Allakore Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (96)

Sequenza temporale

Linguaggio

en70
de24
ru2

Nazione

us54
de16
ca4
cn4

Attori

Allakore5
Cobalt Strike2
ActionRAT1
Venom RAT1
NetWire1

Attività

Interesse

Sequenza temporale

Genere

Not Defined32
Content Management System8
Programming Language Software6
Multimedia Player Software4
Learning Management Software4

Fornitore

Not Defined30
Esoftpro2
DZCP2
MGB2
Vlad Alexa Mancini2

Prodotto

Play Framework6
WordPress4
Moodle4
PHP2
Esoftpro Online Guestbook Pro2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.68CVE-2010-0966
374CMS Company Logo Index.php#sendCompanyLogo escalazione di privilegi6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2561
4Tiki Admin Password tiki-login.php autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.63CVE-2020-15906
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.36
6phpPgAds adclick.php vulnerabilità sconosciuta5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.72CVE-2005-3791
7Indexu register.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedWorkaround0.000000.03
8Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.47
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.86CVE-2007-0354
10Untis WebUntis cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.03CVE-2020-22453
11DragDropCart productdetail.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
12Michael Salzer Guestbox gbshow.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.042830.02CVE-2006-0860
13Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.22CVE-2010-2338
14DolphinPHP User Management Page cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000530.07CVE-2022-1086
15LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.45
16vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.07CVE-2007-6138
17Dataiku DSS Project escalazione di privilegi6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2021-27225
18payfort-php-SDK success.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.004630.02CVE-2018-19188
19MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
20Cisco Linksys EA2700 URL rivelazione di un 'informazione4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.08

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
123.236.143.214mail213.mailerview.tropicalstrength.comAllakore20/03/2024verifiedAlto
223.254.136.60client-23-254-136-60.hostwindsdns.comAllakore20/03/2024verifiedAlto
323.254.138.211box.adminco.latAllakore20/03/2024verifiedAlto
423.254.202.85client-23-254-202-85.hostwindsdns.comAllakore20/03/2024verifiedAlto
5XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedAlto
6XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedAlto
7XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedAlto
8XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedAlto
9XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedAlto
10XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedAlto
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx07/09/2021verifiedAlto
12XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx20/03/2024verifiedAlto
13XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx20/03/2024verifiedAlto
14XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx20/03/2024verifiedAlto
15XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx20/03/2024verifiedAlto
16XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx20/03/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (51)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/controller/company/Index.php#sendCompanyLogopredictiveAlto
2File/forum/away.phppredictiveAlto
3File/wordpress/wp-admin/admin.phppredictiveAlto
4Fileadclick.phppredictiveMedia
5Fileadmin/index.phppredictiveAlto
6Filecloud.phppredictiveMedia
7Filedata/gbconfiguration.datpredictiveAlto
8Filexxxxx.xxxpredictiveMedia
9Filexxxxxx.xxxpredictiveMedia
10Filexxxxxx.xxxpredictiveMedia
11Filexxxx.xxxpredictiveMedia
12Filexxx/xxxxxx.xxxpredictiveAlto
13Filexxxx_xxxx.xxxpredictiveAlto
14Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveAlto
15Filexxxxx.xxxpredictiveMedia
16Filexxxxxxx.xxxpredictiveMedia
17Filexxxxxxx.xxxpredictiveMedia
18Filexxxxxxxxx/xxxx-xxxxpredictiveAlto
19Filexxxx.xxxpredictiveMedia
20Filexxx_xxxx.xxxpredictiveMedia
21Filexxxxx/xxxxxxx/predictiveAlto
22Filexxxxxx.xxxpredictiveMedia
23FilexxxpredictiveBasso
24Filexxxxxxxxxxxxx.xxxpredictiveAlto
25Filexxxxx.xxxpredictiveMedia
26Filexxxxxxxx.xxxpredictiveMedia
27Filexxxxxxxxxxxxxx.xxxpredictiveAlto
28Filexxxxx.xxxpredictiveMedia
29Filexxxxxxx.xxxpredictiveMedia
30Filexxxx-xxxxx.xxxpredictiveAlto
31Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
32ArgumentxxxxxxxxpredictiveMedia
33ArgumentxxxxxxxxxxpredictiveMedia
34Argumentxxxx_xxpredictiveBasso
35ArgumentxxxxxxxpredictiveBasso
36ArgumentxxxxxxxpredictiveBasso
37ArgumentxxxxxpredictiveBasso
38ArgumentxxxxpredictiveBasso
39Argumentxxxx_xxpredictiveBasso
40ArgumentxxxxxxxxpredictiveMedia
41ArgumentxxpredictiveBasso
42ArgumentxxxxxxxxxpredictiveMedia
43ArgumentxxxxxxxxxxpredictiveMedia
44ArgumentxxxxxxpredictiveBasso
45ArgumentxxxxxxxxpredictiveMedia
46ArgumentxxxxxxxpredictiveBasso
47Argumentxxxxxxx_xxpredictiveMedia
48ArgumentxxxxxxxpredictiveBasso
49ArgumentxxxpredictiveBasso
50ArgumentxxxxpredictiveBasso
51ArgumentxxxxxpredictiveBasso

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!