Darkkomet Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Język

en	68
de	2

Kraj

us	50
ru	14
it	2
ua	2
jp	2

Aktorzy

Darkkomet	8
Adwind	2
NjRAT	2
Nanocore RAT	2
NetWire	2

Wysiłek

Rodzaj

Not Defined	24
Content Management System	12
Programming Language Software	8
JavaScript Library	6
Vehicle Software	2

Sprzedawca

Not Defined	28
Thomas R. Pasawicz	2
Comcast	2
Phpversion	2
Daimler	2

Produkt

Node.js	6
WordPress	6
ampleShop	2
Thomas R. Pasawicz HyperBook Guestbook	2
Comcast DPC3939	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.46	CVE-2010-0966
3	Totolink LR1200GB Web Interface cstecgi.cgi loginAuth memory corruption	9.8	9.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.07	CVE-2024-1783
4	Drag and Drop Multiple File Upload Plugin SVG File dnd_codedropz_upload cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00102	0.00	CVE-2022-0595
5	Interactive Contact Form and Multi Step Form Builder Plugin cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.02	CVE-2023-4950
6	Byzoro Smart S85F Management Platform privilege escalation	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00207	0.07	CVE-2023-4121
7	Byzoro Smart S85F Management Platform importhtml.php privilege escalation	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00617	0.07	CVE-2023-4120
8	Campcodes Online Thesis Archiving System view_department.php sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00073	0.04	CVE-2023-2144
9	CodeIgniter DB_query_builder.php or_like sql injection	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00153	0.00	CVE-2022-40829
10	CodeIgniter DB_query_builder.php sql injection	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00153	0.02	CVE-2022-40835
11	centreon Contact Groups Form formContactGroup.php sql injection	6.3	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00212	0.00	CVE-2022-3827
12	Sourcecodehero ERP System Project processlogin.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00170	0.04	CVE-2022-3118
13	CPG Dragonfly CMS MSAnalysis Module index.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00918	0.03	CVE-2006-0727
14	Sophos SFOS Administration Service/User Portal sql injection	9.1	8.9	$5k-$25k	$0-$5k	High	Official Fix	0.01655	0.08	CVE-2020-12271
15	ampleShop category.cfm sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00621	0.02	CVE-2006-2038
16	ProFTPD mod_tls weak encryption	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00473	0.00	CVE-2009-3639
17	OpenSSH GSS2 auth-gss2.c Username information disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00257	0.04	CVE-2018-15919
18	OpenSSH Readonly Mode sftp-server.c process_open privilege escalation	5.3	5.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00660	0.00	CVE-2017-15906
19	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
20	ESMI PayPal Storefront products1h.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05468	0.00	CVE-2005-0936

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	5.189.137.8	vending.softjourn.if.ua	Darkkomet	2023-01-24	verified	Wysoki
2	12.167.151.119		Darkkomet	2022-04-13	verified	Wysoki
3	20.72.235.82		DarkKomet	2022-09-07	verified	Wysoki
4	20.81.111.85		DarkKomet	2022-09-07	verified	Wysoki
5	23.49.102.35	a23-49-102-35.deploy.static.akamaitechnologies.com	Darkkomet	2023-06-03	verified	Wysoki
6	23.221.227.172	a23-221-227-172.deploy.static.akamaitechnologies.com	DarkKomet	2022-09-07	verified	Wysoki
7	35.205.61.67	67.61.205.35.bc.googleusercontent.com	DarkKomet	2022-09-07	verified	Medium
8	XX.XX.XXX.XXX		Xxxxxxxxx	2022-04-07	verified	Wysoki
9	XX.XX.XXX.XX		Xxxxxxxxx	2022-04-07	verified	Wysoki
10	XX.XX.XXX.XXX		Xxxxxxxxx	2022-04-07	verified	Wysoki
11	XX.XX.XXX.X	xxx-xxxxxxxx.xxx.xxx.xxx	Xxxxxxxxx	2022-04-13	verified	Wysoki
12	XX.XXX.XXX.XXX	xxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xx	Xxxxxxxxx	2022-09-07	verified	Wysoki
13	XX.XX.X.XXX		Xxxxxxxxx	2022-04-13	verified	Wysoki
14	XX.XXX.XXX.XXX		Xxxxxxxxx	2023-06-03	verified	Wysoki
15	XX.XXX.XXX.XXX		Xxxxxxxxx	2022-04-08	verified	Wysoki
16	XX.XXX.XXX.XXX		Xxxxxxxxx	2023-06-03	verified	Wysoki
17	XXX.XX.XXX.XX		Xxxxxxxxx	2022-04-13	verified	Wysoki
18	XXX.XX.XXX.XX		Xxxxxxxxx	2022-04-13	verified	Wysoki
19	XXX.XXX.XXX.XXX		Xxxxxxxxx	2022-09-24	verified	Wysoki
20	XXX.XXX.XX.XXX		Xxxxxxxxx	2022-09-07	verified	Wysoki
21	XXX.XX.XXX.XX	xxxxxxxx-xxxxxx.xxxxxx.xxx	Xxxxxxxxx	2022-04-13	verified	Wysoki
22	XXX.XXX.X.XX		Xxxxxxxxx	2023-04-25	verified	Wysoki
23	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxxxxx	2022-04-07	verified	Wysoki
24	XXX.XXX.XXX.XX		Xxxxxxxxx	2022-09-24	verified	Wysoki
25	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxx	2022-09-07	verified	Wysoki
26	XXX.XXX.XXX.XX	xxxxxxxx.xx-xxx-xxx-xxx.xx	Xxxxxxxxx	2022-09-07	verified	Wysoki
27	XXX.XXX.XX.XX	xxxxxxxx.xxxx.xxx	Xxxxxxxxx	2023-01-24	verified	Wysoki
28	XXX.XX.XX.XXX		Xxxxxxxxx	2022-09-07	verified	Wysoki
29	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	2021-12-06	verified	Wysoki
30	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxxxxx	2022-04-07	verified	Wysoki
31	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxxxxx	2022-04-07	verified	Wysoki
32	XXX.XXX.XX.XX	xxxxxxx-xxx.xxxxxx.xxx	Xxxxxxxxx	2022-04-13	verified	Wysoki

