Dkvn Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Cronología

Idioma

en62
pl2

País

us52
ca2

Actores

Dkvn2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined14
Content Management System4
Web Server2
Operating System2
Cloud Software2

Proveedor

Not Defined14
Microsoft2
Active Web Softwares2
Jadu Limited2
Cloudera2

Producto

Spidersales2
Magento2
Microsoft IIS2
OpenSMTPD2
Unix2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.83CVE-2010-0966
3magmi ajax_gettime.php cross site scripting5.25.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.00CVE-2017-7391
4Audacity DLL Loader avformat-55.dll escalada de privilegios6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2017-1000010
5Ashley Brown iWeb Server Encoded URL directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.015820.00CVE-2003-0475
6Cisco IOS Point-to-Point Tunneling Protocol Server Memory divulgación de información5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.02CVE-2016-6398
7Magento GraphQL API cross site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.03CVE-2021-21027
8Cloudera HUE LdapBackend autenticación débil7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000810.00CVE-2019-7319
9Microsoft Windows CredSSP autenticación débil6.25.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.708010.02CVE-2018-0886
10Splunk Enterprise splunk-launch.conf escalada de privilegios7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-18348
11Spidersales viewCart.asp sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.04CVE-2004-0348
12jforum User escalada de privilegios5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
13Active Web Softwares Active Business Directory default.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2008-5972
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.26
15Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001370.03CVE-2008-4879
16X-CMS PHP member_news.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2018-18887
17Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
18StashCat Backend Database Stored Remote Code Execution5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000600.00CVE-2017-11136
19PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.12CVE-2015-4134
20BXCP index.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.003070.00CVE-2006-0821

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
145.40.183.1ip-45-40-183-1.ip.secureserver.netDkvn2022-04-12verifiedAlto
2XX.XXX.XXX.Xxxxxx.xxxxxxx.xxxXxxx2022-04-12verifiedAlto
3XXX.XX.XXX.XXXxx.xxxxxxx.xxx.xxXxxx2022-04-12verifiedAlto
4XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxx2022-04-12verifiedAlto
5XXX.XXX.XXX.XXXxxxxxx.xxxXxxx2022-04-12verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveAlto
2File/etc/master.passwdpredictiveAlto
3File/etc/passwdpredictiveMedio
4File/forum/away.phppredictiveAlto
5Filexxxxxx_xx.xpredictiveMedio
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxxxx.xxxpredictiveMedio
8Filexxxxxxxx.xxxpredictiveMedio
9Filexxxx.xxxpredictiveMedio
10Filexxx/xxxxxx.xxxpredictiveAlto
11Filexxxxx.xxxpredictiveMedio
12Filexxxxx-xxx-xxxxxx/xxxxx/xxx/xxxx_xxxxxxx.xxxpredictiveAlto
13Filexxxxxx/xxxxxx_xxxx.xxxpredictiveAlto
14Filexxxx.xxxpredictiveMedio
15Filexxxxxxxx.xxxpredictiveMedio
16Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
17Filexxxx.xxxpredictiveMedio
18Filexxxxxxxx.xxxpredictiveMedio
19Filexxxxxxxx.xxxpredictiveMedio
20Libraryxxxxxxxx-xx.xxxpredictiveAlto
21ArgumentxxxxxxpredictiveBajo
22ArgumentxxxxxxxxpredictiveMedio
23ArgumentxxxpredictiveBajo
24ArgumentxxxxxpredictiveBajo
25ArgumentxxpredictiveBajo
26ArgumentxxxxxxpredictiveBajo
27ArgumentxxxpredictiveBajo
28ArgumentxxxxpredictiveBajo
29ArgumentxxxpredictiveBajo
30ArgumentxxxxxxpredictiveBajo
31Input Value%xx%xx%xxpredictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!