Dukes Analysis

IOB - Indicator of Behavior (179)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en88
zh50
es12
fr10
ja8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us70
cn52
ru20
id4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
House Rental System6
TP-LINK TL-WR886N4
Microsoft IIS4
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Hunkaray Duyuru Scripti oku.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00871CVE-2007-0688
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.070.02016CVE-2007-1192
3Apache Flume JMS Source injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00213CVE-2022-34916
4Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.080.00054CVE-2018-19464
5SourceCodester Human Resource Management System employeeadd.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00148CVE-2022-4278
6Bitrix Upload from Local Disk Feature restore.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.050.00000CVE-2022-29268
7OpenSSL AES OCB Mode missing encryption5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00252CVE-2022-2097
8PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00388CVE-2020-36326
9Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00062CVE-2017-12138
10Microsoft Windows RPC over HTTP Reply denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.08241CVE-2003-0807
11Apache Dubbo deserialization7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00576CVE-2022-39198
12LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.300.00000
13Planka Environment Variable environ path traversal5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00063CVE-2022-2653
14Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00242CVE-2015-6812
15Mattermost API information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00062CVE-2022-2401
16Ecommerce-Website signup_script.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.070.00067CVE-2022-45990
17Salon booking system cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00149CVE-2022-43487
18Fortinet FortiOS/FortiProxy FortiGate SSL-VPN heap-based overflow9.89.6$25k-$100k$25k-$100kNot DefinedOfficial Fix0.050.15407CVE-2023-27997
19House Rental System view-property.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00223CVE-2022-4274
20House Rental System POST Request search-property.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00223CVE-2022-4275

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.66.134Dukes12/24/2020verifiedHigh
246.246.120.178Dukes12/24/2020verifiedHigh
350.7.192.146Dukes12/24/2020verifiedHigh
464.18.143.66Dukes12/24/2020verifiedHigh
566.29.115.55647807.ds.nac.netDukes12/24/2020verifiedHigh
669.59.28.57Dukes12/24/2020verifiedHigh
7XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxx12/24/2020verifiedHigh
8XX.XXX.XX.XXxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
9XX.XXX.XX.XXXxxxx12/24/2020verifiedHigh
10XX.XX.XXX.XXXXxxxx12/24/2020verifiedHigh
11XX.XXX.XX.XXxxxxx-xx.xxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
12XX.XXX.XX.XXXxxxxxxx.xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
13XX.XXX.XXX.XXXXxxxx12/24/2020verifiedHigh
14XX.XXX.XXX.XXxx-xxxxxx-xx-xxx-xxx-xx.xxxxxx.xxXxxxx12/24/2020verifiedHigh
15XX.X.XXX.XXXxxxx12/24/2020verifiedHigh
16XX.XX.XXX.XXXxxxx12/24/2020verifiedHigh
17XXX.XXX.XXX.XXXXxxxx12/24/2020verifiedHigh
18XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxx12/24/2020verifiedHigh
19XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
20XXX.XX.XXX.XXxxxxxxx-xxxx-xxx.xxxx-xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
21XXX.XX.XXX.XXXXxxxx12/24/2020verifiedHigh
22XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx12/24/2020verifiedHigh
23XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
24XXX.XX.XX.XXxxxxxx.xx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx12/24/2020verifiedHigh
25XXX.XXX.XX.XXXXxxxx12/24/2020verifiedHigh
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
27XXX.XX.XXX.XXXXxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/users.php?source=edit_user&id=1predictiveHigh
2File/cdsms/classes/Master.php?f=delete_packagepredictiveHigh
3File/debug/pprofpredictiveMedium
4File/forum/away.phppredictiveHigh
5File/hrm/employeeadd.phppredictiveHigh
6File/modules/profile/index.phppredictiveHigh
7File/onvif/device_servicepredictiveHigh
8File/pro/repo-create.htmlpredictiveHigh
9File/proc/self/environpredictiveHigh
10File/rest/project-templates/1.0/createsharedpredictiveHigh
11File/server-statuspredictiveHigh
12File/signup_script.phppredictiveHigh
13File/xxxx-xxxxxxxx.xxxpredictiveHigh
14Filexxx.xxxpredictiveLow
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxxxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxx-xxxx.xxxpredictiveMedium
21Filexxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxx.xxxxxxx.xxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx.xpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxx.xxxpredictiveHigh
27Filexx.xxxxx.xxxpredictiveMedium
28Filexxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx.xxx?xxxx=xxxxxxx_xxxxxpredictiveHigh
35Filexx/xx/xxxxxxxxxxxxxxx.xxpredictiveHigh
36Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
38FilexxxxpredictiveLow
39Filexxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxxx.xpredictiveMedium
41Filexxx.xxxpredictiveLow
42Filexxx/xxxxx.xxxxpredictiveHigh
43Filexxxxx.xxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxx.xxxpredictiveMedium
49Filexxxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxx_xxxx.xxxpredictiveHigh
52Filexxx.xxxpredictiveLow
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxx.xxpredictiveMedium
55Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
56Filexxxxxx_xxxxxxx.xxxpredictiveHigh
57Filexxxx_xxxxx.xxxxpredictiveHigh
58Filexxxxxx-xxxxxx.xxxpredictiveHigh
59Filexxxx-xxxpredictiveMedium
60Filexxxx/xxxx_xxxxxxx_xxx.xpredictiveHigh
61Filexxxxxxxxxx.xxxpredictiveHigh
62Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
63Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexx-xxxxxxxxxx.xxxpredictiveHigh
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxpredictiveLow
68Argumentxxxxxxxxxx[]predictiveMedium
69ArgumentxxxpredictiveLow
70ArgumentxxxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76Argumentx_xxpredictiveLow
77ArgumentxxpredictiveLow
78Argumentxx_xxxxxpredictiveMedium
79ArgumentxxxxpredictiveLow
80Argumentxxxxxxx/xxxxxx_xxpredictiveHigh
81ArgumentxxxxxxxpredictiveLow
82Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
83Argumentxxxx/xxxxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxpredictiveLow
87ArgumentxxxxxxxxxxxxxpredictiveHigh
88Argumentxxxx_xxxxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxxxxxx_xxpredictiveMedium
91ArgumentxxxxxxxpredictiveLow
92Argumentxxxxxx_xxxxxxxxpredictiveHigh
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95ArgumentxxxxxxxxxxpredictiveMedium
96ArgumentxxxpredictiveLow
97ArgumentxxxpredictiveLow
98ArgumentxxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxpredictiveMedium
100Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
101Network Portxxx/xxxx (xx-xxx)predictiveHigh
102Network Portxxx/xxx (xxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!