Darkode Analysis

IOB - Indicator of Behavior (269)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en260
fr4
de4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us138
ir16
ru8
gb4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA18
Linux Kernel8
Microsoft Windows6
Apache Atlas6
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2Schneider Electric Modicon M340 SNMP Server Truncate unusual condition6.46.2$0-$5k$0-$5kNot DefinedWorkaround0.020.00954CVE-2019-6813
3EPrints Latex os command injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2021-26476
4Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget authorization5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-24914
5Google Chrome WebView Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01136CVE-2021-37990
6Microsoft Exchange Server Remote Code Execution7.36.8$25k-$100k$0-$5kFunctionalOfficial Fix0.030.31092CVE-2021-26858
7CentOS Web Panel ajax_list_accounts.php sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.050.01055CVE-2020-15619
8Ay System Solutions CMS home.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.01213CVE-2006-4441
9Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.140.25090CVE-2017-0055
10MikroTik RouterOS Winbox improper authentication8.27.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.93463CVE-2018-14847
11WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01974CVE-2017-5611
12Cisco IOS XR access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00890CVE-2016-9215
13Rocket.Chat cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.02173CVE-2019-17220
14Lithium CMS Stored path traversal6.56.1$0-$5k$0-$5kFunctionalUnavailable0.030.04482CVE-2006-5731
15Micro Focus Operations Bridge Remote Code Execution7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01156CVE-2021-38125
16Doxygen search_opensearch.php Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.01108CVE-2016-10245
17EPrints toolbox os command injection7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01061CVE-2021-26704
18WUSTL XNAT xml external entity reference6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00890CVE-2019-14276
19Xen Orchestra improper authorization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.080.00885CVE-2021-36383
20OpenClinica sql injection7.37.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-24831

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
180.82.66.204no-reverse-dns-configured.comDarkodeverifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/user/Config.cgipredictiveHigh
2File/htdocs/cgibinpredictiveHigh
3File/uncpath/predictiveMedium
4File/videotalkpredictiveMedium
5File/web/MCmsAction.javapredictiveHigh
6File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
7Fileactivity_log.phppredictiveHigh
8Fileadm/systools.asppredictiveHigh
9Fileadmin/getparam.cgipredictiveHigh
10Fileadmin/media/index.php"predictiveHigh
11FileadminCons.phppredictiveHigh
12Fileajax_list_accounts.phppredictiveHigh
13Fileauth-options.cpredictiveHigh
14Filecdf.cpredictiveLow
15Filexxx-xxx/xxxxxxpredictiveHigh
16Filexxx.xxxpredictiveLow
17Filexxx/xxx?xxxxpredictiveMedium
18Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
19Filexxxxxx/xxx.xpredictiveMedium
20Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
22Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
25Filexx/xxxxxxx.xpredictiveMedium
26Filexxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxx.xxxpredictiveMedium
34Filexxxxxx.xpredictiveMedium
35Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveHigh
36Filexxx.xxxpredictiveLow
37Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
38Filexxxxxxxxxx/xxxx.xpredictiveHigh
39Filexxxx.xxxpredictiveMedium
40Filexxxxxxxx.xpredictiveMedium
41Filexx/xxxxxxxxx.xpredictiveHigh
42Filexxx_xxx_xxxxxx.xpredictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
45Filexxx.xpredictiveLow
46Filexxx/xxxxx/xxx_xxxxx.xpredictiveHigh
47Filexxxxxxxx.xpredictiveMedium
48Filexxxxx_xxxxx.xxxpredictiveHigh
49Filexxxxx_xxxxx.xxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxx.xxxxpredictiveMedium
52Filexxxxxx.xxxpredictiveMedium
53Filexxxx.xxxpredictiveMedium
54Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
55Filexxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
56Filexxx_xxxxxxxx.xpredictiveHigh
57Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
58Filexxxx-xxxxxxxx.xxxpredictiveHigh
59Filexxx/xxx/xxx_xx.xpredictiveHigh
60Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
61Filexxxx.xxxpredictiveMedium
62Filexxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
65Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveHigh
66Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictiveHigh
67Filexx-xxxxx/xxxx.xxxpredictiveHigh
68Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
69Filexx-xxxx.xxxpredictiveMedium
70Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
71Libraryxxxxxx.xxxpredictiveMedium
72Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75Argumentxxxx_xxxpredictiveMedium
76Argumentxxx_xxpredictiveLow
77ArgumentxxxpredictiveLow
78Argumentxxxxx->xxxxpredictiveMedium
79ArgumentxxxxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxx_xxpredictiveLow
83Argumentxxxx_xxxxxxxxxx_xxxpredictiveHigh
84ArgumentxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86ArgumentxxpredictiveLow
87Argumentxxxxx_xxpredictiveMedium
88Argumentxxxx_xxpredictiveLow
89ArgumentxxxxxxxpredictiveLow
90ArgumentxxxxpredictiveLow
91Argumentxx_xxxxxxx_xxxxpredictiveHigh
92Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveHigh
93Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveHigh
94Argumentxxxx_xxxxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxxxpredictiveLow
97ArgumentxxxxpredictiveLow
98Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
99Argumentxxxxx_xxxx_xxxxpredictiveHigh
100ArgumentxxxxxpredictiveLow
101ArgumentxxxpredictiveLow
102ArgumentxxxxxpredictiveLow
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxxxxxx[xxxx]predictiveHigh
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxxxpredictiveLow
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
110Argumentx_xxxxpredictiveLow
111ArgumentxxxxpredictiveLow
112Argumentxxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxxpredictiveHigh
113Argument_xxxxxpredictiveLow
114Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveHigh
115Input Value<xxxxxx>xxxxx(x)</xxxxxx>xxxpredictiveHigh
116Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
117Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
118Network PortxxxpredictiveLow
119Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!