Dukes 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (181)

タイムライン

言語

en92
zh44
fr14
ja12
es8

国・地域

us70
cn50
ru26
at6
lu2

アクター

Dukes6
Cobalt Strike2
CosmicDuke2
Cobalt Group1
RecordBreaker1

アクティビティ

関心

タイムライン

タイプ

Not Defined56
Content Management System16
Operating System12
Web Server12
Forum Software6

ベンダー

Not Defined74
Microsoft14
Apache8
Invision Power Services4
Vmware4

製品

Microsoft Windows10
Apache HTTP Server6
House Rental System4
QEMU4
Invision Power Services IP.Board4

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Hunkaray Duyuru Scripti oku.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00811CVE-2007-0688
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3Apache Flume JMS Source 特権昇格8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00264CVE-2022-34916
4Discuz! admin.php クロスサイトスクリプティング3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2018-19464
5SourceCodester Human Resource Management System employeeadd.php SQLインジェクション5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00148CVE-2022-4278
6Bitrix Upload from Local Disk Feature restore.php 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.030.00049CVE-2022-29268
7OpenSSL AES OCB Mode 弱い暗号化5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00363CVE-2022-2097
8PHPMailer Phar Deserialization addAttachment 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00748CVE-2020-36326
9Xoops URL Filter index.php Redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.050.00062CVE-2017-12138
10Microsoft Windows RPC over HTTP Reply サービス拒否7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.08241CVE-2003-0807
11Apache Dubbo 特権昇格7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.000.01134CVE-2022-39198
12LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.990.00000
13Planka Environment Variable environ ディレクトリトラバーサル5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00063CVE-2022-2653
14Invision Power Services IP.Board URL サービス拒否5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00164CVE-2015-6812
15MikroTik RouterOS Winbox 弱い認証8.27.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.97496CVE-2018-14847
16Drupal File Download 特権昇格5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.040.00049CVE-2023-31250
17Mattermost API 情報の漏洩5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00065CVE-2022-2401
18Ecommerce-Website signup_script.php クロスサイトスクリプティング4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00068CVE-2022-45990
19Salon booking system クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00160CVE-2022-43487
20Fortinet FortiOS/FortiProxy FortiGate SSL-VPN メモリ破損9.89.6$25k-$100k$25k-$100kNot DefinedOfficial Fix0.040.15407CVE-2023-27997

