Allakore Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (96)

Oś czasu

Język

en70
de24
ru2

Kraj

us46
de16
ca4

Aktorzy

Allakore4
Cobalt Strike2
NetWire1
IcedID1
ActionRAT1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined32
Programming Language Software6
Packet Analyzer Software4
Multimedia Player Software4
Content Management System4

Sprzedawca

Not Defined26
Linksys6
Elecard2
PowerScripts2
IBM2

Produkt

Linksys WAG54GS6
Play Framework4
tcpdump4
Elecard Elecard MPEG Player2
PowerScripts PowerNews2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.32CVE-2010-0966
374CMS Company Logo Index.php#sendCompanyLogo privilege escalation6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2561
4Tiki Admin Password tiki-login.php weak authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.53CVE-2020-15906
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.23
6phpPgAds adclick.php nieznana luka5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.47CVE-2005-3791
7Indexu register.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedWorkaround0.000000.03
8Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.32
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.70CVE-2007-0354
10Untis WebUntis cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.03CVE-2020-22453
11DragDropCart productdetail.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
12Michael Salzer Guestbox gbshow.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.042830.02CVE-2006-0860
13Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.16CVE-2010-2338
14DolphinPHP User Management Page cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000530.06CVE-2022-1086
15LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.69
16vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.07CVE-2007-6138
17Dataiku DSS Project privilege escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2021-27225
18payfort-php-SDK success.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.004630.02CVE-2018-19188
19MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
20Cisco Linksys EA2700 URL information disclosure4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.08

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
123.236.143.214mail213.mailerview.tropicalstrength.comAllakore2024-03-20verifiedWysoki
223.254.136.60client-23-254-136-60.hostwindsdns.comAllakore2024-03-20verifiedWysoki
323.254.138.211box.adminco.latAllakore2024-03-20verifiedWysoki
423.254.202.85client-23-254-202-85.hostwindsdns.comAllakore2024-03-20verifiedWysoki
5XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedWysoki
6XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedWysoki
7XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedWysoki
8XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedWysoki
9XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedWysoki
10XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedWysoki
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx2021-09-07verifiedWysoki
12XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedWysoki
13XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedWysoki
14XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedWysoki
15XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedWysoki
16XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx2024-03-20verifiedWysoki

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CWE-94Argument InjectionpredictiveWysoki
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (51)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/controller/company/Index.php#sendCompanyLogopredictiveWysoki
2File/forum/away.phppredictiveWysoki
3File/wordpress/wp-admin/admin.phppredictiveWysoki
4Fileadclick.phppredictiveMedium
5Fileadmin/index.phppredictiveWysoki
6Filecloud.phppredictiveMedium
7Filedata/gbconfiguration.datpredictiveWysoki
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxxxxx.xxxpredictiveMedium
11Filexxxx.xxxpredictiveMedium
12Filexxx/xxxxxx.xxxpredictiveWysoki
13Filexxxx_xxxx.xxxpredictiveWysoki
14Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveWysoki
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxxxx/xxxx-xxxxpredictiveWysoki
19Filexxxx.xxxpredictiveMedium
20Filexxx_xxxx.xxxpredictiveMedium
21Filexxxxx/xxxxxxx/predictiveWysoki
22Filexxxxxx.xxxpredictiveMedium
23FilexxxpredictiveNiski
24Filexxxxxxxxxxxxx.xxxpredictiveWysoki
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxxxxxx.xxxpredictiveWysoki
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxx-xxxxx.xxxpredictiveWysoki
31Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveWysoki
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxxxxxxxpredictiveMedium
34Argumentxxxx_xxpredictiveNiski
35ArgumentxxxxxxxpredictiveNiski
36ArgumentxxxxxxxpredictiveNiski
37ArgumentxxxxxpredictiveNiski
38ArgumentxxxxpredictiveNiski
39Argumentxxxx_xxpredictiveNiski
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxpredictiveNiski
42ArgumentxxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxxxpredictiveMedium
44ArgumentxxxxxxpredictiveNiski
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxxxxxxpredictiveNiski
47Argumentxxxxxxx_xxpredictiveMedium
48ArgumentxxxxxxxpredictiveNiski
49ArgumentxxxpredictiveNiski
50ArgumentxxxxpredictiveNiski
51ArgumentxxxxxpredictiveNiski

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Might our Artificial Intelligence support you?

Check our Alexa App!