DarkSide Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Sprache

en	44
ar	4
fr	2
de	2
zh	2

Land

us	38
ca	14
id	2

Akteure

DarkSide	2
Mirai	1
ElectrumDosMiner	1
SocGholish	1

Interesse

Typ

Not Defined	10
Web Server	4
Mail Client Software	4
Smartphone Operating System	2
Content Management System	2

Hersteller

Not Defined	10
GNU	4
Esoftpro	2
Thomas R. Pasawicz	2
Samsung	2

Produkt

GNU Mailman	4
nginx	2
Esoftpro Online Guestbook Pro	2
Thomas R. Pasawicz HyperBook Guestbook	2
Boa	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.54	0.00943	CVE-2010-0966
3	WoltLab Burning Book addentry.php SQL Injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.02	0.00804	CVE-2006-5509
4	spip Login spip_login.php3 erweiterte Rechte	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.04	0.05054	CVE-2006-1702
5	miniOrange WP OAuth Server erweiterte Rechte	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00156	CVE-2022-34149
6	Boa Webserver GET wapopen Directory Traversal	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.73540	CVE-2017-9833
7	Boa free Denial of Service	6.4	6.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.08	0.00208	CVE-2018-21028
8	DrayTek Vigor/Vigor3910 wlogin.cgi Pufferüberlauf	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00182	CVE-2022-32548
9	Boa Terminal erweiterte Rechte	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.02395	CVE-2009-4496
10	GNU Mailman Cross Site Request Forgery	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00112	CVE-2021-44227
11	GNU Mailman confirm.py Cross Site Scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00330	CVE-2011-0707
12	myPHPNuke links.php Cross Site Scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00478	CVE-2003-1372
13	Microsoft Office Word unbekannte Schwachstelle	5.5	5.0	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.00089	CVE-2022-24511
14	Microsoft Windows Remote Desktop Client Remote Code Execution	8.8	8.2	$100k und mehr	$5k-$25k	Proof-of-Concept	Official Fix	0.04	0.01657	CVE-2022-21990
15	nginx erweiterte Rechte	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.09	0.00241	CVE-2020-12440
16	Apple M1 Register s3_5_c15_c10_1 M1RACLES erweiterte Rechte	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.00000	CVE-2021-30747
17	Joomla CMS File Upload media.php erweiterte Rechte	6.3	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.04	0.78471	CVE-2013-5576
18	Samsung Mobile Devices Cameralyzer erweiterte Rechte	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00044	CVE-2020-15577
19	DHIS tools register-q.sh erweiterte Rechte	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00000
20	Esoftpro Online Guestbook Pro ogp_show.php SQL Injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.14	0.00108	CVE-2009-4935

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Darkside

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	51.79.243.236	vps-55125c46.vps.ovh.ca	DarkSide		05.08.2021	verifiziert	High
2	81.91.177.54	free.example.com	UNC2465	Darkside	22.06.2021	verifiziert	High
3	XX.XX.XXX.XXX	xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx		09.07.2021	verifiziert	High
4	XXX.XXX.XX.XXX		Xxxxxxxx		09.07.2021	verifiziert	High
5	XXX.XX.XXX.XXX	xxxxxxxxx.xxxxx.xxx.xx	Xxxxxxx	Xxxxxxxx	22.06.2021	verifiziert	High
6	XXX.XXX.XX.XXX	xxxx.xxxxxxx.xxx	Xxxxxxx	Xxxxxxxx	22.06.2021	verifiziert	High
7	XXX.XXX.XXX.XXX		Xxxxxxxx		18.06.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1059	CWE-94	Argument Injection	prädiktiv	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/cgi-bin/wapopen	prädiktiv	High
2	File	/cgi-bin/wlogin.cgi	prädiktiv	High
3	File	addentry.php	prädiktiv	Medium
4	File	xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx	prädiktiv	High
5	File	xxx/xxxxxxx.xx	prädiktiv	High
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
7	File	xxx/xxxxxx.xxx	prädiktiv	High
8	File	xxxxx.xxx	prädiktiv	Medium
9	File	xxx_xxxx.xxx	prädiktiv	Medium
10	File	xxxxxxxx-x.xx	prädiktiv	High
11	File	xxxx_xxxxx.xxxx	prädiktiv	High
12	Argument	xx/xx	prädiktiv	Low
13	Argument	xxxxxxxx	prädiktiv	Medium
14	Argument	xxxxxxx	prädiktiv	Low
15	Argument	xxxxxxxxxx	prädiktiv	Medium
16	Argument	xxxxxxx/xxxxx	prädiktiv	High
17	Input Value	../..	prädiktiv	Low

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502/

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!