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.45.66.134Dukes2020年12月24日verified
246.246.120.178Dukes2020年12月24日verified
350.7.192.146Dukes2020年12月24日verified
464.18.143.66Dukes2020年12月24日verified
566.29.115.55647807.ds.nac.netDukes2020年12月24日verified
669.59.28.57Dukes2020年12月24日verified
7XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxx2020年12月24日verified
8XX.XXX.XX.XXxxxxxxxx.xxxXxxxx2020年12月24日verified
9XX.XXX.XX.XXXxxxx2020年12月24日verified
10XX.XX.XXX.XXXXxxxx2020年12月24日verified
11XX.XXX.XX.XXxxxxx-xx.xxxxxxxx.xxxXxxxx2020年12月24日verified
12XX.XXX.XX.XXXxxxxxxx.xxxxxxx.xxxXxxxx2020年12月24日verified
13XX.XXX.XXX.XXXXxxxx2020年12月24日verified
14XX.XXX.XXX.XXxx-xxxxxx-xx-xxx-xxx-xx.xxxxxx.xxXxxxx2020年12月24日verified
15XX.X.XXX.XXXxxxx2020年12月24日verified
16XX.XX.XXX.XXXxxxx2020年12月24日verified
17XXX.XXX.XXX.XXXXxxxx2020年12月24日verified
18XXX.XXX.XX.XXxx.xx.xxx.xxx.xx-xxxx.xxxxXxxxx2020年12月24日verified
19XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx2020年12月24日verified
20XXX.XX.XXX.XXxxxxxxx-xxxx-xxx.xxxx-xxxxxxx.xxxXxxxx2020年12月24日verified
21XXX.XX.XXX.XXXXxxxx2020年12月24日verified
22XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx2020年12月24日verified
23XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xxxxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx2020年12月24日verified
24XXX.XX.XX.XXxxxxxx.xx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx2020年12月24日verified
25XXX.XXX.XX.XXXXxxxx2020年12月24日verified
26XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxxxxx.xxxXxxxx2020年12月24日verified
27XXX.XX.XXX.XXXXxxxx2020年12月24日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-88, CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
13TXXXXCWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/users.php?source=edit_user&id=1predictive
2File/cdsms/classes/Master.php?f=delete_packagepredictive
3File/debug/pprofpredictive
4File/forum/away.phppredictive
5File/hrm/employeeadd.phppredictive
6File/modules/profile/index.phppredictive
7File/onvif/device_servicepredictive
8File/pro/repo-create.htmlpredictive
9File/proc/self/environpredictive
10File/rest/project-templates/1.0/createsharedpredictive
11File/server-statuspredictive
12File/signup_script.phppredictive
13File/xxxx-xxxxxxxx.xxxpredictive
14Filexxx.xxxpredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxxxxxxxxxxxx/xxxx/xxxxxxxx.xxxpredictive
18Filexxxxxxx.xxx/xxxxxxxxxxxx.xxxpredictive
19Filexxxxxx.xxxpredictive
20Filexxx-xxxx.xxxpredictive
21Filexxxxxxxxx.xxxpredictive
22Filexxxxxxxxx.xxxxxxx.xxxpredictive
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
24Filexxxxxxxx.xpredictive
25Filexxxxx.xxxpredictive
26Filexxxxxxxxx.xxxpredictive
27Filexx.xxxxx.xxxpredictive
28Filexxx_xxxxxx.xxxpredictive
29Filexxxxxx.xxxpredictive
30Filexxxxxx.xxxpredictive
31Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictive
32Filexxxxxxxx/xxxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxxxx.xxx?xxxx=xxxxxxx_xxxxxpredictive
35Filexx/xx/xxxxxxxxxxxxxxx.xxpredictive
36Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictive
37Filexxxxxxx/xxx_xxxxxxxx.xxxpredictive
38Filexxxxpredictive
39Filexxxxxxxxxxxx.xxxpredictive
40Filexxxx/xxxx.xpredictive
41Filexxx.xxxpredictive
42Filexxx/xxxxx.xxxxpredictive
43Filexxxxx.xxxx.xxxpredictive
44Filexxxx.xxxpredictive
45Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictive
46Filexxxxxxxx.xxxpredictive
47Filexxxxxxxx.xxxpredictive
48Filexxxx.xxxpredictive
49Filexxxx_xxxx.xxxpredictive
50Filexxxxxxxx.xxxpredictive
51Filexxxxxxxx_xxxx.xxxpredictive
52Filexxx.xxxpredictive
53Filexxxxxxx.xxxpredictive
54Filexxxxxx.xxpredictive
55Filexxxxxx-xxxxxxxx.xxxpredictive
56Filexxxxxx_xxxxxxx.xxxpredictive
57Filexxxx_xxxxx.xxxxpredictive
58Filexxxxxx-xxxxxx.xxxpredictive
59Filexxxx-xxxpredictive
60Filexxxx/xxxx_xxxxxxx_xxx.xpredictive
61Filexxxxxxxxxx.xxxpredictive
62Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictive
63Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
64Filexx-xxxxxxxxxx.xxxpredictive
65Argumentxxxxxpredictive
66Argumentxxxxxxpredictive
67Argumentxxxpredictive
68Argumentxxxxxxxxxx[]predictive
69Argumentxxxpredictive
70Argumentxxxxxxpredictive
71Argumentxxxxpredictive
72Argumentxxxxxpredictive
73Argumentxxxxxpredictive
74Argumentxxxxpredictive
75Argumentxxxxxxxxpredictive
76Argumentx_xxpredictive
77Argumentxxpredictive
78Argumentxx_xxxxxpredictive
79Argumentxxxxpredictive
80Argumentxxxxxxx/xxxxxx_xxpredictive
81Argumentxxxxxxxpredictive
82Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
83Argumentxxxx/xxxxxxpredictive
84Argumentxxxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxpredictive
87Argumentxxxxxxxxxxxxxpredictive
88Argumentxxxx_xxxxxxpredictive
89Argumentxxxxxxxxpredictive
90Argumentxxxxxxxx_xxpredictive
91Argumentxxxxxxxpredictive
92Argumentxxxxxx_xxxxxxxxpredictive
93Argumentxxxxxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxxxxxxxxxxpredictive
96Argumentxxxpredictive
97Argumentxxxpredictive
98Argumentxxxxxxxxxpredictive
99Argumentxxxxxxxxpredictive
100Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictive
101Network Portxxx/xxxx (xx-xxx)predictive
102Network Portxxx/xxx (xxxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!