Dkvn تحليل

IOB - Indicator of Behavior (63)

التسلسل الزمني

اللغة

en54
de6
pl2
sv2

البلد

us58
au2
ca2

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Maran PHP Shop2
Jadu Limited Jadu CMS2
Cloudera HUE2
StashCat2
Apple OS X Server2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.330.00943CVE-2010-0966
3magmi ajax_gettime.php سكربتات مشتركة5.25.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00195CVE-2017-7391
4Audacity DLL Loader avformat-55.dll تجاوز الصلاحيات6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00110CVE-2017-1000010
5Ashley Brown iWeb Server Encoded URL اجتياز الدليل5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.01582CVE-2003-0475
6Cisco IOS Point-to-Point Tunneling Protocol Server Memory الكشف عن المعلومات5.35.2$5k-$25kجاري الحسابNot DefinedOfficial Fix0.020.00264CVE-2016-6398
7Magento GraphQL API طلب تزوير مشترك4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00070CVE-2021-21027
8Cloudera HUE LdapBackend توثيق ضعيف7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00081CVE-2019-7319
9Microsoft Windows CredSSP توثيق ضعيف6.25.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.69194CVE-2018-0886
10Splunk Enterprise splunk-launch.conf تجاوز الصلاحيات7.47.4$0-$5kجاري الحسابNot DefinedNot Defined0.000.00042CVE-2017-18348
11Spidersales viewCart.asp حقن إس كيو إل9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00219CVE-2004-0348
12jforum User تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00289CVE-2019-7550
13Active Web Softwares Active Business Directory default.asp حقن إس كيو إل7.36.9$0-$5kجاري الحسابProof-of-ConceptNot Defined0.000.00064CVE-2008-5972
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.990.00000
15Maran PHP Shop prod.php حقن إس كيو إل7.37.3$0-$5kجاري الحسابHighUnavailable0.040.00137CVE-2008-4879
16X-CMS PHP member_news.php حقن إس كيو إل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00153CVE-2018-18887
17Ecommerce Online Store Kit shop.php حقن إس كيو إل9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
18StashCat Backend Database Stored Remote Code Execution5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00060CVE-2017-11136
19PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00348CVE-2015-4134
20BXCP index.php حقن إس كيو إل7.37.0$0-$5k$0-$5kHighOfficial Fix0.000.00307CVE-2006-0821

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.40.183.1ip-45-40-183-1.ip.secureserver.netDkvn12/04/2022verifiedعالي
2XX.XXX.XXX.Xxxxxx.xxxxxxx.xxxXxxx12/04/2022verifiedعالي
3XXX.XX.XXX.XXXxx.xxxxxxx.xxx.xxXxxx12/04/2022verifiedعالي
4XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxx12/04/2022verifiedعالي
5XXX.XXX.XXX.XXXxxxxxx.xxxXxxx12/04/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveعالي
2File/etc/master.passwdpredictiveعالي
3File/etc/passwdpredictiveمتوسط
4File/forum/away.phppredictiveعالي
5Filexxxxxx_xx.xpredictiveمتوسط
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
7Filexxxxxxx.xxxpredictiveمتوسط
8Filexxxxxxxx.xxxpredictiveمتوسط
9Filexxxx.xxxpredictiveمتوسط
10Filexxx/xxxxxx.xxxpredictiveعالي
11Filexxxxx.xxxpredictiveمتوسط
12Filexxxxx-xxx-xxxxxx/xxxxx/xxx/xxxx_xxxxxxx.xxxpredictiveعالي
13Filexxxxxx/xxxxxx_xxxx.xxxpredictiveعالي
14Filexxxx.xxxpredictiveمتوسط
15Filexxxxxxxx.xxxpredictiveمتوسط
16Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
17Filexxxx.xxxpredictiveمتوسط
18Filexxxxxxxx.xxxpredictiveمتوسط
19Filexxxxxxxx.xxxpredictiveمتوسط
20Libraryxxxxxxxx-xx.xxxpredictiveعالي
21Argumentxxxxxxpredictiveواطئ
22Argumentxxxxxxxxpredictiveمتوسط
23Argumentxxxpredictiveواطئ
24Argumentxxxxxpredictiveواطئ
25Argumentxxpredictiveواطئ
26Argumentxxxxxxpredictiveواطئ
27Argumentxxxpredictiveواطئ
28Argumentxxxxpredictiveواطئ
29Argumentxxxpredictiveواطئ
30Argumentxxxxxxpredictiveواطئ
31Input Value%xx%xx%xxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!