DarkCrystalRAT Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (260)

Chronologie

Langue

en226
es12
de8
ru6
fr4

De campagne

us70
ru22
es12
ro8
de6

Acteurs

DarkCrystalRAT3
FIN71
FelixRoot1
Cobalt Strike1
TeslaCrypt1

Activités

Intérêt

Chronologie

Taper

Not Defined112
Router Operating System12
Operating System10
Document Reader Software8
Content Management System8

Fournisseur

Not Defined78
Google14
Apple10
Microsoft8
Qualcomm8

Produit

Qualcomm Snapdragon Auto8
Qualcomm Snapdragon Compute8
Qualcomm Snapdragon Industrial IOT8
Qualcomm Snapdragon Mobile8
Google Chrome8

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.80CVE-2007-0529
2DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.23CVE-2010-0966
3Microsoft Windows New Horizon Data Systems Boot Loader Privilege Escalation6.16.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000650.02CVE-2022-34302
4Rockwell Automation RSLinx Enterprise Service Port 4444 LogReceiver.exe divulgation de l'information7.47.3$0-$5k$0-$5kNot DefinedWorkaround0.000560.02CVE-2013-2807
5Microsoft Windows WDAC OLE DB Provider for SQL Server Remote Code Execution8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001060.00CVE-2024-21391
6Watchguard Firebox/XTM Remote Code Execution6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.841700.03CVE-2022-26318
7Zentrack index.php elévation de privilèges7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
9Matrix Synap JSON dénie de service5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.006640.00CVE-2020-26890
10Invision Power Services IP.Board URL dénie de service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001640.02CVE-2015-6812
11TypeORM Prototype Remote Code Execution8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003010.00CVE-2020-8158
12Fortinet FortiGate Log elévation de privilèges4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.04CVE-2020-12818
13Softaculous Loginizer Plugin cross site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2022-45079
14Terrasoft Bpm'online CRM-System SDK Terrasoft.Core.DB.Column.Const sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001380.03CVE-2019-15301
15Sudo Environment Variable elévation de privilèges8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000500.03CVE-2023-22809
16Page Engine CMS login_include.php elévation de privilèges5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
17D-Link DIR-816L/DIR-803 URL Encoding info.php cross site scripting5.25.2$5k-$25k$0-$5kNot DefinedUnavailable0.001110.00CVE-2020-25786
18Pivotal Spring Framework directory traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.004790.05CVE-2014-3625
19Fortinet FortiOS/FortiProxy Administrative Interface authentification faible9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.971690.00CVE-2022-40684
20VMware ESXi settingsd race condition7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001010.02CVE-2021-22043

