Darkode Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (328)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en312
de6
es4
fr4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA160
RU: Russia12
FR: France8
GB: Great Britain8
IR: Iran6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ngioweb3
Cobalt Strike3
Zeus3
Dorkbot2
Sandworm2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined138
Operating System22
Firewall Software16
Content Management System14
WordPress Plugin12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined100
Cisco20
Microsoft14
Linux12
IBM10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA14
Linux Kernel12
Apache Atlas6
Oracle Database Server4
Mozilla Bugzilla4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.05CVE-2023-6648
3Schneider Electric Modicon M340 SNMP Server Truncate unusual condition6.46.2$0-$5k$0-$5kNot DefinedWorkaround0.002240.04CVE-2019-6813
4Samsung Galaxy Store AppsPackageInstaller input validation6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.05CVE-2022-33708
5EPrints Latex os command injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.012730.00CVE-2021-26476
6Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget authorization5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2021-24914
7Google Chrome WebView Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001260.00CVE-2021-37990
8Microsoft Exchange Server Remote Code Execution7.37.0$5k-$25k$0-$5kHighOfficial Fix0.164490.00CVE-2021-26858
9CentOS Web Panel ajax_list_accounts.php sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.006870.00CVE-2020-15619
10Ay System Solutions CMS home.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.011680.00CVE-2006-4441
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.09CVE-2017-0055
12MikroTik RouterOS Winbox improper authentication8.28.0$0-$5k$0-$5kHighOfficial Fix0.974600.05CVE-2018-14847
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.05CVE-2017-5611
14Cisco IOS XR access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2016-9215
15Progress WhatsUp Gold NmApi.exe command injection9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-4883
16Nextcloud Server user_oidc access control6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.05CVE-2024-37312
17Analytify Plugin cross-site request forgery4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-35689
18Fluent Bit Embedded HTTP Server heap-based overflow9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-4323
19Linux Kernel batman-adv infinite loop5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2024-35982
20Linux Kernel fbmon fb_videomode_from_videomode divide by zero5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2024-35922

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
180.82.66.204no-reverse-dns-configured.comDarkode10/31/2021verifiedMedium

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (145)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.predictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3File/admin/search-appointment.phppredictiveHigh
4File/cgi-bin/user/Config.cgipredictiveHigh
5File/config/php.inipredictiveHigh
6File/htdocs/cgibinpredictiveHigh
7File/myprofile.phppredictiveHigh
8File/uncpath/predictiveMedium
9File/videotalkpredictiveMedium
10File/web/MCmsAction.javapredictiveHigh
11File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
12Fileactivity_log.phppredictiveHigh
13Fileadm/systools.asppredictiveHigh
14Fileadmin/getparam.cgipredictiveHigh
15Fileadmin/media/index.php"predictiveHigh
16FileadminCons.phppredictiveHigh
17Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHigh
18Filexxxx-xxxxxxx.xpredictiveHigh
19Filexxx.xpredictiveLow
20Filexxx-xxx/xxxxxxpredictiveHigh
21Filexxx.xxxpredictiveLow
22Filexxx/xxx?xxxxpredictiveMedium
23Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
24Filexxxxxx/xxx.xpredictiveMedium
25Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx-xxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
32Filexx/xxxxxxx.xpredictiveMedium
33Filexxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
39Filexxx/xxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxxx.xpredictiveMedium
43Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
46Filexxxxxxxxxx/xxxx.xpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxxxxxx.xpredictiveMedium
49Filexx/xxxxxxxxx.xpredictiveHigh
50Filexxx_xxx_xxxxxx.xpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
53Filexxx.xpredictiveLow
54Filexxx/xxxxx/xxx_xxxxx.xpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xpredictiveMedium
57Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
60Filexxxxxxx.xxxpredictiveMedium
61Filexxxxx_xxxxx.xxxpredictiveHigh
62Filexxxxx_xxxxx.xxxpredictiveHigh
63Filexxxxxx.xxxpredictiveMedium
64Filexxxxxx.xxxxpredictiveMedium
65Filexxxxxx.xxxpredictiveMedium
66Filexxxx.xxxpredictiveMedium
67Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
68Filexxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
69Filexxx_xxxxxxxx.xpredictiveHigh
70Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
71Filexxxx-xxxxxxxx.xxxpredictiveHigh
72Filexxx/xxx/xxx_xx.xpredictiveHigh
73Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
74Filexxxxxxxxxxxxxx.xxxpredictiveHigh
75Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
76Filexxxx.xxxpredictiveMedium
77Filexxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxx.xxxpredictiveMedium
79Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
80Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
81Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveHigh
82Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictiveHigh
83Filexx-xxxxx/xxxx.xxxpredictiveHigh
84Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
85Filexx-xxxx.xxxpredictiveMedium
86Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
87Libraryxxxxxx.xxxpredictiveMedium
88Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
89ArgumentxxxxxxpredictiveLow
90ArgumentxxxxxxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92Argumentxxxx_xxxpredictiveMedium
93Argumentxxx_xxpredictiveLow
94ArgumentxxxpredictiveLow
95Argumentxxxx_xxxx_xxxxxxx_xxxxx_xxxxxxxpredictiveHigh
96Argumentxxxxx->xxxxpredictiveMedium
97Argumentxxxxx xxxxxpredictiveMedium
98ArgumentxxxxpredictiveLow
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101Argumentxxxx_xxpredictiveLow
102Argumentxxxx_xxxxxxxxxx_xxxpredictiveHigh
103ArgumentxxxxpredictiveLow
104ArgumentxxxxpredictiveLow
105ArgumentxxpredictiveLow
106Argumentxxxxx_xxpredictiveMedium
107Argumentxxxx_xxpredictiveLow
108ArgumentxxxxxxxpredictiveLow
109ArgumentxxxxpredictiveLow
110Argumentxx_xxxxxxx_xxxxpredictiveHigh
111Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveHigh
112Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveHigh
113Argumentxxxx_xxxxpredictiveMedium
114ArgumentxxxxpredictiveLow
115ArgumentxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
118Argumentxxxxx_xxxx_xxxxpredictiveHigh
119ArgumentxxxxxpredictiveLow
120ArgumentxxxpredictiveLow
121ArgumentxxxxxpredictiveLow
122ArgumentxxxxxxxxpredictiveMedium
123ArgumentxxxxxxxxxxpredictiveMedium
124Argumentxxxxxxxx[xxxx]predictiveHigh
125ArgumentxxxxxxxxpredictiveMedium
126Argumentxxxx_xxpredictiveLow
127ArgumentxxxxxpredictiveLow
128ArgumentxxxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130Argumentxxx xxxxxxx xxxxpredictiveHigh
131ArgumentxxxxxxxxpredictiveMedium
132Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
133Argumentx_xxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135Argumentxxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxxpredictiveHigh
136Argumentx-xxxxxxxxx-xxxpredictiveHigh
137ArgumentxxxxpredictiveLow
138Argument_xxxxxpredictiveLow
139Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveHigh
140Input Valuex%xxxx%xxx=xpredictiveMedium
141Input Value<xxxxxx>xxxxx(x)</xxxxxx>xxxpredictiveHigh
142Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
143Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
144Network PortxxxpredictiveLow
145Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!