DarkSide Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Idioma

en	46
de	4
ar	2
zh	2

País

us	40
ca	10
id	2
gb	2

Actores

DarkSide	2
ElectrumDosMiner	1
SocGholish	1
Mirai	1

Interesar

Escribe

Not Defined	6
Content Management System	4
Web Server	4
Mail Client Software	4
Router Operating System	2

Proveedor

Not Defined	4
GNU	4
DrayTek	2
WoltLab	2
Joomla	2

Producto

GNU Mailman	4
DrayTek Vigor	2
DrayTek Vigor3910	2
WoltLab Burning Book	2
Joomla CMS	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	1.16	0.00943	CVE-2010-0966
3	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.02	0.00804	CVE-2006-5509
4	spip Login spip_login.php3 escalada de privilegios	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.04	0.05054	CVE-2006-1702
5	miniOrange WP OAuth Server escalada de privilegios	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00156	CVE-2022-34149
6	Boa Webserver GET wapopen directory traversal	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.73540	CVE-2017-9833
7	Boa free denegación de servicio	6.4	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	0.00208	CVE-2018-21028
8	DrayTek Vigor/Vigor3910 wlogin.cgi desbordamiento de búfer	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00182	CVE-2022-32548
9	Boa Terminal escalada de privilegios	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.02395	CVE-2009-4496
10	GNU Mailman cross site request forgery	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00112	CVE-2021-44227
11	GNU Mailman confirm.py cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00330	CVE-2011-0707
12	myPHPNuke links.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00478	CVE-2003-1372
13	Microsoft Office Word vulnerabilidad desconocida	5.5	5.0	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.00089	CVE-2022-24511
14	Microsoft Windows Remote Desktop Client Remote Code Execution	8.8	8.2	$100k y más	$5k-$25k	Proof-of-Concept	Official Fix	0.04	0.01657	CVE-2022-21990
15	nginx escalada de privilegios	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00241	CVE-2020-12440
16	Apple M1 Register s3_5_c15_c10_1 M1RACLES escalada de privilegios	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.00000	CVE-2021-30747
17	Joomla CMS File Upload media.php escalada de privilegios	6.3	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.04	0.78471	CVE-2013-5576
18	Samsung Mobile Devices Cameralyzer escalada de privilegios	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00044	CVE-2020-15577
19	DHIS tools register-q.sh escalada de privilegios	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00000
20	Esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.47	0.00108	CVE-2009-4935

Campañas (1)

These are the campaigns that can be associated with the actor:

Darkside

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	51.79.243.236	vps-55125c46.vps.ovh.ca	DarkSide		2021-08-05	verified	Alto
2	81.91.177.54	free.example.com	UNC2465	Darkside	2021-06-22	verified	Alto
3	XX.XX.XXX.XXX	xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxxxx		2021-07-09	verified	Alto
4	XXX.XXX.XX.XXX		Xxxxxxxx		2021-07-09	verified	Alto
5	XXX.XX.XXX.XXX	xxxxxxxxx.xxxxx.xxx.xx	Xxxxxxx	Xxxxxxxx	2021-06-22	verified	Alto
6	XXX.XXX.XX.XXX	xxxx.xxxxxxx.xxx	Xxxxxxx	Xxxxxxxx	2021-06-22	verified	Alto
7	XXX.XXX.XXX.XXX		Xxxxxxxx		2021-06-18	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/cgi-bin/wapopen	predictive	Alto
2	File	/cgi-bin/wlogin.cgi	predictive	Alto
3	File	addentry.php	predictive	Medio
4	File	xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx	predictive	Alto
5	File	xxx/xxxxxxx.xx	predictive	Alto
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxx/xxxxxx.xxx	predictive	Alto
8	File	xxxxx.xxx	predictive	Medio
9	File	xxx_xxxx.xxx	predictive	Medio
10	File	xxxxxxxx-x.xx	predictive	Alto
11	File	xxxx_xxxxx.xxxx	predictive	Alto
12	Argument	xx/xx	predictive	Bajo
13	Argument	xxxxxxxx	predictive	Medio
14	Argument	xxxxxxx	predictive	Bajo
15	Argument	xxxxxxxxxx	predictive	Medio
16	Argument	xxxxxxx/xxxxx	predictive	Alto
17	Input Value	../..	predictive	Bajo

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502/

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!