PortDoor Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en12
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us12
fr2
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TA4281

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Router Operating System2
JavaScript Library2
Operating System2
Cloud Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
DUware2
D-Link2
DZCP2
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

DUware DUdownload2
D-Link DIR-865L2
DZCP deV!L`z Clanportal2
Kerberos Package2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Microsoft Windows Registry Password information disclosure3.73.6$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
3Nextcloud Server Image Preview config.php unknown vulnerability7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002540.04CVE-2021-32802
4D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
5Google Go ExtractTo path traversal7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001070.00CVE-2020-7668
6PHP phpinfo heap-based overflow6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.023450.00CVE-2005-2491
7DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.23CVE-2010-0966
8DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.58CVE-2007-1167
9Kerberos Package DLL LoadLibrary uncontrolled search path6.56.5$0-$5kCalculatingNot DefinedNot Defined0.004400.00CVE-2020-13110
10WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507
11LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.51
12Bitcoin Core/Bitcoin Knots Final Alert cryptographic issues6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001580.00CVE-2016-10725
13DUware DUdownload detail.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.63.27.16245.63.27.162.vultr.comPortDoor03/04/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2Fileadclick.phppredictiveMedium
3Filexxxxxx.xxxpredictiveMedium
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxx.xxxpredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
8Filexxxxxxxx_xxxx.xxxpredictiveHigh
9ArgumentxxxxxxxxpredictiveMedium
10ArgumentxxxxpredictiveLow
11ArgumentxxpredictiveLow
12ArgumentxxxxxpredictiveLow
13Input Value..predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!