Allakore Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (96)

Cronología

Idioma

en72
de22
ru2

País

us52
de14
ca6
cn4

Actores

Allakore4
Cobalt Strike2
ActionRAT1
Venom RAT1
NetWire1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined38
Content Management System6
Programming Language Software4
Virtualization Software4
WordPress Plugin2

Proveedor

Not Defined28
Linksys4
IBM4
Vlad Alexa Mancini4
MGB2

Producto

Linksys WAG54GS4
Vlad Alexa Mancini PHPFootball4
MGB OpenSource Guestbook2
W3 Total Cache Plugin2
MidiCart PHP Shopping Cart2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
374CMS Company Logo Index.php#sendCompanyLogo escalada de privilegios6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.10CVE-2024-2561
4Tiki Admin Password tiki-login.php autenticación débil8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.37CVE-2020-15906
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.14
6phpPgAds adclick.php vulnerabilidad desconocida5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.78CVE-2005-3791
7Indexu register.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedWorkaround0.000000.03
8Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.30
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.68CVE-2007-0354
10Untis WebUntis cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.03CVE-2020-22453
11DragDropCart productdetail.php cross site scripting3.53.5$0-$5kCalculadorNot DefinedNot Defined0.000000.00
12Michael Salzer Guestbox gbshow.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.042830.02CVE-2006-0860
13Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.03CVE-2010-2338
14DolphinPHP User Management Page cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000530.09CVE-2022-1086
15LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.89
16vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.03CVE-2007-6138
17Dataiku DSS Project escalada de privilegios6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2021-27225
18payfort-php-SDK success.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.004630.02CVE-2018-19188
19MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
20Cisco Linksys EA2700 URL divulgación de información4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.08

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
123.236.143.214mail213.mailerview.tropicalstrength.comAllakore2024-03-20verifiedAlto
223.254.136.60client-23-254-136-60.hostwindsdns.comAllakore2024-03-20verifiedAlto
323.254.138.211box.adminco.latAllakore2024-03-20verifiedAlto
423.254.202.85client-23-254-202-85.hostwindsdns.comAllakore2024-03-20verifiedAlto
5XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedAlto
6XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedAlto
7XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedAlto
8XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedAlto
9XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedAlto
10XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedAlto
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedAlto
12XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedAlto
13XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedAlto
14XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedAlto
15XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedAlto
16XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (51)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/controller/company/Index.php#sendCompanyLogopredictiveAlto
2File/forum/away.phppredictiveAlto
3File/wordpress/wp-admin/admin.phppredictiveAlto
4Fileadclick.phppredictiveMedio
5Fileadmin/index.phppredictiveAlto
6Filecloud.phppredictiveMedio
7Filedata/gbconfiguration.datpredictiveAlto
8Filexxxxx.xxxpredictiveMedio
9Filexxxxxx.xxxpredictiveMedio
10Filexxxxxx.xxxpredictiveMedio
11Filexxxx.xxxpredictiveMedio
12Filexxx/xxxxxx.xxxpredictiveAlto
13Filexxxx_xxxx.xxxpredictiveAlto
14Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveAlto
15Filexxxxx.xxxpredictiveMedio
16Filexxxxxxx.xxxpredictiveMedio
17Filexxxxxxx.xxxpredictiveMedio
18Filexxxxxxxxx/xxxx-xxxxpredictiveAlto
19Filexxxx.xxxpredictiveMedio
20Filexxx_xxxx.xxxpredictiveMedio
21Filexxxxx/xxxxxxx/predictiveAlto
22Filexxxxxx.xxxpredictiveMedio
23FilexxxpredictiveBajo
24Filexxxxxxxxxxxxx.xxxpredictiveAlto
25Filexxxxx.xxxpredictiveMedio
26Filexxxxxxxx.xxxpredictiveMedio
27Filexxxxxxxxxxxxxx.xxxpredictiveAlto
28Filexxxxx.xxxpredictiveMedio
29Filexxxxxxx.xxxpredictiveMedio
30Filexxxx-xxxxx.xxxpredictiveAlto
31Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
32ArgumentxxxxxxxxpredictiveMedio
33ArgumentxxxxxxxxxxpredictiveMedio
34Argumentxxxx_xxpredictiveBajo
35ArgumentxxxxxxxpredictiveBajo
36ArgumentxxxxxxxpredictiveBajo
37ArgumentxxxxxpredictiveBajo
38ArgumentxxxxpredictiveBajo
39Argumentxxxx_xxpredictiveBajo
40ArgumentxxxxxxxxpredictiveMedio
41ArgumentxxpredictiveBajo
42ArgumentxxxxxxxxxpredictiveMedio
43ArgumentxxxxxxxxxxpredictiveMedio
44ArgumentxxxxxxpredictiveBajo
45ArgumentxxxxxxxxpredictiveMedio
46ArgumentxxxxxxxpredictiveBajo
47Argumentxxxxxxx_xxpredictiveMedio
48ArgumentxxxxxxxpredictiveBajo
49ArgumentxxxpredictiveBajo
50ArgumentxxxxpredictiveBajo
51ArgumentxxxxxpredictiveBajo

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!