Darkode Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (319)

Idioma

en	308
de	8
fr	2
es	2

País

us	146
ru	16
gb	12
ir	12
de	4

Actores

Zeus	3
Ngioweb	3
Moobot	2
Dorkbot	2
Chthonic	2

Interesar

Escribe

Not Defined	118
Firewall Software	20
Operating System	20
Smartphone Operating System	18
Router Operating System	12

Proveedor

Not Defined	76
Cisco	36
Google	14
Microsoft	14
Linux	10

Producto

Cisco ASA	20
Linux Kernel	10
Google Android	8
Mozilla Bugzilla	6
Google Chrome	6

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.11	CVE-2023-6648
3	Schneider Electric Modicon M340 SNMP Server Truncate escalada de privilegios	6.4	6.2	$0-$5k	$0-$5k	Not Defined	Workaround	0.00224	0.02	CVE-2019-6813
4	Samsung Galaxy Store AppsPackageInstaller escalada de privilegios	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-33708
5	EPrints Latex escalada de privilegios	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01402	0.03	CVE-2021-26476
6	Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget escalada de privilegios	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.08	CVE-2021-24914
7	Google Chrome WebView Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00107	0.00	CVE-2021-37990
8	Microsoft Exchange Server Remote Code Execution	7.3	6.8	$25k-$100k	$0-$5k	Functional	Official Fix	0.55939	0.04	CVE-2021-26858
9	CentOS Web Panel ajax_list_accounts.php sql injection	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00687	0.00	CVE-2020-15619
10	Ay System Solutions CMS home.php escalada de privilegios	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01168	0.00	CVE-2006-4441
11	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.07	CVE-2017-0055
12	MikroTik RouterOS Winbox autenticación débil	8.2	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.97496	0.02	CVE-2018-14847
13	WordPress WP_Query class-wp-query.php sql injection	8.5	8.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00318	0.02	CVE-2017-5611
14	Cisco IOS XR escalada de privilegios	7.8	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2016-9215
15	ShopLentor Plugin Banner Link cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.04	CVE-2024-1960
16	Netgear CBR40/CBK40/CBK43 currentsetting.htm divulgación de información	5.3	5.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00043	0.04	CVE-2024-28340
17	Apple macOS Lock Screen escalada de privilegios	2.4	2.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.07	CVE-2024-23289
18	Linux Kernel ca8210 of_clk_add_provider desbordamiento de búfer	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.04	CVE-2023-52510
19	SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php escalada de privilegios	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.11	CVE-2024-1875
20	Petrol Pump Management Software profile.php escalada de privilegios	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00101	0.00	CVE-2024-27747

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	80.82.66.204	no-reverse-dns-configured.com	Darkode		2021-10-31	verified	Alto

