Darkode Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (319)

Sequenza temporale

Linguaggio

en304
de6
fr6
es4

Nazione

us152
ru22
fr12
ir10
gb6

Attori

Zeus3
Cobalt Strike3
Moobot2
Ngioweb2
Chthonic2

Attività

Interesse

Sequenza temporale

Genere

Not Defined116
Operating System22
Firewall Software14
WordPress Plugin14
Router Operating System10

Fornitore

Not Defined104
Cisco28
Linux14
Google12
Microsoft12

Prodotto

Linux Kernel14
Cisco ASA12
Apache Atlas8
Apple macOS6
Google Chrome6

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.08CVE-2023-6648
3Schneider Electric Modicon M340 SNMP Server Truncate escalazione di privilegi6.46.2$0-$5k$0-$5kNot DefinedWorkaround0.002240.02CVE-2019-6813
4Samsung Galaxy Store AppsPackageInstaller escalazione di privilegi6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-33708
5EPrints Latex escalazione di privilegi8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014020.03CVE-2021-26476
6Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget escalazione di privilegi5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.08CVE-2021-24914
7Google Chrome WebView Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001070.00CVE-2021-37990
8Microsoft Exchange Server Remote Code Execution7.37.0$5k-$25k$0-$5kHighOfficial Fix0.559390.00CVE-2021-26858
9CentOS Web Panel ajax_list_accounts.php sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.006870.00CVE-2020-15619
10Ay System Solutions CMS home.php escalazione di privilegi7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.011680.00CVE-2006-4441
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.10CVE-2017-0055
12MikroTik RouterOS Winbox autenticazione debole8.28.0$0-$5k$0-$5kHighOfficial Fix0.974960.35CVE-2018-14847
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
14Cisco IOS XR escalazione di privilegi7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2016-9215
15ShopLentor Plugin Banner Link cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-1960
16Netgear CBR40/CBK40/CBK43 currentsetting.htm rivelazione di un 'informazione5.35.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.04CVE-2024-28340
17Apple macOS Lock Screen escalazione di privilegi2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.07CVE-2024-23289
18Linux Kernel ca8210 of_clk_add_provider buffer overflow5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2023-52510
19SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php escalazione di privilegi6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-1875
20Petrol Pump Management Software profile.php escalazione di privilegi5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2024-27747

