Darkkomet 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

タイムライン

言語

en68
de2

国・地域

us46
ru12
ua4
ir4
gb2

アクター

Darkkomet9
Adwind2
NetWire2
NjRAT2
Nanocore RAT2

アクティビティ

関心

タイムライン

タイプ

Not Defined22
Content Management System10
Connectivity Software4
JavaScript Library4
Domain Name Software2

ベンダー

Not Defined28
Totolink2
Sophos2
ISC2
Daimler2

製品

OpenSSH4
CodeIgniter4
WordPress4
Node.js4
Totolink LR1200GB2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.50CVE-2010-0966
3Totolink LR1200GB Web Interface cstecgi.cgi loginAuth メモリ破損9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.10CVE-2024-1783
4Drag and Drop Multiple File Upload Plugin SVG File dnd_codedropz_upload クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2022-0595
5Interactive Contact Form and Multi Step Form Builder Plugin クロスサイトスクリプティング5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.02CVE-2023-4950
6Byzoro Smart S85F Management Platform 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002070.13CVE-2023-4121
7Byzoro Smart S85F Management Platform importhtml.php 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.006170.07CVE-2023-4120
8Campcodes Online Thesis Archiving System view_department.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.09CVE-2023-2144
9CodeIgniter DB_query_builder.php or_like SQLインジェクション8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2022-40829
10CodeIgniter DB_query_builder.php SQLインジェクション8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001530.02CVE-2022-40835
11centreon Contact Groups Form formContactGroup.php SQLインジェクション6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002120.10CVE-2022-3827
12Sourcecodehero ERP System Project processlogin.php SQLインジェクション8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.07CVE-2022-3118
13CPG Dragonfly CMS MSAnalysis Module index.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.009180.03CVE-2006-0727
14Sophos SFOS Administration Service/User Portal SQLインジェクション9.18.9$5k-$25k$0-$5kHighOfficial Fix0.016550.08CVE-2020-12271
15ampleShop category.cfm SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.02CVE-2006-2038
16ProFTPD mod_tls 弱い暗号化6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004730.00CVE-2009-3639
17OpenSSH GSS2 auth-gss2.c Username 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.002570.00CVE-2018-15919
18OpenSSH Readonly Mode sftp-server.c process_open 特権昇格5.35.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.00CVE-2017-15906
19Gempar Script Toko Online shop_display_products.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
20ESMI PayPal Storefront products1h.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.189.137.8vending.softjourn.if.uaDarkkomet2023年01月24日verified
212.167.151.119Darkkomet2022年04月13日verified
320.72.235.82DarkKomet2022年09月07日verified
420.81.111.85DarkKomet2022年09月07日verified
523.49.102.35a23-49-102-35.deploy.static.akamaitechnologies.comDarkkomet2023年06月03日verified
623.221.227.172a23-221-227-172.deploy.static.akamaitechnologies.comDarkKomet2022年09月07日verified
735.205.61.6767.61.205.35.bc.googleusercontent.comDarkKomet2022年09月07日verified
8XX.XX.XXX.XXXXxxxxxxxx2022年04月07日verified
9XX.XX.XXX.XXXxxxxxxxx2022年04月07日verified
10XX.XX.XXX.XXXXxxxxxxxx2022年04月07日verified
11XX.XX.XXX.Xxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxx2022年04月13日verified
12XX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xxXxxxxxxxx2022年09月07日verified
13XX.XX.X.XXXXxxxxxxxx2022年04月13日verified
14XX.XXX.XXX.XXXXxxxxxxxx2023年06月03日verified
15XX.XXX.XXX.XXXXxxxxxxxx2022年04月08日verified
16XX.XXX.XXX.XXXXxxxxxxxx2023年06月03日verified
17XXX.XX.XXX.XXXxxxxxxxx2022年04月13日verified
18XXX.XX.XXX.XXXxxxxxxxx2022年04月13日verified
19XXX.XXX.XXX.XXXXxxxxxxxx2022年09月24日verified
20XXX.XXX.XX.XXXXxxxxxxxx2022年09月07日verified
21XXX.XX.XXX.XXxxxxxxxx-xxxxxx.xxxxxx.xxxXxxxxxxxx2022年04月13日verified
22XXX.XXX.X.XXXxxxxxxxx2023年04月25日verified
23XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxxx2022年04月07日verified
24XXX.XXX.XXX.XXXxxxxxxxx2022年09月24日verified
25XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxx2022年09月07日verified
26XXX.XXX.XXX.XXxxxxxxxx.xx-xxx-xxx-xxx.xxXxxxxxxxx2022年09月07日verified
27XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxxx2023年01月24日verified
28XXX.XX.XX.XXXXxxxxxxxx2022年09月07日verified
29XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021年12月06日verified
30XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx2022年04月07日verified
31XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx2022年04月07日verified
32XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxxx2022年04月13日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/departments/view_department.phppredictive
2File/cgi-bin/cstecgi.cgipredictive
3File/pages/processlogin.phppredictive
4File/SCRIPTPATH/index.phppredictive
5Fileadmin/index.phppredictive
6Fileauth-gss2.cpredictive
7Filexxxxxxx.xxxpredictive
8Filexxxxxxxx.xxxpredictive
9Filexxx-xxx/xxxxx/xxxxx.xxxpredictive
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
11Filexxxxxxx.xxxxpredictive
12Filexxxxxxxxxxxxxxxx.xxxpredictive
13Filexxxxxxxxxx.xxxpredictive
14Filexxx/xxxxxx.xxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxx_xxxx.xxxpredictive
17Filexxx?xxxx.xxxpredictive
18Filexxxx.xpredictive
19Filexxxx.xxxpredictive
20Filexxxxxxxxxx.xxxpredictive
21Filexxxxxxxx.xxxpredictive
22Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictive
23Filexxxx-xxxxxx.xpredictive
24Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
25Filexxx/xxxxxxx.xpredictive
26Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictive
27Library/xxx/xxx/xxxx.xxxpredictive
28Argumentxxxxxxxxpredictive
29Argumentxxxxxpredictive
30Argumentxxxxpredictive
31Argumentxxxpredictive
32Argumentxxx_xxpredictive
33Argumentxx_xxpredictive
34Argumentxxxx_xxpredictive
35Argumentxxxxxxx-xxxxxxpredictive
36Argumentxxxx_xxxxxxpredictive
37Argumentxxpredictive
38Argumentxxxx_xxxxpredictive
39Argumentxxpredictive
40Argumentxxxxxpredictive
41Argumentxx_xxxxpredictive
42Argumentxxxxxxxpredictive
43Argumentxxxxpredictive
44Argumentxxxpredictive
45Argumentxxxxpredictive
46Input Value=x' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictive
47Input Valuexxx?xxxx.xxxpredictive

参考 (10)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!