DarkHydrus 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (155)

タイムライン

言語

en140
es6
de4
zh4
fr2

国・地域

us148

アクター

DarkHydrus1
APT331
DarkHydrus (.iqy)1

アクティビティ

関心

タイムライン

タイプ

Not Defined36
Content Management System12
Forum Software8
Programming Language Software4
Operating System4

ベンダー

Not Defined32
Apple4
EnergyScripts2
Smartisoft2
Bitrix2

製品

Apple Mac OS X Server4
PhotoPost PHP2
TikiWiki2
EnergyScripts Simple Download2
Phorum2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.23CVE-2010-0966
3Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.28CVE-2020-15906
4PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
5TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.38CVE-2006-6168
6jforum User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
7JForum jforum.page 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2022-26173
8Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit クロスサイトスクリプティング3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.04CVE-2018-25085
9Tiki Wiki CMS Groupware tiki-edit_wiki_section.php クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2010-4240
10PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.32CVE-2007-0529
11Smartisoft phpBazar classified_right.php 特権昇格6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.03CVE-2006-2528
12JForum Login 特権昇格6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
13cpCommerce register.php クロスサイトスクリプティング4.34.2$0-$5k$0-$5kHighUnavailable0.006410.03CVE-2007-2968
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.04
15Pligg cloud.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.40
16PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
17Advisto Peel SHOPPING caddie_ajout.php 未知の脆弱性6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.07CVE-2018-20848
18Lars Ellingsen Guestserver guestbook.cgi クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.16CVE-2005-4222
19Serendipity exit.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.55
20Bitrix Site Manager redirect.php 特権昇格5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • DarkHydrus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
194.130.88.9cm16.debounce.ioDarkHydrus2020年12月22日verified
2XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx2021年08月29日verified
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx2020年12月16日verified
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx2020年12月16日verified
5XXX.XX.XXX.XXXxxxxxxxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxXxxxxxxxxx2020年12月22日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/etc/sudoerspredictive
2File/forum/away.phppredictive
3File/obs/book.phppredictive
4File/opt/IBM/es/lib/libffq.cryptionjni.sopredictive
5File/register.dopredictive
6File4.3.0.CP04predictive
7Fileadclick.phppredictive
8Fileaddentry.phppredictive
9Fileadd_comment.phppredictive
10Filebook.phppredictive
11Filexxxxxxxxxx_xxxxx.xxxpredictive
12Filexxxxx.xxxpredictive
13Filexxxxxx/xxx.xpredictive
14Filexxxxxxx_xxx.xxxpredictive
15Filexxxxxx.xxxpredictive
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxxxx.xxxpredictive
19Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexxxx.xxxpredictive
22Filexxxxxxxxx.xxxpredictive
23Filexx/xxxxxxx/xxxxxx_xxx.xpredictive
24Filexxx/xxxxxx.xxxpredictive
25Filexxxxx.xxxxpredictive
26Filexxxxx.xxxpredictive
27Filexxxxxx.xxxxpredictive
28Filexxx/xxxx/xxx.xpredictive
29Filexxxxxxxxx.xpredictive
30Filexxxx.xxxpredictive
31Filexxxxx.xxxpredictive
32Filexxxxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxxxxxx.xxpredictive
35Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
36Filexxxxxxxx_xxxxxx.xxxpredictive
37Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
38Filexxxxxxxxxxxxxx.xxxpredictive
39Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictive
40Filexxxx-xxxxxxxx.xxxpredictive
41Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictive
42Filexxxx-xxxxx.xxxpredictive
43Filexxxx-xxxxxxxx.xxxpredictive
44Filexxxx/xxxxxxxx.xxxpredictive
45Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
46Filexx-xxxxx.xxxpredictive
47Filexx-xxxxxxxx.xxxpredictive
48Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictive
49Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictive
50Argument$xxxxpredictive
51Argumentxxxxxxxxxxpredictive
52Argumentxxxxxxxxpredictive
53Argumentxxxxxxxxpredictive
54Argumentxxxxxxxxpredictive
55Argumentxxxx_xxxxpredictive
56Argumentxxxxxxxxxxpredictive
57Argumentxxxxxxpredictive
58Argumentxxxxxxxxx[x]predictive
59Argumentxx_xx_xxxx_xxxxpredictive
60Argumentxxxxpredictive
61Argumentxxxxpredictive
62Argumentxxxxxx/xxxxxpredictive
63Argumentxxpredictive
64Argumentxxxxxxxx_xxxpredictive
65Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
66Argumentxxxxpredictive
67Argumentxxxxxxxxxxxxxxxpredictive
68Argumentxxxxxpredictive
69Argumentxx_xxxxpredictive
70Argumentxxxxxxxxxxpredictive
71Argumentxxpredictive
72Argumentxxxpredictive
73Argumentxxxxpredictive
74Argumentxxxpredictive
75Argumentxxxxxxxx/xxxxxxxxpredictive
76Argumentxxxx_xxxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!