DarkSide Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en48
ar4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us42
ca12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DarkSide2
ElectrumDosMiner1
SocGholish1
Mirai1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Mail Client Software2
Web Server2
Operating System2
Router Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Microsoft4
GNU2
DrayTek2
Joomla2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Boa4
GNU Mailman2
myPHPNuke2
Boa Webserver2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.710.00943CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
4spip Login spip_login.php3 file inclusion7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.040.05054CVE-2006-1702
5miniOrange WP OAuth Server access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00156CVE-2022-34149
6Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.73540CVE-2017-9833
7Boa free release of resource6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00208CVE-2018-21028
8DrayTek Vigor/Vigor3910 wlogin.cgi buffer overflow9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00182CVE-2022-32548
9Boa Terminal input validation5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.02395CVE-2009-4496
10GNU Mailman cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00112CVE-2021-44227
11GNU Mailman confirm.py cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00330CVE-2011-0707
12myPHPNuke links.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00478CVE-2003-1372
13Microsoft Office Word unknown vulnerability5.55.0$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00089CVE-2022-24511
14Microsoft Windows Remote Desktop Client Remote Code Execution8.88.2$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.040.02061CVE-2022-21990
15nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.260.00241CVE-2020-12440
16Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
17Joomla CMS File Upload media.php input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.040.78471CVE-2013-5576
18Samsung Mobile Devices Cameralyzer privileges management5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00044CVE-2020-15577
19DHIS tools register-q.sh symlink5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000
20Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.150.00108CVE-2009-4935

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Darkside

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
151.79.243.236vps-55125c46.vps.ovh.caDarkSide08/05/2021verifiedHigh
281.91.177.54free.example.comUNC2465Darkside06/22/2021verifiedHigh
3XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedHigh
4XXX.XXX.XX.XXXXxxxxxxx07/09/2021verifiedHigh
5XXX.XX.XXX.XXXxxxxxxxxx.xxxxx.xxx.xxXxxxxxxXxxxxxxx06/22/2021verifiedHigh
6XXX.XXX.XX.XXXxxxx.xxxxxxx.xxxXxxxxxxXxxxxxxx06/22/2021verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxx06/18/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/wapopenpredictiveHigh
2File/cgi-bin/wlogin.cgipredictiveHigh
3Fileaddentry.phppredictiveMedium
4Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
5Filexxx/xxxxxxx.xxpredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxx_xxxx.xxxpredictiveMedium
10Filexxxxxxxx-x.xxpredictiveHigh
11Filexxxx_xxxxx.xxxxpredictiveHigh
12Argumentxx/xxpredictiveLow
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxxxxxpredictiveLow
15ArgumentxxxxxxxxxxpredictiveMedium
16Argumentxxxxxxx/xxxxxpredictiveHigh
17Input Value../..predictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!