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
180.82.66.204no-reverse-dns-configured.comDarkode31/10/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-0CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (141)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.predictiveAlto
2File/admin/maintenance/view_designation.phppredictiveAlto
3File/admin/search-appointment.phppredictiveAlto
4File/cgi-bin/user/Config.cgipredictiveAlto
5File/config/php.inipredictiveAlto
6File/htdocs/cgibinpredictiveAlto
7File/myprofile.phppredictiveAlto
8File/uncpath/predictiveMedia
9File/videotalkpredictiveMedia
10File/web/MCmsAction.javapredictiveAlto
11File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveAlto
12Fileactivity_log.phppredictiveAlto
13Fileadm/systools.asppredictiveAlto
14Fileadmin/getparam.cgipredictiveAlto
15Fileadmin/media/index.php"predictiveAlto
16FileadminCons.phppredictiveAlto
17Filexxxx_xxxx_xxxxxxxx.xxxpredictiveAlto
18Filexxxx-xxxxxxx.xpredictiveAlto
19Filexxx.xpredictiveBasso
20Filexxx-xxx/xxxxxxpredictiveAlto
21Filexxx.xxxpredictiveBasso
22Filexxx/xxx?xxxxpredictiveMedia
23Filexxx/xxxxxxx/xxxxxxxpredictiveAlto
24Filexxxxxx/xxx.xpredictiveMedia
25Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveAlto
26Filexxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveAlto
27Filexxxxxxxxxxxxxx.xxxpredictiveAlto
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
29Filexxxxx.xxxpredictiveMedia
30Filexxxx-xxxxxx.xxxpredictiveAlto
31Filexxx/xxxxxxxx/xxxx.xpredictiveAlto
32Filexx/xxxxxxx.xpredictiveMedia
33Filexxxxxxxxx_xxx_xxxx.xxxpredictiveAlto
34Filexxxx.xxxpredictiveMedia
35Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
36Filexxxx.xxxpredictiveMedia
37Filexxxxxxxxxx.xxxpredictiveAlto
38Filexxxxx/xxxxxxxxxxxxxxpredictiveAlto
39Filexxx/xxxxxx.xxxpredictiveAlto
40Filexxxxx.xxxpredictiveMedia
41Filexxxx.xxxpredictiveMedia
42Filexxxxxx.xpredictiveMedia
43Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveAlto
44Filexxx.xxxpredictiveBasso
45Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveAlto
46Filexxxxxxxxxx/xxxx.xpredictiveAlto
47Filexxxx.xxxpredictiveMedia
48Filexxxxxxxx.xpredictiveMedia
49Filexx/xxxxxxxxx.xpredictiveAlto
50Filexxx_xxx_xxxxxx.xpredictiveAlto
51Filexxxxxxxx.xxxpredictiveMedia
52Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveAlto
53Filexxx.xpredictiveBasso
54Filexxx/xxxxx/xxx_xxxxx.xpredictiveAlto
55Filexxxxxxxx.xpredictiveMedia
56Filexxxxxxxx-xxxxxxxx.xxxpredictiveAlto
57Filexxxxxxxxxxxxxx.xxxpredictiveAlto
58Filexxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
59Filexxxxxxx.xxxpredictiveMedia
60Filexxxxx_xxxxx.xxxpredictiveAlto
61Filexxxxx_xxxxx.xxxpredictiveAlto
62Filexxxxxx.xxxpredictiveMedia
63Filexxxxxx.xxxxpredictiveMedia
64Filexxxxxx.xxxpredictiveMedia
65Filexxxx.xxxpredictiveMedia
66Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
67Filexxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveAlto
68Filexxx_xxxxxxxx.xpredictiveAlto
69Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveAlto
70Filexxxx-xxxxxxxx.xxxpredictiveAlto
71Filexxx/xxx/xxx_xx.xpredictiveAlto
72Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveAlto
73Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
74Filexxxx.xxxpredictiveMedia
75Filexxxxxxxxxxxx.xxxpredictiveAlto
76Filexxxxxxxx.xxxpredictiveMedia
77Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
78Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveAlto
79Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveAlto
80Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictiveAlto
81Filexx-xxxxx/xxxx.xxxpredictiveAlto
82Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
83Filexx-xxxx.xxxpredictiveMedia
84Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveAlto
85Libraryxxxxxx.xxxpredictiveMedia
86Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveAlto
87ArgumentxxxxxxpredictiveBasso
88ArgumentxxxxxxxpredictiveBasso
89ArgumentxxxxxxxxpredictiveMedia
90Argumentxxxx_xxxpredictiveMedia
91Argumentxxx_xxpredictiveBasso
92ArgumentxxxpredictiveBasso
93Argumentxxxxx->xxxxpredictiveMedia
94Argumentxxxxx xxxxxpredictiveMedia
95ArgumentxxxxpredictiveBasso
96ArgumentxxxxxxxpredictiveBasso
97ArgumentxxxxxxxxpredictiveMedia
98Argumentxxxx_xxpredictiveBasso
99Argumentxxxx_xxxxxxxxxx_xxxpredictiveAlto
100ArgumentxxxxpredictiveBasso
101ArgumentxxxxpredictiveBasso
102ArgumentxxpredictiveBasso
103Argumentxxxxx_xxpredictiveMedia
104Argumentxxxx_xxpredictiveBasso
105ArgumentxxxxxxxpredictiveBasso
106ArgumentxxxxpredictiveBasso
107Argumentxx_xxxxxxx_xxxxpredictiveAlto
108Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveAlto
109Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveAlto
110Argumentxxxx_xxxxpredictiveMedia
111ArgumentxxxxpredictiveBasso
112ArgumentxxxxpredictiveBasso
113ArgumentxxxxpredictiveBasso
114Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveAlto
115Argumentxxxxx_xxxx_xxxxpredictiveAlto
116ArgumentxxxxxpredictiveBasso
117ArgumentxxxpredictiveBasso
118ArgumentxxxxxpredictiveBasso
119ArgumentxxxxxxxxpredictiveMedia
120ArgumentxxxxxxxxxxpredictiveMedia
121Argumentxxxxxxxx[xxxx]predictiveAlto
122ArgumentxxxxxxxxpredictiveMedia
123Argumentxxxx_xxpredictiveBasso
124ArgumentxxxxxpredictiveBasso
125ArgumentxxxxxpredictiveBasso
126ArgumentxxxxpredictiveBasso
127Argumentxxx xxxxxxx xxxxpredictiveAlto
128ArgumentxxxxxxxxpredictiveMedia
129Argumentxxxxxxxx:xxxxxxxxpredictiveAlto
130Argumentx_xxxxpredictiveBasso
131ArgumentxxxxpredictiveBasso
132Argumentxxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxxpredictiveAlto
133Argumentx-xxxxxxxxx-xxxpredictiveAlto
134Argument_xxxxxpredictiveBasso
135Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveAlto
136Input Valuex%xxxx%xxx=xpredictiveMedia
137Input Value<xxxxxx>xxxxx(x)</xxxxxx>xxxpredictiveAlto
138Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveAlto
139Input Valuexxxxxxxxx:xxxxxxxxpredictiveAlto
140Network PortxxxpredictiveBasso
141Network Portxxx/xxx (xxxx)predictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!