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Wysoki
4	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
10	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki
11	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/admin/departments/view_department.php	predictive	Wysoki
2	File	/cgi-bin/cstecgi.cgi	predictive	Wysoki
3	File	/pages/processlogin.php	predictive	Wysoki
4	File	/SCRIPTPATH/index.php	predictive	Wysoki
5	File	admin/index.php	predictive	Wysoki
6	File	auth-gss2.c	predictive	Medium
7	File	xxxxxxx.xxx	predictive	Medium
8	File	xxxxxxxx.xxx	predictive	Medium
9	File	xxx-xxx/xxxxx/xxxxx.xxx	predictive	Wysoki
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
11	File	xxxxxxx.xxxx	predictive	Medium
12	File	xxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
13	File	xxxxxxxxxx.xxx	predictive	Wysoki
14	File	xxx/xxxxxx.xxx	predictive	Wysoki
15	File	xxxxx.xxx	predictive	Medium
16	File	xxxx_xxxx.xxx	predictive	Wysoki
17	File	xxx?xxxx.xxx	predictive	Medium
18	File	xxxx.x	predictive	Niski
19	File	xxxx.xxx	predictive	Medium
20	File	xxxxxxxxxx.xxx	predictive	Wysoki
21	File	xxxxxxxx.xxx	predictive	Medium
22	File	xxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxx	predictive	Wysoki
23	File	xxxx-xxxxxx.x	predictive	Wysoki
24	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Wysoki
25	File	xxx/xxxxxxx.x	predictive	Wysoki
26	File	xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx	predictive	Wysoki
27	Library	/xxx/xxx/xxxx.xxx	predictive	Wysoki
28	Argument	xxxxxxxx	predictive	Medium
29	Argument	xxxxx	predictive	Niski
30	Argument	xxxx	predictive	Niski
31	Argument	xxx	predictive	Niski
32	Argument	xxx_xx	predictive	Niski
33	Argument	xx_xx	predictive	Niski
34	Argument	xxxx_xx	predictive	Niski
35	Argument	xxxxxxx-xxxxxx	predictive	Wysoki
36	Argument	xxxx_xxxxxx	predictive	Medium
37	Argument	xx	predictive	Niski
38	Argument	xxxx_xxxx	predictive	Medium
39	Argument	xx	predictive	Niski
40	Argument	xxxxx	predictive	Niski
41	Argument	xx_xxxx	predictive	Niski
42	Argument	xxxxxxx	predictive	Niski
43	Argument	xxxx	predictive	Niski
44	Argument	xxx	predictive	Niski
45	Argument	xxxx	predictive	Niski
46	Input Value	=x' xxx xxxx=xxxx xxx 'xxxx'='xxxx	predictive	Wysoki
47	Input Value	xxx?xxxx.xxx	predictive	Medium

Referencje (10)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!