Dorkbot Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en900
zh42
de14
fr8
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl822
us80
ir20
ru18
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows98
Linux Kernel36
WordPress20
Google Android18
Apache HTTP Server16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.820.00000CVE-2020-12440
2Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2014-8572
3Microsoft Windows WPAD access control8.07.9$25k-$100k$0-$5kHighOfficial Fix0.000.34346CVE-2016-3213
4UnrealIRCd input validation7.37.3$0-$5k$0-$5kHighNot Defined0.030.81542CVE-2010-2075
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.180.25090CVE-2017-0055
6Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.070.01648CVE-2021-34530
7Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.010.01150CVE-2021-34487
8Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.070.29797CVE-2014-4078
9Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01055CVE-2022-20798
10nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.05028CVE-2016-1247
11Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.080.07767CVE-2020-1927
12Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.010.02427CVE-2021-26423
13Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$5k-$25kUnprovenOfficial Fix0.050.01728CVE-2021-26424
14Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.040.01150CVE-2021-26425
15Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2021-34537
16Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.020.01967CVE-2021-34524
17Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01150CVE-2021-34536
18Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01648CVE-2021-34533
19Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.02427CVE-2021-36926
20Microsoft ASP.NET Core/Visual Studio information disclosure4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000.01150CVE-2021-34532

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
113.107.21.200DorkbotverifiedHigh
220.112.52.29DorkbotverifiedHigh
380.82.64.8nil-bustle.garished.comDorkbotverifiedHigh
480.82.65.199no-reverse-dns-configured.comDorkbotverifiedHigh
580.82.65.207s1.tor-exit.netDorkbotverifiedHigh
693.190.139.1493-190-139-14.hosted-by-worldstream.netDorkbotverifiedHigh
7XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
8XX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh
9XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
10XX.XXX.XXX.XXXxxxxxxx.xxxx.xxXxxxxxxverifiedHigh
11XX.XXX.XX.XXXxx-xxxxxxx-xxx-xxxxxxxxxx.xxxXxxxxxxverifiedHigh
12XX.XXX.XX.XXXxxxxxxverifiedHigh
13XX.XXX.XX.XXxx-xxxxxxx-xxx-xxxxxxxxxx.xxxXxxxxxxverifiedHigh
14XXX.XX.X.XXXXxxxxxxverifiedHigh
15XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
16XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
17XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh
18XXX.XXX.XX.XXXxxxxxxxx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh
19XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx-xx-xxxxxxxxx.xxxXxxxxxxverifiedHigh
20XXX.XXX.XX.XXXXxxxxxxverifiedHigh
21XXX.XX.XXX.XXXx-xxxx.x-xxxxxx.xxxXxxxxxxverifiedHigh
22XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxverifiedHigh
23XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
24XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
25XXX.XX.X.Xxxx-xx-x-x.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxverifiedHigh
26XXX.XX.X.XXXxxxxxxxx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh
27XXX.XX.X.XXXxxxxxxxx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh
28XXX.XX.XX.XXXxxxxxxxx.xxxxxxxxxxx.xxXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (238)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin.phppredictiveMedium
4File/admin/subnets/ripe-query.phppredictiveHigh
5File/core/conditions/AbstractWrapper.javapredictiveHigh
6File/debug/pprofpredictiveMedium
7File/ecrirepredictiveLow
8File/exportpredictiveLow
9File/file?action=download&filepredictiveHigh
10File/forum/away.phppredictiveHigh
11File/hardwarepredictiveMedium
12File/medical/inventories.phppredictiveHigh
13File/monitoringpredictiveMedium
14File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
15File/out.phppredictiveMedium
16File/plugin/LiveChat/getChat.json.phppredictiveHigh
17File/plugins/servlet/audit/resourcepredictiveHigh
18File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
