DarkHydrus Analiza

IOB - Indicator of Behavior (155)

Oś czasu

Język

en130
es8
de6
zh4
pl2

Kraj

us144

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

WordPress4
PHPWind4
Fad Solutions DRZES HMS2
YaBB2
Apple Mac OS X Server2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.320.00943CVE-2010-0966
3Tiki Admin Password tiki-login.php weak authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix2.740.00936CVE-2020-15906
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.02101CVE-2007-1287
5TikiWiki tiki-register.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix5.230.01009CVE-2006-6168
6jforum User privilege escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00289CVE-2019-7550
7JForum jforum.page cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00173CVE-2022-26173
8Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00073CVE-2018-25085
9Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.090.00110CVE-2010-4240
10PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.230.00374CVE-2007-0529
11Smartisoft phpBazar classified_right.php privilege escalation6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.050.00933CVE-2006-2528
12JForum Login privilege escalation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00151CVE-2012-5338
13cpCommerce register.php cross site scripting4.34.2$0-$5kObliczenieHighUnavailable0.000.00661CVE-2007-2968
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.060.00000
15Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.780.00000
16PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.070.00348CVE-2015-4134
17Advisto Peel SHOPPING caddie_ajout.php cross site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.160.00118CVE-2018-20848
18Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00169CVE-2005-4222
19Serendipity exit.php privilege escalation6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
20Bitrix Site Manager redirect.php privilege escalation5.34.7$0-$5k$0-$5kUnprovenUnavailable0.030.00113CVE-2008-2052

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • DarkHydrus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1059CWE-94Argument InjectionpredictiveWysoki
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
8TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveWysoki

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveWysoki
3File/obs/book.phppredictiveWysoki
4File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveWysoki
5File/register.dopredictiveMedium
6File4.3.0.CP04predictiveMedium
7Fileadclick.phppredictiveMedium
8Fileaddentry.phppredictiveMedium
9Fileadd_comment.phppredictiveWysoki
10Filebook.phppredictiveMedium
11Filexxxxxxxxxx_xxxxx.xxxpredictiveWysoki
12Filexxxxx.xxxpredictiveMedium
13Filexxxxxx/xxx.xpredictiveMedium
14Filexxxxxxx_xxx.xxxpredictiveWysoki
15Filexxxxxx.xxxpredictiveMedium
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveWysoki
20Filexxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveWysoki
23Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveWysoki
24Filexxx/xxxxxx.xxxpredictiveWysoki
25Filexxxxx.xxxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxx.xxxxpredictiveMedium
28Filexxx/xxxx/xxx.xpredictiveWysoki
29Filexxxxxxxxx.xpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxpredictiveMedium
35Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveWysoki
36Filexxxxxxxx_xxxxxx.xxxpredictiveWysoki
37Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveWysoki
38Filexxxxxxxxxxxxxx.xxxpredictiveWysoki
39Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveWysoki
40Filexxxx-xxxxxxxx.xxxpredictiveWysoki
41Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveWysoki
42Filexxxx-xxxxx.xxxpredictiveWysoki
43Filexxxx-xxxxxxxx.xxxpredictiveWysoki
44Filexxxx/xxxxxxxx.xxxpredictiveWysoki
45Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveWysoki
46Filexx-xxxxx.xxxpredictiveMedium
47Filexx-xxxxxxxx.xxxpredictiveWysoki
48Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveWysoki
49Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveWysoki
50Argument$xxxxpredictiveNiski
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxpredictiveMedium
55Argumentxxxx_xxxxpredictiveMedium
56ArgumentxxxxxxxxxxpredictiveMedium
57ArgumentxxxxxxpredictiveNiski
58Argumentxxxxxxxxx[x]predictiveMedium
59Argumentxx_xx_xxxx_xxxxpredictiveWysoki
60ArgumentxxxxpredictiveNiski
61ArgumentxxxxpredictiveNiski
62Argumentxxxxxx/xxxxxpredictiveMedium
63ArgumentxxpredictiveNiski
64Argumentxxxxxxxx_xxxpredictiveMedium
65Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveWysoki
66ArgumentxxxxpredictiveNiski
67ArgumentxxxxxxxxxxxxxxxpredictiveWysoki
68ArgumentxxxxxpredictiveNiski
69Argumentxx_xxxxpredictiveNiski
70ArgumentxxxxxxxxxxpredictiveMedium
71ArgumentxxpredictiveNiski
72ArgumentxxxpredictiveNiski
73ArgumentxxxxpredictiveNiski
74ArgumentxxxpredictiveNiski
75Argumentxxxxxxxx/xxxxxxxxpredictiveWysoki
76Argumentxxxx_xxxxxpredictiveMedium

Referencje (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!