Darkode Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (319)

Chronologie

Langue

en306
fr6
es4
it2
de2

De campagne

us148
ru20
fr12
ir6
gb6

Acteurs

Ngioweb3
Cobalt Strike3
Zeus3
Moobot2
Dorkbot2

Activités

Intérêt

Chronologie

Taper

Not Defined118
Operating System16
Content Management System16
Smartphone Operating System14
Firewall Software12

Fournisseur

Not Defined88
Cisco20
Microsoft16
Apache14
Google14

Produit

Cisco ASA12
Google Android10
Apache Atlas8
Linux Kernel8
Apple macOS6

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.09CVE-2023-6648
3Schneider Electric Modicon M340 SNMP Server Truncate elévation de privilèges6.46.2$0-$5k$0-$5kNot DefinedWorkaround0.002240.02CVE-2019-6813
4Samsung Galaxy Store AppsPackageInstaller elévation de privilèges6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-33708
5EPrints Latex elévation de privilèges8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014020.03CVE-2021-26476
6Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget elévation de privilèges5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.08CVE-2021-24914
7Google Chrome WebView Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001070.00CVE-2021-37990
8Microsoft Exchange Server Remote Code Execution7.37.0$5k-$25k$0-$5kHighOfficial Fix0.559390.19CVE-2021-26858
9CentOS Web Panel ajax_list_accounts.php sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.006870.00CVE-2020-15619
10Ay System Solutions CMS home.php elévation de privilèges7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.011680.00CVE-2006-4441
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.14CVE-2017-0055
12MikroTik RouterOS Winbox authentification faible8.27.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.974960.02CVE-2018-14847
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
14Cisco IOS XR elévation de privilèges7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2016-9215
15ShopLentor Plugin Banner Link cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-1960
16Netgear CBR40/CBK40/CBK43 currentsetting.htm divulgation de l'information5.35.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2024-28340
17Apple macOS Lock Screen elévation de privilèges2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.07CVE-2024-23289
18Linux Kernel ca8210 of_clk_add_provider buffer overflow5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2023-52510
19SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php elévation de privilèges6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-1875
20Petrol Pump Management Software profile.php elévation de privilèges5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2024-27747

