DarkHydrus Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (155)

Sequenza temporale

Linguaggio

en138
es8
sv2
zh2
it2

Nazione

us146

Attori

DarkHydrus1
APT331
DarkHydrus (.iqy)1

Attività

Interesse

Sequenza temporale

Genere

Not Defined38
Content Management System10
Forum Software4
Programming Language Software4
Operating System4

Fornitore

Not Defined34
SourceCodester4
Apple4
DZCP2
E-topbiz2

Prodotto

Apple Mac OS X Server4
DZCP deV!L`z Clanportal2
Phorum2
E-topbiz Viral DX 12
Advisto Peel SHOPPING2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
3Tiki Admin Password tiki-login.php autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.29CVE-2020-15906
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
5TikiWiki tiki-register.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.93CVE-2006-6168
6jforum User escalazione di privilegi5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
7JForum jforum.page cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2022-26173
8Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.07CVE-2018-25085
9Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2010-4240
10PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.42CVE-2007-0529
11Smartisoft phpBazar classified_right.php escalazione di privilegi6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.03CVE-2006-2528
12JForum Login escalazione di privilegi6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
13cpCommerce register.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.006410.03CVE-2007-2968
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.26
15Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.42
16PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.07CVE-2015-4134
17Advisto Peel SHOPPING caddie_ajout.php cross site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.03CVE-2018-20848
18Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.16CVE-2005-4222
19Serendipity exit.php escalazione di privilegi6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.23
20Bitrix Site Manager redirect.php escalazione di privilegi5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052

Campagne (1)

These are the campaigns that can be associated with the actor:

  • DarkHydrus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
194.130.88.9cm16.debounce.ioDarkHydrus22/12/2020verifiedAlto
2XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx29/08/2021verifiedAlto
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx16/12/2020verifiedAlto
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx16/12/2020verifiedAlto
5XXX.XX.XXX.XXXxxxxxxxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxXxxxxxxxxx22/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/etc/sudoerspredictiveMedia
2File/forum/away.phppredictiveAlto
3File/obs/book.phppredictiveAlto
4File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveAlto
5File/register.dopredictiveMedia
6File4.3.0.CP04predictiveMedia
7Fileadclick.phppredictiveMedia
8Fileaddentry.phppredictiveMedia
9Fileadd_comment.phppredictiveAlto
10Filebook.phppredictiveMedia
11Filexxxxxxxxxx_xxxxx.xxxpredictiveAlto
12Filexxxxx.xxxpredictiveMedia
13Filexxxxxx/xxx.xpredictiveMedia
14Filexxxxxxx_xxx.xxxpredictiveAlto
15Filexxxxxx.xxxpredictiveMedia
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
17Filexxxxxxxx.xxxpredictiveMedia
18Filexxxxx.xxxpredictiveMedia
19Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveAlto
20Filexxxx.xxxpredictiveMedia
21Filexxxx.xxxpredictiveMedia
22Filexxxxxxxxx.xxxpredictiveAlto
23Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveAlto
24Filexxx/xxxxxx.xxxpredictiveAlto
25Filexxxxx.xxxxpredictiveMedia
26Filexxxxx.xxxpredictiveMedia
27Filexxxxxx.xxxxpredictiveMedia
28Filexxx/xxxx/xxx.xpredictiveAlto
29Filexxxxxxxxx.xpredictiveMedia
30Filexxxx.xxxpredictiveMedia
31Filexxxxx.xxxpredictiveMedia
32Filexxxxxxxx.xxxpredictiveMedia
33Filexxxxxxxx.xxxpredictiveMedia
34Filexxxxxxxx.xxpredictiveMedia
35Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
36Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
37Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveAlto
38Filexxxxxxxxxxxxxx.xxxpredictiveAlto
39Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveAlto
40Filexxxx-xxxxxxxx.xxxpredictiveAlto
41Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveAlto
42Filexxxx-xxxxx.xxxpredictiveAlto
43Filexxxx-xxxxxxxx.xxxpredictiveAlto
44Filexxxx/xxxxxxxx.xxxpredictiveAlto
45Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveAlto
46Filexx-xxxxx.xxxpredictiveMedia
47Filexx-xxxxxxxx.xxxpredictiveAlto
48Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveAlto
49Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveAlto
50Argument$xxxxpredictiveBasso
51ArgumentxxxxxxxxxxpredictiveMedia
52ArgumentxxxxxxxxpredictiveMedia
53ArgumentxxxxxxxxpredictiveMedia
54ArgumentxxxxxxxxpredictiveMedia
55Argumentxxxx_xxxxpredictiveMedia
56ArgumentxxxxxxxxxxpredictiveMedia
57ArgumentxxxxxxpredictiveBasso
58Argumentxxxxxxxxx[x]predictiveMedia
59Argumentxx_xx_xxxx_xxxxpredictiveAlto
60ArgumentxxxxpredictiveBasso
61ArgumentxxxxpredictiveBasso
62Argumentxxxxxx/xxxxxpredictiveMedia
63ArgumentxxpredictiveBasso
64Argumentxxxxxxxx_xxxpredictiveMedia
65Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
66ArgumentxxxxpredictiveBasso
67ArgumentxxxxxxxxxxxxxxxpredictiveAlto
68ArgumentxxxxxpredictiveBasso
69Argumentxx_xxxxpredictiveBasso
70ArgumentxxxxxxxxxxpredictiveMedia
71ArgumentxxpredictiveBasso
72ArgumentxxxpredictiveBasso
73ArgumentxxxxpredictiveBasso
74ArgumentxxxpredictiveBasso
75Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
76Argumentxxxx_xxxxxpredictiveMedia

Referenze (5)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Interested in the pricing of exploits?

See the underground prices here!