Darkode Analysis

IOB - Indicator of Behavior (319)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en308
fr6
es4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us156
ru18
gb8
ir6
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA14
Linux Kernel14
Google Android10
Exim6
Apple iOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00063CVE-2023-6648
3Schneider Electric Modicon M340 SNMP Server Truncate unusual condition6.46.2$0-$5k$0-$5kNot DefinedWorkaround0.000.00224CVE-2019-6813
4Samsung Galaxy Store AppsPackageInstaller input validation6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2022-33708
5EPrints Latex os command injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01402CVE-2021-26476
6Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget authorization5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00074CVE-2021-24914
7Google Chrome WebView Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00107CVE-2021-37990
8Microsoft Exchange Server Remote Code Execution7.36.8$25k-$100k$0-$5kFunctionalOfficial Fix0.000.70350CVE-2021-26858
9CentOS Web Panel ajax_list_accounts.php sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00687CVE-2020-15619
10Ay System Solutions CMS home.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01168CVE-2006-4441
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00548CVE-2017-0055
12MikroTik RouterOS Winbox improper authentication8.27.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.97496CVE-2018-14847
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
14Cisco IOS XR access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2016-9215
15ShopLentor Plugin Banner Link cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.080.00000CVE-2024-1960
16Netgear CBR40/CBK40/CBK43 currentsetting.htm information disclosure5.35.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00043CVE-2024-28340
17Apple macOS Lock Screen state issue2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00044CVE-2024-23289
18Linux Kernel ca8210 of_clk_add_provider use after free5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00044CVE-2023-52510
19SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.150.00045CVE-2024-1875
20Petrol Pump Management Software profile.php unrestricted upload5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00101CVE-2024-27747

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
180.82.66.204no-reverse-dns-configured.comDarkode10/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (141)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.predictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3File/admin/search-appointment.phppredictiveHigh
4File/cgi-bin/user/Config.cgipredictiveHigh
5File/config/php.inipredictiveHigh
6File/htdocs/cgibinpredictiveHigh
7File/myprofile.phppredictiveHigh
8File/uncpath/predictiveMedium
9File/videotalkpredictiveMedium
10File/web/MCmsAction.javapredictiveHigh
11File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
12Fileactivity_log.phppredictiveHigh
13Fileadm/systools.asppredictiveHigh
14Fileadmin/getparam.cgipredictiveHigh
15Fileadmin/media/index.php"predictiveHigh
16FileadminCons.phppredictiveHigh
17Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHigh
18Filexxxx-xxxxxxx.xpredictiveHigh
19Filexxx.xpredictiveLow
20Filexxx-xxx/xxxxxxpredictiveHigh
21Filexxx.xxxpredictiveLow
22Filexxx/xxx?xxxxpredictiveMedium
23Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
24Filexxxxxx/xxx.xpredictiveMedium
25Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx-xxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
32Filexx/xxxxxxx.xpredictiveMedium
33Filexxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
39Filexxx/xxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxxx.xpredictiveMedium
43Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
46Filexxxxxxxxxx/xxxx.xpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxxxxxx.xpredictiveMedium
49Filexx/xxxxxxxxx.xpredictiveHigh
50Filexxx_xxx_xxxxxx.xpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
53Filexxx.xpredictiveLow
54Filexxx/xxxxx/xxx_xxxxx.xpredictiveHigh
55Filexxxxxxxx.xpredictiveMedium
56Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxx_xxxxx.xxxpredictiveHigh
61Filexxxxx_xxxxx.xxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxx.xxxxpredictiveMedium
64Filexxxxxx.xxxpredictiveMedium
65Filexxxx.xxxpredictiveMedium
66Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
67Filexxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
68Filexxx_xxxxxxxx.xpredictiveHigh
69Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
70Filexxxx-xxxxxxxx.xxxpredictiveHigh
71Filexxx/xxx/xxx_xx.xpredictiveHigh
72Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
73Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
74Filexxxx.xxxpredictiveMedium
75Filexxxxxxxxxxxx.xxxpredictiveHigh
76Filexxxxxxxx.xxxpredictiveMedium
77Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
78Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
79Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveHigh
80Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictiveHigh
81Filexx-xxxxx/xxxx.xxxpredictiveHigh
82Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
83Filexx-xxxx.xxxpredictiveMedium
84Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
85Libraryxxxxxx.xxxpredictiveMedium
86Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
87ArgumentxxxxxxpredictiveLow
88ArgumentxxxxxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxx_xxxpredictiveMedium
91Argumentxxx_xxpredictiveLow
92ArgumentxxxpredictiveLow
93Argumentxxxxx->xxxxpredictiveMedium
94Argumentxxxxx xxxxxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxx_xxpredictiveLow
99Argumentxxxx_xxxxxxxxxx_xxxpredictiveHigh
100ArgumentxxxxpredictiveLow
101ArgumentxxxxpredictiveLow
102ArgumentxxpredictiveLow
103Argumentxxxxx_xxpredictiveMedium
104Argumentxxxx_xxpredictiveLow
105ArgumentxxxxxxxpredictiveLow
106ArgumentxxxxpredictiveLow
107Argumentxx_xxxxxxx_xxxxpredictiveHigh
108Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveHigh
109Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveHigh
110Argumentxxxx_xxxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112ArgumentxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
115Argumentxxxxx_xxxx_xxxxpredictiveHigh
116ArgumentxxxxxpredictiveLow
117ArgumentxxxpredictiveLow
118ArgumentxxxxxpredictiveLow
119ArgumentxxxxxxxxpredictiveMedium
120ArgumentxxxxxxxxxxpredictiveMedium
121Argumentxxxxxxxx[xxxx]predictiveHigh
122ArgumentxxxxxxxxpredictiveMedium
123Argumentxxxx_xxpredictiveLow
124ArgumentxxxxxpredictiveLow
125ArgumentxxxxxpredictiveLow
126ArgumentxxxxpredictiveLow
127Argumentxxx xxxxxxx xxxxpredictiveHigh
128ArgumentxxxxxxxxpredictiveMedium
129Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
130Argumentx_xxxxpredictiveLow
131ArgumentxxxxpredictiveLow
132Argumentxxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxxpredictiveHigh
133Argumentx-xxxxxxxxx-xxxpredictiveHigh
134Argument_xxxxxpredictiveLow
135Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveHigh
136Input Valuex%xxxx%xxx=xpredictiveMedium
137Input Value<xxxxxx>xxxxx(x)</xxxxxx>xxxpredictiveHigh
138Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
139Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
140Network PortxxxpredictiveLow
141Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!