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
180.82.66.204no-reverse-dns-configured.comDarkode31/10/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22, CWE-425Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-88, CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (141)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.predictiveÉlevé
2File/admin/maintenance/view_designation.phppredictiveÉlevé
3File/admin/search-appointment.phppredictiveÉlevé
4File/cgi-bin/user/Config.cgipredictiveÉlevé
5File/config/php.inipredictiveÉlevé
6File/htdocs/cgibinpredictiveÉlevé
7File/myprofile.phppredictiveÉlevé
8File/uncpath/predictiveMoyen
9File/videotalkpredictiveMoyen
10File/web/MCmsAction.javapredictiveÉlevé
11File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveÉlevé
12Fileactivity_log.phppredictiveÉlevé
13Fileadm/systools.asppredictiveÉlevé
14Fileadmin/getparam.cgipredictiveÉlevé
15Fileadmin/media/index.php"predictiveÉlevé
16FileadminCons.phppredictiveÉlevé
17Filexxxx_xxxx_xxxxxxxx.xxxpredictiveÉlevé
18Filexxxx-xxxxxxx.xpredictiveÉlevé
19Filexxx.xpredictiveFaible
20Filexxx-xxx/xxxxxxpredictiveÉlevé
21Filexxx.xxxpredictiveFaible
22Filexxx/xxx?xxxxpredictiveMoyen
23Filexxx/xxxxxxx/xxxxxxxpredictiveÉlevé
24Filexxxxxx/xxx.xpredictiveMoyen
25Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveÉlevé
26Filexxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveÉlevé
27Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
29Filexxxxx.xxxpredictiveMoyen
30Filexxxx-xxxxxx.xxxpredictiveÉlevé
31Filexxx/xxxxxxxx/xxxx.xpredictiveÉlevé
32Filexx/xxxxxxx.xpredictiveMoyen
33Filexxxxxxxxx_xxx_xxxx.xxxpredictiveÉlevé
34Filexxxx.xxxpredictiveMoyen
35Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
36Filexxxx.xxxpredictiveMoyen
37Filexxxxxxxxxx.xxxpredictiveÉlevé
38Filexxxxx/xxxxxxxxxxxxxxpredictiveÉlevé
39Filexxx/xxxxxx.xxxpredictiveÉlevé
40Filexxxxx.xxxpredictiveMoyen
41Filexxxx.xxxpredictiveMoyen
42Filexxxxxx.xpredictiveMoyen
43Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveÉlevé
44Filexxx.xxxpredictiveFaible
45Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveÉlevé
46Filexxxxxxxxxx/xxxx.xpredictiveÉlevé
47Filexxxx.xxxpredictiveMoyen
48Filexxxxxxxx.xpredictiveMoyen
49Filexx/xxxxxxxxx.xpredictiveÉlevé
50Filexxx_xxx_xxxxxx.xpredictiveÉlevé
51Filexxxxxxxx.xxxpredictiveMoyen
52Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveÉlevé
53Filexxx.xpredictiveFaible
54Filexxx/xxxxx/xxx_xxxxx.xpredictiveÉlevé
55Filexxxxxxxx.xpredictiveMoyen
56Filexxxxxxxx-xxxxxxxx.xxxpredictiveÉlevé
57Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
58Filexxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
59Filexxxxxxx.xxxpredictiveMoyen
60Filexxxxx_xxxxx.xxxpredictiveÉlevé
61Filexxxxx_xxxxx.xxxpredictiveÉlevé
62Filexxxxxx.xxxpredictiveMoyen
63Filexxxxxx.xxxxpredictiveMoyen
64Filexxxxxx.xxxpredictiveMoyen
65Filexxxx.xxxpredictiveMoyen
66Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveÉlevé
67Filexxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
68Filexxx_xxxxxxxx.xpredictiveÉlevé
69Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveÉlevé
70Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
71Filexxx/xxx/xxx_xx.xpredictiveÉlevé
72Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveÉlevé
73Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveÉlevé
74Filexxxx.xxxpredictiveMoyen
75Filexxxxxxxxxxxx.xxxpredictiveÉlevé
76Filexxxxxxxx.xxxpredictiveMoyen
77Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
78Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveÉlevé
79Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveÉlevé
80Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictiveÉlevé
81Filexx-xxxxx/xxxx.xxxpredictiveÉlevé
82Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
83Filexx-xxxx.xxxpredictiveMoyen
84Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveÉlevé
85Libraryxxxxxx.xxxpredictiveMoyen
86Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveÉlevé
87ArgumentxxxxxxpredictiveFaible
88ArgumentxxxxxxxpredictiveFaible
89ArgumentxxxxxxxxpredictiveMoyen
90Argumentxxxx_xxxpredictiveMoyen
91Argumentxxx_xxpredictiveFaible
92ArgumentxxxpredictiveFaible
93Argumentxxxxx->xxxxpredictiveMoyen
94Argumentxxxxx xxxxxpredictiveMoyen
95ArgumentxxxxpredictiveFaible
96ArgumentxxxxxxxpredictiveFaible
97ArgumentxxxxxxxxpredictiveMoyen
98Argumentxxxx_xxpredictiveFaible
99Argumentxxxx_xxxxxxxxxx_xxxpredictiveÉlevé
100ArgumentxxxxpredictiveFaible
101ArgumentxxxxpredictiveFaible
102ArgumentxxpredictiveFaible
103Argumentxxxxx_xxpredictiveMoyen
104Argumentxxxx_xxpredictiveFaible
105ArgumentxxxxxxxpredictiveFaible
106ArgumentxxxxpredictiveFaible
107Argumentxx_xxxxxxx_xxxxpredictiveÉlevé
108Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveÉlevé
109Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveÉlevé
110Argumentxxxx_xxxxpredictiveMoyen
111ArgumentxxxxpredictiveFaible
112ArgumentxxxxpredictiveFaible
113ArgumentxxxxpredictiveFaible
114Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveÉlevé
115Argumentxxxxx_xxxx_xxxxpredictiveÉlevé
116ArgumentxxxxxpredictiveFaible
117ArgumentxxxpredictiveFaible
118ArgumentxxxxxpredictiveFaible
119ArgumentxxxxxxxxpredictiveMoyen
120ArgumentxxxxxxxxxxpredictiveMoyen
121Argumentxxxxxxxx[xxxx]predictiveÉlevé
122ArgumentxxxxxxxxpredictiveMoyen
123Argumentxxxx_xxpredictiveFaible
124ArgumentxxxxxpredictiveFaible
125ArgumentxxxxxpredictiveFaible
126ArgumentxxxxpredictiveFaible
127Argumentxxx xxxxxxx xxxxpredictiveÉlevé
128ArgumentxxxxxxxxpredictiveMoyen
129Argumentxxxxxxxx:xxxxxxxxpredictiveÉlevé
130Argumentx_xxxxpredictiveFaible
131ArgumentxxxxpredictiveFaible
132Argumentxxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxxpredictiveÉlevé
133Argumentx-xxxxxxxxx-xxxpredictiveÉlevé
134Argument_xxxxxpredictiveFaible
135Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveÉlevé
136Input Valuex%xxxx%xxx=xpredictiveMoyen
137Input Value<xxxxxx>xxxxx(x)</xxxxxx>xxxpredictiveÉlevé
138Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveÉlevé
139Input Valuexxxxxxxxx:xxxxxxxxpredictiveÉlevé
140Network PortxxxpredictiveFaible
141Network Portxxx/xxx (xxxx)predictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!