Dukes Analysis

IOB - Indicator of Behavior (146)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en78
zh28
ja10
ru8
fr8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us54
cn40
ru18
id4
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server8
Microsoft IIS4
Microsoft Windows4
nginx4
Matomo2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Hunkaray Duyuru Scripti oku.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01139CVE-2007-0688
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
3Apache Flume JMS Source injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01978CVE-2022-34916
4Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-19464
5Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-12138
6Microsoft Windows RPC over HTTP Reply denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.20648CVE-2003-0807
7Apache Dubbo deserialization7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.060.01086CVE-2022-39198
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.590.00000
9Planka Environment Variable environ path traversal5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-2653
10Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2015-6812
11Synology VPN Plus Server Remote Desktop out-of-bounds write9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.300.01055CVE-2022-43931
12Netis Netcore Router Backup param.file.tgz information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.300.00885CVE-2023-0113
13Nextcloud Server information disclosure5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-36074
14D-Link DIR-2150 anweb action_handler stack-based overflow8.07.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.020.00000CVE-2022-40717
15Dahua IPC-HX3XXX Data Packet improper authentication8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.22170CVE-2021-33044
16D-Link DNR-322L Backup Config code download7.17.1$5k-$25k$0-$5kNot DefinedNot Defined0.080.00885CVE-2022-40799
17Microsoft Windows USB Serial Driver information disclosure3.63.3$0-$5k$0-$5kUnprovenOfficial Fix0.020.01150CVE-2022-38030
18Microsoft Windows CNG Key Isolation Service Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2022-41125
19IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer code injection9.39.1$5k-$25k$0-$5kHighOfficial Fix0.090.94469CVE-2015-7450
20IBM WebSphere Application Server SOAP Connector privileges management6.26.2$25k-$100k$5k-$25kNot DefinedNot Defined0.040.00885CVE-2020-4276

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/users.php?source=edit_user&id=1predictiveHigh
2File/forum/away.phppredictiveHigh
3File/modules/profile/index.phppredictiveHigh
4File/proc/self/environpredictiveHigh
5File/rest/project-templates/1.0/createsharedpredictiveHigh
6File/server-statuspredictiveHigh
7Fileact.phppredictiveLow
8Fileadclick.phppredictiveMedium
9Fileadmin.phppredictiveMedium
10Fileadministrator/mail/download.cfmpredictiveHigh
11Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxx.xxxpredictiveMedium
13Filexxx-xxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxx.xxxxxxx.xxxpredictiveHigh
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx.xpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxxxx.xxxpredictiveHigh
20Filexx.xxxxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx.xxx?xxxx=xxxxxxx_xxxxxpredictiveHigh
27Filexx/xx/xxxxxxxxxxxxxxx.xxpredictiveHigh
28Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
29Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
30FilexxxxpredictiveLow
31Filexxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxx/xxxx.xpredictiveMedium
33Filexxx.xxxpredictiveLow
34Filexxx/xxxxx.xxxxpredictiveHigh
35Filexxxxx.xxxx.xxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxx.xxxpredictiveMedium
41Filexxxx_xxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxxx_xxxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Filexxxxxx.xxpredictiveMedium
46Filexxxxxx_xxxxxxx.xxxpredictiveHigh
47Filexxxx_xxxxx.xxxxpredictiveHigh
48Filexxxx-xxxpredictiveMedium
49Filexxxx/xxxx_xxxxxxx_xxx.xpredictiveHigh
50Filexxxxxxxxxx.xxxpredictiveHigh
51Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
52Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
53Filexx-xxxxxxxxxx.xxxpredictiveHigh
54ArgumentxxxxxpredictiveLow
55ArgumentxxxxxxpredictiveLow
56Argumentxxxxxxxxxx[]predictiveMedium
57ArgumentxxxpredictiveLow
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62Argumentx_xxpredictiveLow
63ArgumentxxpredictiveLow
64ArgumentxxxxpredictiveLow
65Argumentxxxxxxx/xxxxxx_xxpredictiveHigh
66ArgumentxxxxxxxpredictiveLow
67Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
68Argumentxxxx/xxxxxxpredictiveMedium
69ArgumentxxxxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxxxpredictiveHigh
72Argumentxxxx_xxxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxxxxpredictiveMedium
78ArgumentxxxpredictiveLow
79ArgumentxxxpredictiveLow
80ArgumentxxxxxxxxxpredictiveMedium
81Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
82Network Portxxx/xxxx (xx-xxx)predictiveHigh
83Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!