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
131.7.58.82no-rdns.offshorededicated.netDarkCrystalRAT21/07/2022verifiedÉlevé
2XX.XXX.X.XXXxxxxxxxxxxxxx29/07/2022verifiedÉlevé
3XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxxxxxx-xxx.xxxXxxxxxxxxxxxxx21/07/2022verifiedÉlevé
4XXX.XX.XXX.XXXxxxxxxxxxxxxx21/07/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-94Argument InjectionpredictiveÉlevé
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
13TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
16TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
19TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/backupsettings.confpredictiveÉlevé
2File/exportpredictiveFaible
3File/horde/util/go.phppredictiveÉlevé
4File/show_news.phppredictiveÉlevé
5File/uncpath/predictiveMoyen
6Fileadclick.phppredictiveMoyen
7Fileadmin/dashboard.phppredictiveÉlevé
8Fileadmin/index.phppredictiveÉlevé
9Fileadmin/tools/dolibarr_export.phppredictiveÉlevé
10Fileadv_remotelog.asppredictiveÉlevé
11Fileapi.phppredictiveFaible
12Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveÉlevé
13Filexxxx-xxxx.xpredictiveMoyen
14Filexxxxxxx.xxpredictiveMoyen
15Filexxxx.xxxpredictiveMoyen
16Filex:\xxxxxxxxxxpredictiveÉlevé
17Filexxx.xxxpredictiveFaible
18Filexxx.xxxpredictiveFaible
19Filexxx_xxx_xxx.xxxpredictiveÉlevé
20Filexxxxxxxxxx.xxxxxx.xxxpredictiveÉlevé
21Filexxxxxxxxxx_xxxxx.xxxpredictiveÉlevé
22Filexxxxxx.xxpredictiveMoyen
23Filexxxx/xxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxxxxxxpredictiveÉlevé
24Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
25Filexxxxxxxxxx_xxxxxx.xpredictiveÉlevé
26Filexxx.xxxpredictiveFaible
27Filexxxxxxx.xxxpredictiveMoyen
28Filexxxxx.xxxpredictiveMoyen
29Filexxxxx.xxxpredictiveMoyen
30Filexxxxxxxx/xxxxxx/xxxxx.xxxpredictiveÉlevé
31Filexxxxxxxx.xxxpredictiveMoyen
32Filexxxxxx/x.xxxpredictiveMoyen
33Filexxx/xxxxxx.xxxpredictiveÉlevé
34Filexxxxxxxx/xxxxxxx/xxxxx_xxxxxxx.xxxpredictiveÉlevé
35Filexxxxx.xxxxpredictiveMoyen
36Filexxxxx.xxxpredictiveMoyen
37Filexx xxx/xxxx/xxxx.xpredictiveÉlevé
38Filexxx/xxxxxx.xxxpredictiveÉlevé
39Filexxxxxx/xxx/xxxxxxxx.xpredictiveÉlevé
40Filexxxxxxxxxxx/xx_xxxxxxxxxx.xpredictiveÉlevé
41Filexxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveÉlevé
42Filexxxx/xxxxxxx/xxxxxxx.xpredictiveÉlevé
43Filexxxxx.xxxpredictiveMoyen
44Filexxxxxxxxxxx.xxxpredictiveÉlevé
45Filexxxx/xxxxxxxx/xxxxxx_xxxx.xxxpredictiveÉlevé
46Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx.xxxpredictiveÉlevé
47Filexxxxx.xxxpredictiveMoyen
48Filexxxxxxxxx/xxxx-xxxxpredictiveÉlevé
49Filexxxxxxx.xxxpredictiveMoyen
50Filexxxxxxxxxxxx.xxpredictiveÉlevé
51Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveÉlevé
52Filexxxxxx.xpredictiveMoyen
53Filexxxx_xxxxxxx.xxxpredictiveÉlevé
54Filexxxxx.xpredictiveFaible
55Filexxxx.xxpredictiveFaible
56Filexxxxxxxx.xxxpredictiveMoyen
57Filexxxxxx.xxxpredictiveMoyen
58Filexxxxxxxx/xxxxx_xxxxxpredictiveÉlevé
59Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveÉlevé
60Filexxxxxx/xx/xxxx.xxxpredictiveÉlevé
61Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveÉlevé
62Filexx-xxxx.xxxpredictiveMoyen
63Filexx/xxx.xxxpredictiveMoyen
64File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveÉlevé
65ArgumentxxxxxxxxpredictiveMoyen
66Argumentxxx_xxxxxx_xpredictiveMoyen
67ArgumentxxxpredictiveFaible
68ArgumentxxxxxxpredictiveFaible
69ArgumentxxxxxxxxxxpredictiveMoyen
70ArgumentxxxxpredictiveFaible
71ArgumentxxxxxxxxxxxxpredictiveMoyen
72Argumentxxxxx xxxx/xxxx xxxxpredictiveÉlevé
73ArgumentxxxxxxxpredictiveFaible
74ArgumentxxxxxpredictiveFaible
75Argumentxxxx_xxxpredictiveMoyen
76ArgumentxxxxpredictiveFaible
77ArgumentxxpredictiveFaible
78Argumentxx_xxxxxxxpredictiveMoyen
79ArgumentxxxxxxpredictiveFaible
80Argumentxxxxxxxx_xxxpredictiveMoyen
81ArgumentxxxxpredictiveFaible
82Argumentx_xxx_xxxxxxpredictiveMoyen
83ArgumentxxxxxxxxxxxxpredictiveMoyen
84Argumentxxxx_xxxxxpredictiveMoyen
85ArgumentxxxxxxxxpredictiveMoyen
86ArgumentxxxxxxxxxxxpredictiveMoyen
87ArgumentxxxxxxxxxpredictiveMoyen
88Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictiveÉlevé
89ArgumentxxxxxxxxxxxxxxxxpredictiveÉlevé
90ArgumentxxxxxpredictiveFaible
91ArgumentxxxxpredictiveFaible
92ArgumentxxxpredictiveFaible
93ArgumentxxxpredictiveFaible
94ArgumentxxxxpredictiveFaible
95ArgumentxxxxxpredictiveFaible
96Argumentxxxxxxxxxxx_xxxxxxxxpredictiveÉlevé
97Input Valuex.x.x.x%xxxxxx+-x+x+xxx.xxx.x.xx%xxpredictiveÉlevé
98Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveÉlevé
99Network Portxxx/xxxxxpredictiveMoyen
100Network Portxxx/xxxxpredictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!