19File/product_list.phppredictiveHigh
20File/recordings/index.phppredictiveHigh
21File/replicationpredictiveMedium
22File/rest/api/1.0/renderpredictiveHigh
23File/RestAPIpredictiveMedium
24File/tmp/zarafa-vacation-*predictiveHigh
25File/uncpath/predictiveMedium
26File/uploadpredictiveLow
27File/user/loader.php?api=1predictiveHigh
28File/xxx/xxx/xxxxxpredictiveHigh
29File/xxx/xxx/xxxxxxxx.xxxpredictiveHigh
30File/xxxxxx/xxxxxx.xxxxpredictiveHigh
31File/xxx/xxxxxxxxxx.xxxxpredictiveHigh
32File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
33File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
34Filexxxxxxxxxxxx.xxxxpredictiveHigh
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictiveHigh
37Filexxxxx/xxxxx/xxxxx.xxx"predictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxx/xxx/xxxx-xxxpredictiveHigh
42Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
43Filexxxx-xxxx.xpredictiveMedium
44Filexxxx-xxxxxxx.xpredictiveHigh
45Filexxxx/xxxxxxx.xxxpredictiveHigh
46Filexxx_xx_xxxxxx_xx.xxpredictiveHigh
47Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
48Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
49Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
50Filexxx-xxx/xx.xxxpredictiveHigh
51Filexxx/xxx?xxxxpredictiveMedium
52Filexxx/xxxxxxx.xxpredictiveHigh
53Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxx.xxxpredictiveMedium
56Filexxx_xxxxxx.xxxpredictiveHigh
57Filexxx.xxxpredictiveLow
58Filexxxxxx.xxxpredictiveMedium
59Filexxxxxxxx.xxpredictiveMedium
60Filexxx\xxxxxxxx\xxxxx\xxxxxx\xxx\xxxxxxxxxx.xxxxpredictiveHigh
61FilexxxxxxxxxxpredictiveMedium
62Filex_xxxxxxpredictiveMedium
63Filexxxxxx.xxxpredictiveMedium
64Filexxxxxxx.xxxpredictiveMedium
65Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
66Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
67Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHigh
68Filexxxx_xxxxx.xxxpredictiveHigh
69Filexxxxx.xxxpredictiveMedium
70Filexxxx.xxxpredictiveMedium
71Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
72Filexxxxxxxx.xpredictiveMedium
73Filexx/xxxxxxxxx.xpredictiveHigh
74Filexx/xxxxx.xpredictiveMedium
75Filexx/xxxxx/xxxxxxx.xpredictiveHigh
76Filexxxxx.xxxpredictiveMedium
77Filexxxxxxxxxx.xxpredictiveHigh
78Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
79Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxx-xxxxx.xpredictiveHigh
81Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
82Filexxxxxxx/xxxx.xxxpredictiveHigh
83Filexxxxx.xxxpredictiveMedium
84Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictiveHigh
85Filexxxx.xxxpredictiveMedium
86Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
87Filexxxx_xxxxxx.xxpredictiveHigh
88Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
89Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictiveHigh
90Filexxxxxxx/xx_xxx.xpredictiveHigh
91Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
92Filexxxx.xxxpredictiveMedium
93Filexxxxx.xxxpredictiveMedium
94Filexxxxx.xxxpredictiveMedium
95Filexxxx.xpredictiveLow
96Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
97Filexxxxxxxxxxxxxxxx.xpredictiveHigh
98FilexxxxxxpredictiveLow
99Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
100Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
101Filexxx/xxxxx/xxx_xxxxx.xpredictiveHigh
102Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
105Filexxx_xx.xpredictiveMedium
106Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
107Filexxxxxxxxx.xxx.xxxpredictiveHigh
108Filexxxxxxx.xxxpredictiveMedium
109Filexxxxxxxxxxxxx.xxxxpredictiveHigh
110Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
111Filexxxxxxxx.xxxpredictiveMedium
112Filexxxxx_xxxxx.xxxpredictiveHigh
113Filexxxxxxx.xxxpredictiveMedium
114Filexxxxx.xxxpredictiveMedium
115Filexxxxxxx.xpredictiveMedium
116Filexxxxxx.xxxxpredictiveMedium
117Filexxxx_xxx_xx.xpredictiveHigh
118Filexx_xxx.xpredictiveMedium
119Filexxx.xpredictiveLow
120Filexxxxxx_xxxxxx.xxxpredictiveHigh
121Filexxxxxx.xpredictiveMedium
122Filexxxxx.xxxpredictiveMedium
123Filexxxx-xxxxxx.xpredictiveHigh
124Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
125Filexxxxxxx.xpredictiveMedium
126Filexxx/xxx_xxxxx.xpredictiveHigh
127Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
128Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
129Filexxxxx-xxxx.xxxpredictiveHigh
130Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
131Filexxxx.xxxxxxxxx.xxxpredictiveHigh
132Filexxxxxx.xxxpredictiveMedium
133Filexxx.xxxpredictiveLow
134Filexxxxxx/xx/xxxx.xxxpredictiveHigh
135Filexx-xxxx.xxxpredictiveMedium
136Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
137Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
138Filexx/xx/xxxxxpredictiveMedium
139Filexx_xxxxxxx.xpredictiveMedium
140File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
141File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
142Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
143Libraryxxxxxxxx.xxxpredictiveMedium
144Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
145Libraryxxxxxxxx.xxxpredictiveMedium
146Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
147Libraryxxxxxxxxx.xxxpredictiveHigh
148Libraryxxxxxx.xxxpredictiveMedium
149Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
150Libraryxxxxxxxx.xxxpredictiveMedium
151Libraryxxxxxxxx.xxxpredictiveMedium
152Argument-xpredictiveLow
153Argumentxxxxxx_xxxxpredictiveMedium
154ArgumentxxxpredictiveLow
155ArgumentxxxxxpredictiveLow
156Argumentxxx_xxpredictiveLow
157ArgumentxxxpredictiveLow
158ArgumentxxxxxxpredictiveLow
159Argumentxxxxxxx-xxxxxxxxxxxpredictiveHigh
160ArgumentxxxxxxxxxxpredictiveMedium
161ArgumentxxxxxxxpredictiveLow
162Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
163ArgumentxxxxpredictiveLow
164Argumentxxxxxx_xxxxpredictiveMedium
165ArgumentxxpredictiveLow
166ArgumentxxxxxxxxxxxxxxpredictiveHigh
167ArgumentxxxxxxxpredictiveLow
168Argumentxxxx_xxxx/xxxxxpredictiveHigh
169Argumentxxxx_xxxxxx_xxxxpredictiveHigh
170ArgumentxxxxxpredictiveLow
171Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
172Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveHigh
173ArgumentxxxpredictiveLow
174Argumentxx_xxxxpredictiveLow
175Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveHigh
176ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
177ArgumentxxpredictiveLow
178Argumentxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
179Argumentxxxxx/xxxxxxpredictiveMedium
180ArgumentxxxxpredictiveLow
181Argumentxxxx_xxxxpredictiveMedium
182ArgumentxxxxxxxxpredictiveMedium
183ArgumentxxxxxxxxpredictiveMedium
184ArgumentxxxxpredictiveLow
185ArgumentxxxxpredictiveLow
186ArgumentxxxxxxxxxpredictiveMedium
187Argumentxxx_xxxpredictiveLow
188ArgumentxxxxxxpredictiveLow
189ArgumentxxxxxxpredictiveLow
190Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
191ArgumentxxxxxpredictiveLow
192ArgumentxxxxxxxxpredictiveMedium
193Argumentxxxxxxx_xxxpredictiveMedium
194ArgumentxxxxpredictiveLow
195Argumentxx_xxxxxxxxpredictiveMedium
196ArgumentxxxxxxxpredictiveLow
197ArgumentxxxxxxpredictiveLow
198Argumentxxxxxxxx_xxxxxpredictiveHigh
199Argumentxxxxxxxx[xxxx]predictiveHigh
200Argumentxx_xxxxx_xxxx_xxxxpredictiveHigh
201ArgumentxxxxxxxxxxxxpredictiveMedium
202ArgumentxxxxxxpredictiveLow
203ArgumentxxxxxxxxxpredictiveMedium
204ArgumentxxxpredictiveLow
205ArgumentxxxxxxpredictiveLow
206ArgumentxxxpredictiveLow
207Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
208ArgumentxxxxpredictiveLow
209ArgumentxxxpredictiveLow
210ArgumentxxxxpredictiveLow
211ArgumentxxxxxxxxpredictiveMedium
212Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
213ArgumentxxxxpredictiveLow
214ArgumentxxxxxxxpredictiveLow
215Argumentxxxx->xxxxxxxpredictiveHigh
216ArgumentxxxpredictiveLow
217Argument\xxxxxx\predictiveMedium
218Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
219Argument_xxx_xxxxxxxxxxx_predictiveHigh
220Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveHigh
221Input Value'>[xxx]predictiveLow
222Input Value.%xx.../.%xx.../predictiveHigh
223Input Valuexxx xxxxxxxxpredictiveMedium
224Input ValuexxxxpredictiveLow
225Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
226Input ValuexxxxxpredictiveLow
227Input Valuexxxx:xxxxxxpredictiveMedium
228Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
229Input ValuexxxxxxxxpredictiveMedium
230Input Value\xpredictiveLow
231Input Value….//predictiveLow
232Pattern|xx|predictiveLow
233Network PortxxxxxpredictiveLow
234Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
235Network Portxxx/xx (xxx)predictiveMedium
236Network Portxxx/xx (xxxxxx)predictiveHigh
237Network Portxxx/xxxx (xx-xxx)predictiveHigh
238Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!