Diicot Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (460)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en396
ru28
de14
es10
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA386
ID: Indonesia46
GB: Great Britain6
VN: Vietnam4
IN: India4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Diicot6
AsyncRAT4
Remcos3
RedLine Stealer3
Bashlite3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined112
Content Management System16
Web Server12
File Transfer Software8
Application Server Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Microsoft14
Apache10
Oracle6
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

nginx4
Cerberus FTP Server4
Apache HTTP Server4
WordPress4
Atlassian Data Center4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017130.03CVE-2006-3681
2PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005540.26CVE-2007-0529
3MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.014340.32CVE-2007-0354
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.21CVE-2020-12440
5Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001680.06CVE-2005-4222
6Alurian Prismotube Video Script index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000640.00CVE-2011-5103
7PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
8Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.004240.04CVE-2011-0643
9OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001750.03CVE-2005-1612
10SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001931.08CVE-2022-28959
11Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.311380.04CVE-2017-0055
12Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
13DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.25CVE-2010-0966
14PHPizabi template.class.php assignuser information disclosure4.34.2$0-$5k$0-$5kHighUnavailable0.004580.04CVE-2008-2018
15Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001840.04CVE-2014-100038
16DUware DUpaypal detail.asp sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.004500.05CVE-2006-6365
17Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.13
18Atlassian Bitbucket Server/Data Center Installer access control6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-36233
19Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001370.04CVE-2008-4879
20Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001590.02CVE-2014-100037

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.88.67.94Diicot06/16/2023verifiedHigh
246.102.174.115no-rdns.webhost-cp.comDiicot12/18/2024verifiedVery High
380.76.51.5Diicot12/18/2024verifiedVery High
4XX.XX.XX.XXXXxxxxx06/16/2023verifiedHigh
5XX.XXX.XXX.XXXXxxxxx12/18/2024verifiedVery High
6XX.XXX.XXX.XXXxxxxx12/18/2024verifiedVery High
7XX.XXX.XXX.XXXXxxxxx12/18/2024verifiedVery High
8XX.XX.XXX.Xxxxxxxxx.xxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxx12/18/2024verifiedVery High
9XXX.XX.XXX.XXXxxxxxxxx.xx-xxx-xx-xxx.xxxXxxxxx12/18/2024verifiedVery High
10XXX.XXX.XXX.XXXxxxxx12/18/2024verifiedVery High
11XXX.XXX.XXX.XXXxxxxx12/18/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (179)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/Admin/login.phppredictiveHigh
3File/etc/master.passwdpredictiveHigh
4File/forum/away.phppredictiveHigh
5File/index.phppredictiveMedium
6File/mcpredictiveLow
7File/mics/j_spring_security_checkpredictiveHigh
8File/out.phppredictiveMedium
9File/preview.phppredictiveMedium
10File/spip.phppredictiveMedium
11File/uncpath/predictiveMedium
12File/usr/local/WowzaStreamingEngine/bin/predictiveHigh
13File/web_cste/cgi-bin/product.inipredictiveHigh
14File/wp-json/wc/v3/webhookspredictiveHigh
15File/_vti_bin/_vti_autpredictiveHigh
16Fileadclick.phppredictiveMedium
17Fileadd_contestant.phppredictiveHigh
18Fileadd_to_cart.phppredictiveHigh
19Fileadmin-ajax.phppredictiveHigh
20Fileadmin.jcomments.phppredictiveHigh
21Fileadmin.phppredictiveMedium
22Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
23Filexxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
25Filexxxx/xxxx/xxxxx?xxxx=xx-xx&xxxxxxxxxxxxxx=xxxxxpredictiveHigh
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxx.xxxpredictiveLow
28Filexxxxx-xxxx/xxxxxx.xpredictiveHigh
29Filexxxxxxx.xxpredictiveMedium
30Filexxx-xxx/xxxxxxx.xxpredictiveHigh
31Filexxxxxx/xxxxxxxxxxx/xxxxxxx/xx_xxxxxxx_xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxx/xx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxxpredictiveHigh
34Filexxxxxx.xxxpredictiveMedium
35Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
40Filexxxxxxx-xx-xxxxx.xxxpredictiveHigh
41Filexxxx/xxxx_xxxxxxxx_xxx/xxx_xxxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxx.xxxpredictiveMedium
44Filexxxxxx.xxxpredictiveMedium
45Filexxxxxxxxx.xxxpredictiveHigh
46Filexxxx_xxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx-xxxxxxxxxx-xxxxxx.xxxpredictiveHigh
49Filexxx/xxxxxx.xxxpredictiveHigh
50Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
51Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
52Filexxxxxxx/xxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxx/xxxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxx.xxxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxxxxxx/xxxxx.xxpredictiveHigh
58Filexxx_xxxxxxxxx.xxxpredictiveHigh
59Filexx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
60Filex_xxxxxxxx_xxxxxpredictiveHigh
61Filexxxx.xxxpredictiveMedium
62Filexxxxx.xxxpredictiveMedium
63Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
64Filexxx_xxxx.xxxpredictiveMedium
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
67Filexxxxxxxxx.xxx.xxxpredictiveHigh
68Filexxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
69Filexxxxxxx.xxxpredictiveMedium
70Filexxxxx.xxxpredictiveMedium
71Filexxxx.xxxpredictiveMedium
72Filexxxx.xxxpredictiveMedium
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxxxxxx.xxpredictiveMedium
75Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
76Filexxxxxxx.xpredictiveMedium
77Filexxxxxx_xxxxxx.xxxpredictiveHigh
78Filexxxx_xxxxx.xxxpredictiveHigh
79Filexxxxxxxxx/xxxxxx.xpredictiveHigh
80Filexxxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
82Filexxxxx.xxxpredictiveMedium
83Filexxxx.xxxpredictiveMedium
84Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxx.xxxpredictiveMedium
87Filexxx/xxx/xxxxxxx/xxxx.xxxpredictiveHigh
88Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
89Filexxx/xxxxx/xxxxxxxxxxxxxxxx/predictiveHigh
90Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxx.xxxxx.xxxpredictiveHigh
92Filexxxxx/xxxxx.xxpredictiveHigh
93Filexxxxxx.xxxpredictiveMedium
94Filexxxxxxxx.xxxpredictiveMedium
95Filexxxxx/xxxxx.xxpredictiveHigh
96Filexx-xxxxx.xxxpredictiveMedium
97Filexx-xxxxxxxx.xxxpredictiveHigh
98Filexx-xxxxxxxxx.xxxpredictiveHigh
99Filexxxx.xxpredictiveLow
100File~/xxxxxx/xxxx/xxxxxxxx-xxxx.xxxpredictiveHigh
101Libraryxxxxxx.xxxpredictiveMedium
102Libraryxxxx.xxx.xxxpredictiveMedium
103Libraryxxxxxx_xxx.xxx.xxxpredictiveHigh
104Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
105Argumentxxx_xxxxxxxxxxpredictiveHigh
106ArgumentxxxxxxxxpredictiveMedium
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxpredictiveLow
109ArgumentxxxxxxxxxxpredictiveMedium
110ArgumentxxxxxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112ArgumentxxxxxxpredictiveLow
113Argumentxxxxxxxxx[x]predictiveMedium
114ArgumentxxxxxpredictiveLow
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxpredictiveLow
117ArgumentxxxxxxxxxxxxxxxpredictiveHigh
118Argumentxxxxx_xxxx_xxxxpredictiveHigh
119ArgumentxxxxxpredictiveLow
120ArgumentxxxxpredictiveLow
121Argumentxxxx_xxxxxpredictiveMedium
122ArgumentxxxxpredictiveLow
123Argumentxxxx/xxxxxxx-xxxxxxpredictiveHigh
124ArgumentxxpredictiveLow
125ArgumentxxxxxxxxxpredictiveMedium
126Argumentxxxxxxx_xxxxpredictiveMedium
127ArgumentxxxxpredictiveLow
128Argumentxxxxx[xxxxxx]predictiveHigh
129Argumentx_xxxxxxxxpredictiveMedium
130Argumentx_xxxxxxxxpredictiveMedium
131ArgumentxxxxpredictiveLow
132Argumentxxxx_xxxxpredictiveMedium
133ArgumentxxxxxxxpredictiveLow
134Argumentxxxxx_xxxxx_xxpredictiveHigh
135ArgumentxxxxxpredictiveLow
136ArgumentxxxpredictiveLow
137ArgumentxxxxpredictiveLow
138Argumentxxx_xxpredictiveLow
139ArgumentxxxxpredictiveLow
140ArgumentxxxxxxpredictiveLow
141ArgumentxxxxpredictiveLow
142ArgumentxxxxxxxxpredictiveMedium
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxxxpredictiveLow
145Argumentxxxx_xxxxpredictiveMedium
146ArgumentxxxxxxxxxpredictiveMedium
147Argumentxxxxxxx_xxpredictiveMedium
148ArgumentxxxxxpredictiveLow
149Argumentxxxxx_xxxxxxpredictiveMedium
150ArgumentxxxxxxxpredictiveLow
151Argumentxxxxxxx/xxxxxpredictiveHigh
152Argumentxxxx xxxx xxxxxxx/xxxxxx xxxxxx/xxxxx xxxxxx/xxxxx xxxxxxx/xxxxxxxx xxxxxxxpredictiveHigh
153ArgumentxxxxxxpredictiveLow
154ArgumentxxxxxxxxxxxpredictiveMedium
155Argumentxxxx_xxxpredictiveMedium
156ArgumentxxpredictiveLow
157Argumentxxxxxx_xxxxpredictiveMedium
158ArgumentxxpredictiveLow
159ArgumentxxxxxxpredictiveLow
160Argumentxx_xxpredictiveLow
161ArgumentxxxxpredictiveLow
162ArgumentxxxpredictiveLow
163ArgumentxxxxxpredictiveLow
164ArgumentxxxxxxxxxpredictiveMedium
165ArgumentxxxxxxxxxxxpredictiveMedium
166Argumentxxxxxx_xxxxpredictiveMedium
167ArgumentxxxpredictiveLow
168ArgumentxxxxxxpredictiveLow
169Argumentxxxx_xxxxxpredictiveMedium
170Argumentxxx_xxxxx_xxx_xxpredictiveHigh
171Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
172Argument_xxx_xxxxxxxxxxx_predictiveHigh
173Argument__xxxxxxxxxxxxxpredictiveHigh
174Input Value../predictiveLow
175Input Value../../xxx-xxx/xxxpredictiveHigh
176Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveHigh
177Input ValuexxxxxpredictiveLow
178Input Valuexxxxxx_xxxxxxxxpredictiveHigh
179Input Valuexx x=xpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!