DarkSide Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Sequenza temporale

Linguaggio

en44
ar4
de2
fr2
zh2

Nazione

us38
ca14
id2

Attori

DarkSide2
ElectrumDosMiner1
SocGholish1
Mirai1

Attività

Interesse

Sequenza temporale

Genere

Not Defined8
Content Management System4
Smartphone Operating System2
Web Server2
Operating System2

Fornitore

Not Defined8
Thomas R. Pasawicz2
Samsung2
Joomla2
WoltLab2

Prodotto

Thomas R. Pasawicz HyperBook Guestbook2
Samsung Mobile Devices2
Joomla CMS2
WoltLab Burning Book2
Boa Webserver2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
4spip Login spip_login.php3 escalazione di privilegi7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.050540.04CVE-2006-1702
5miniOrange WP OAuth Server escalazione di privilegi7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001560.00CVE-2022-34149
6Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
7Boa free denial of service6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2018-21028
8DrayTek Vigor/Vigor3910 wlogin.cgi buffer overflow9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.04CVE-2022-32548
9Boa Terminal escalazione di privilegi5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.023950.02CVE-2009-4496
10GNU Mailman cross site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.02CVE-2021-44227
11GNU Mailman confirm.py cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.003300.00CVE-2011-0707
12myPHPNuke links.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.004780.02CVE-2003-1372
13Microsoft Office Word vulnerabilità sconosciuta5.55.0$5k-$25k$0-$5kUnprovenOfficial Fix0.000890.02CVE-2022-24511
14Microsoft Windows Remote Desktop Client Remote Code Execution8.88.2$100k et plus$5k-$25kProof-of-ConceptOfficial Fix0.023870.04CVE-2022-21990
15nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.26CVE-2020-12440
16Apple M1 Register s3_5_c15_c10_1 M1RACLES escalazione di privilegi8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.04CVE-2021-30747
17Joomla CMS File Upload media.php escalazione di privilegi6.36.0$5k-$25k$0-$5kHighOfficial Fix0.784710.04CVE-2013-5576
18Samsung Mobile Devices Cameralyzer escalazione di privilegi5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2020-15577
19DHIS tools register-q.sh escalazione di privilegi5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
20Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.26CVE-2009-4935

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Darkside

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
151.79.243.236vps-55125c46.vps.ovh.caDarkSide05/08/2021verifiedAlto
281.91.177.54free.example.comUNC2465Darkside22/06/2021verifiedAlto
3XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedAlto
4XXX.XXX.XX.XXXXxxxxxxx09/07/2021verifiedAlto
5XXX.XX.XXX.XXXxxxxxxxxx.xxxxx.xxx.xxXxxxxxxXxxxxxxx22/06/2021verifiedAlto
6XXX.XXX.XX.XXXxxxx.xxxxxxx.xxxXxxxxxxXxxxxxxx22/06/2021verifiedAlto
7XXX.XXX.XXX.XXXXxxxxxxx18/06/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/cgi-bin/wapopenpredictiveAlto
2File/cgi-bin/wlogin.cgipredictiveAlto
3Fileaddentry.phppredictiveMedia
4Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
5Filexxx/xxxxxxx.xxpredictiveAlto
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxx/xxxxxx.xxxpredictiveAlto
8Filexxxxx.xxxpredictiveMedia
9Filexxx_xxxx.xxxpredictiveMedia
10Filexxxxxxxx-x.xxpredictiveAlto
11Filexxxx_xxxxx.xxxxpredictiveAlto
12Argumentxx/xxpredictiveBasso
13ArgumentxxxxxxxxpredictiveMedia
14ArgumentxxxxxxxpredictiveBasso
15ArgumentxxxxxxxxxxpredictiveMedia
16Argumentxxxxxxx/xxxxxpredictiveAlto
17Input Value../..predictiveBasso

Referenze (4)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!