveHigh
143Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveHigh
144Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveHigh
145ArgumentxxxxpredictiveLow
146Argumentxxxx_xxxxpredictiveMedium
147ArgumentxxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149ArgumentxxxxpredictiveLow
150Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
151ArgumentxxxxxpredictiveLow
152Argumentxxxxx_xxxx_xxxxpredictiveHigh
153ArgumentxxxxxxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155ArgumentxxxpredictiveLow
156ArgumentxxxxxpredictiveLow
157ArgumentxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxxpredictiveMedium
159Argumentxxxxxxxx[xxxx]predictiveHigh
160Argumentxxx_xxxxxxxxxpredictiveHigh
161ArgumentxxxxxxxxpredictiveMedium
162Argumentxxxx_xxpredictiveLow
163ArgumentxxxxxpredictiveLow
164ArgumentxxxxxpredictiveLow
165ArgumentxxxxxpredictiveLow
166ArgumentxxxxpredictiveLow
167ArgumentxxxpredictiveLow
168Argumentxxx xxxxxxx xxxxpredictiveHigh
169ArgumentxxxxxxxxpredictiveMedium
170Argumentxxxxxxxx/xxxxxxxxxpredictiveHigh
171Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
172ArgumentxxxxpredictiveLow
173Argumentx_xxxxpredictiveLow
174ArgumentxxxxpredictiveLow
175Argumentxxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxxpredictiveHigh
176Argumentx-xxxxxxxxx-xxxpredictiveHigh
177ArgumentxxxxpredictiveLow
178Argument_xxxxxpredictiveLow
179Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveHigh
180Input Valuex%xxxx%xxx=xpredictiveMedium
181Input Value<xxxxxx>xxxxx(x)</xxxxxx>xxxpredictiveHigh
182Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
183Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
184Network PortxxxpredictiveLow
185Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!