Kraken Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh	22
en	10
ru	4
fr	2
de	2

Country

us	22
ru	6
de	4
fr	2
gb	2

Actors

Kraken	3
RedLine Stealer	3
Havoc	2
Log4j	1
Mirai	1

Activities

Interest

Timeline

Type

Not Defined	8
Web Server	6
Database Software	2
Operating System	2
Software Library	2

Vendor

Not Defined	6
Apache	4
Oracle	2
Synology	2
Application Dynamics	2

Product

Apache HTTP Server	4
Oracle MySQL Cluster	2
Synology DSM	2
Synology DS3622xs+	2
Synology FS3410	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Virtual Programming VP-ASP shopcurrency.asp sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00670	0.04	CVE-2006-2263
3	Pimcore admin-ui-classic-bundle ZIP File sql injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00059	0.02	CVE-2024-23646
4	Interway WebJET CMS cross site scripting	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.00	CVE-2022-37830
5	ecstatic npm Regular Expression ecstatic.js input validation	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00627	0.00	CVE-2016-10703
6	Synology DSM/DS3622xs+/FS3410/HD6500 Session out-of-bounds	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00121	0.02	CVE-2022-3576
7	OpenSSH Fingerprint Record Check sshconnect.c verify_host_key input validation	5.3	4.7	$25k-$100k	$5k-$25k	Unproven	Unavailable	0.00599	0.03	CVE-2014-2653
8	annyshow DuxCMS cross-site request forgery	5.5	5.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00080	0.11	CVE-2020-36610
9	nginx proxy_pass access control	8.2	7.1	$0-$5k	$0-$5k	Unproven	Official Fix	0.01428	0.02	CVE-2013-2070
10	GNU gzip zgrep xzgrep.in incorrect behavior order: early validation	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00715	0.04	CVE-2022-1271
11	D-Link DIR-882 webGetVarString buffer overflow	7.6	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00197	0.07	CVE-2022-44807
12	Google Chrome v8 type confusion	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00351	0.00	CVE-2022-1134
13	Oracle MySQL Cluster unknown vulnerability	2.9	2.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00129	0.00	CVE-2022-21486
14	Apple Mac OS X Server Wiki Server cross site scripting	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00263	0.03	CVE-2009-2814
15	Linux Kernel core.c perf_swevent_init numeric error	5.1	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00179	0.00	CVE-2013-2094
16	Oracle Solaris Pluggable authentication module parse_user_name stack-based overflow	10.0	9.5	$5k-$25k	$0-$5k	High	Official Fix	0.34061	0.04	CVE-2020-14871
17	OpenResty API ngx_http_lua_subrequest.c request smuggling	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00580	0.00	CVE-2020-11724
18	MX Player App MX Transfer path traversal	7.1	6.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00162	0.04	CVE-2020-5764
19	Apache HTTP Server HTTP Digest Authentication Challenge improper authentication	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01815	0.07	CVE-2018-1312
20	Microsoft IIS privileges management	4.3	3.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.16116	0.02	CVE-2005-2678

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	65.21.105.85	static.85.105.21.65.clients.your-server.de	Kraken	02/20/2022	verified	High
2	91.206.14.151		Kraken	02/20/2022	verified	High
3	XX.XXX.XXX.XXX		Xxxxxx	02/20/2022	verified	High
4	XXX.XXX.XX.XX		Xxxxxx	02/20/2022	verified	High
5	XXX.XXX.XX.XX		Xxxxxx	02/20/2022	verified	High
6	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxx.xxx.xx	Xxxxxx	02/20/2022	verified	High
7	XXX.XXX.XX.XXX	xxxxxxxx.xxxxx.xxxxx	Xxxxxx	02/20/2022	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-0	CWE-XX	Xxxxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/LoginAdmin	predictive	Medium
2	File	acl.c	predictive	Low
3	File	data/gbconfiguration.dat	predictive	High
4	File	xxxxxxx.xxx	predictive	Medium
5	File	xxxxxx/xxxxxx/xxxx.x	predictive	High
6	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	High
7	File	xxxxxxxxxxxx.xxx	predictive	High
8	File	xxxxxxxxxx.x	predictive	Medium
9	File	xxxxxx.xx	predictive	Medium
10	Library	xxx/xxxxxxxx.xx	predictive	High
11	Argument	xxx	predictive	Low
12	Argument	xxxx	predictive	Low
13	Argument	xxxx	predictive	Low
14	Argument	xxxx_xxxxx_xxxx	predictive	High
15	Argument	xxxxxx	predictive	Low
16	Argument	xxxxxxxxxxx	predictive	Medium
17	Argument	xxxxxx_xxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!