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22, CWE-425	Path Traversal	predictive	Alto
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CWE-88, CWE-94	Argument Injection	predictive	Alto
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CWE-XXX, CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	predictive	Alto
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Alto
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
17	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto
18	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
19	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
20	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (141)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.	predictive	Alto
2	File	/admin/maintenance/view_designation.php	predictive	Alto
3	File	/admin/search-appointment.php	predictive	Alto
4	File	/cgi-bin/user/Config.cgi	predictive	Alto
5	File	/config/php.ini	predictive	Alto
6	File	/htdocs/cgibin	predictive	Alto
7	File	/myprofile.php	predictive	Alto
8	File	/uncpath/	predictive	Medio
9	File	/videotalk	predictive	Medio
10	File	/web/MCmsAction.java	predictive	Alto
11	File	14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi	predictive	Alto
12	File	activity_log.php	predictive	Alto
13	File	adm/systools.asp	predictive	Alto
14	File	admin/getparam.cgi	predictive	Alto
15	File	admin/media/index.php"	predictive	Alto
16	File	adminCons.php	predictive	Alto
17	File	xxxx_xxxx_xxxxxxxx.xxx	predictive	Alto
18	File	xxxx-xxxxxxx.x	predictive	Alto
19	File	xxx.x	predictive	Bajo
20	File	xxx-xxx/xxxxxx	predictive	Alto
21	File	xxx.xxx	predictive	Bajo
22	File	xxx/xxx?xxxx	predictive	Medio
23	File	xxx/xxxxxxx/xxxxxxx	predictive	Alto
24	File	xxxxxx/xxx.x	predictive	Medio
25	File	xxx/xxxxxxx/xxxxxxx.xxx	predictive	Alto
26	File	xxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxx	predictive	Alto
27	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
28	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
29	File	xxxxx.xxx	predictive	Medio
30	File	xxxx-xxxxxx.xxx	predictive	Alto
31	File	xxx/xxxxxxxx/xxxx.x	predictive	Alto
32	File	xx/xxxxxxx.x	predictive	Medio
33	File	xxxxxxxxx_xxx_xxxx.xxx	predictive	Alto
34	File	xxxx.xxx	predictive	Medio
35	File	xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxx	predictive	Alto
36	File	xxxx.xxx	predictive	Medio
37	File	xxxxxxxxxx.xxx	predictive	Alto
38	File	xxxxx/xxxxxxxxxxxxxx	predictive	Alto
39	File	xxx/xxxxxx.xxx	predictive	Alto
40	File	xxxxx.xxx	predictive	Medio
41	File	xxxx.xxx	predictive	Medio
42	File	xxxxxx.x	predictive	Medio
43	File	xxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxx	predictive	Alto
44	File	xxx.xxx	predictive	Bajo
45	File	xxxxx/?xxxxxx=xxxxxxx&xxxx	predictive	Alto
46	File	xxxxxxxxxx/xxxx.x	predictive	Alto
47	File	xxxx.xxx	predictive	Medio
48	File	xxxxxxxx.x	predictive	Medio
49	File	xx/xxxxxxxxx.x	predictive	Alto
50	File	xxx_xxx_xxxxxx.x	predictive	Alto
51	File	xxxxxxxx.xxx	predictive	Medio
52	File	xxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxx	predictive	Alto
53	File	xxx.x	predictive	Bajo
54	File	xxx/xxxxx/xxx_xxxxx.x	predictive	Alto
55	File	xxxxxxxx.x	predictive	Medio
56	File	xxxxxxxx-xxxxxxxx.xxx	predictive	Alto
57	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
58	File	xxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
59	File	xxxxxxx.xxx	predictive	Medio
60	File	xxxxx_xxxxx.xxx	predictive	Alto
61	File	xxxxx_xxxxx.xxx	predictive	Alto
62	File	xxxxxx.xxx	predictive	Medio
63	File	xxxxxx.xxxx	predictive	Medio
64	File	xxxxxx.xxx	predictive	Medio
65	File	xxxx.xxx	predictive	Medio
66	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
67	File	xxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxx	predictive	Alto
68	File	xxx_xxxxxxxx.x	predictive	Alto
69	File	xxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxx	predictive	Alto
70	File	xxxx-xxxxxxxx.xxx	predictive	Alto
71	File	xxx/xxx/xxx_xx.x	predictive	Alto
72	File	xxxxxxx/xxx_xxxx_xxx.xxx	predictive	Alto
73	File	xxxxx/xxxxxxxx-xxxxxxxxx.xxx	predictive	Alto
74	File	xxxx.xxx	predictive	Medio
75	File	xxxxxxxxxxxx.xxx	predictive	Alto
76	File	xxxxxxxx.xxx	predictive	Medio
77	File	xxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
78	File	xx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxx	predictive	Alto
79	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxx	predictive	Alto
80	File	xx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xx	predictive	Alto
81	File	xx-xxxxx/xxxx.xxx	predictive	Alto
82	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
83	File	xx-xxxx.xxx	predictive	Medio
84	Library	xxxxxxxxx.x.x.xxx.xxx	predictive	Alto
85	Library	xxxxxx.xxx	predictive	Medio
86	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	Alto
87	Argument	xxxxxx	predictive	Bajo
88	Argument	xxxxxxx	predictive	Bajo
89	Argument	xxxxxxxx	predictive	Medio
90	Argument	xxxx_xxx	predictive	Medio
91	Argument	xxx_xx	predictive	Bajo
92	Argument	xxx	predictive	Bajo
93	Argument	xxxxx->xxxx	predictive	Medio
94	Argument	xxxxx xxxxx	predictive	Medio
95	Argument	xxxx	predictive	Bajo
96	Argument	xxxxxxx	predictive	Bajo
97	Argument	xxxxxxxx	predictive	Medio
98	Argument	xxxx_xx	predictive	Bajo
99	Argument	xxxx_xxxxxxxxxx_xxx	predictive	Alto
100	Argument	xxxx	predictive	Bajo
101	Argument	xxxx	predictive	Bajo
102	Argument	xx	predictive	Bajo
103	Argument	xxxxx_xx	predictive	Medio
104	Argument	xxxx_xx	predictive	Bajo
105	Argument	xxxxxxx	predictive	Bajo
106	Argument	xxxx	predictive	Bajo
107	Argument	xx_xxxxxxx_xxxx	predictive	Alto
108	Argument	xxxxxxx_xxxx[xx][xxxxxxxx]	predictive	Alto
109	Argument	xxxxx_xxx_xxx_xxxx_xx_xxxxxxx	predictive	Alto
110	Argument	xxxx_xxxx	predictive	Medio
111	Argument	xxxx	predictive	Bajo
112	Argument	xxxx	predictive	Bajo
113	Argument	xxxx	predictive	Bajo
114	Argument	xxxx[xxxxxxxxxxxxxxxxx]	predictive	Alto
115	Argument	xxxxx_xxxx_xxxx	predictive	Alto
116	Argument	xxxxx	predictive	Bajo
117	Argument	xxx	predictive	Bajo
118	Argument	xxxxx	predictive	Bajo
119	Argument	xxxxxxxx	predictive	Medio
120	Argument	xxxxxxxxxx	predictive	Medio
121	Argument	xxxxxxxx[xxxx]	predictive	Alto
122	Argument	xxxxxxxx	predictive	Medio
123	Argument	xxxx_xx	predictive	Bajo
124	Argument	xxxxx	predictive	Bajo
125	Argument	xxxxx	predictive	Bajo
126	Argument	xxxx	predictive	Bajo
127	Argument	xxx xxxxxxx xxxx	predictive	Alto
128	Argument	xxxxxxxx	predictive	Medio
129	Argument	xxxxxxxx:xxxxxxxx	predictive	Alto
130	Argument	x_xxxx	predictive	Bajo
131	Argument	xxxx	predictive	Bajo
132	Argument	xxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxx	predictive	Alto
133	Argument	x-xxxxxxxxx-xxx	predictive	Alto
134	Argument	_xxxxx	predictive	Bajo
135	Input Value	">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--	predictive	Alto
136	Input Value	x%xxxx%xxx=x	predictive	Medio
137	Input Value	<xxxxxx>xxxxx(x)</xxxxxx>xxx	predictive	Alto
138	Input Value	xxxxxx=xxx&xxxxxxxx=xxxxxxx.*	predictive	Alto
139	Input Value	xxxxxxxxx:xxxxxxxx	predictive	Alto
140	Network Port	xxx	predictive	Bajo
141	Network Port	xxx/xxx (xxxx)	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!