DarkSide Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Oś czasu

Język

en50
de2
zh2

Kraj

us50
ca4

Aktorzy

DarkSide2
Mirai1
ElectrumDosMiner1
SocGholish1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined8
Web Server4
Operating System2
Content Management System2
Smartphone Operating System2

Sprzedawca

Not Defined6
Apple4
Thomas R. Pasawicz2
Esoftpro2
Samsung2

Produkt

Apple Mac OS X Server2
Thomas R. Pasawicz HyperBook Guestbook2
nginx2
Esoftpro Online Guestbook Pro2
Apple M12

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.46CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
4spip Login spip_login.php3 privilege escalation7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.050540.04CVE-2006-1702
5miniOrange WP OAuth Server privilege escalation7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001560.00CVE-2022-34149
6Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
7Boa free denial of service6.46.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002080.00CVE-2018-21028
8DrayTek Vigor/Vigor3910 wlogin.cgi memory corruption9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.04CVE-2022-32548
9Boa Terminal privilege escalation5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.023950.02CVE-2009-4496
10GNU Mailman cross site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.02CVE-2021-44227
11GNU Mailman confirm.py cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.003300.00CVE-2011-0707
12myPHPNuke links.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.004780.02CVE-2003-1372
13Microsoft Office Word nieznana luka5.55.0$5k-$25k$0-$5kUnprovenOfficial Fix0.000890.02CVE-2022-24511
14Microsoft Windows Remote Desktop Client Remote Code Execution8.88.2$100k i więcej$5k-$25kProof-of-ConceptOfficial Fix0.023870.04CVE-2022-21990
15nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.14CVE-2020-12440
16Apple M1 Register s3_5_c15_c10_1 M1RACLES privilege escalation8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.04CVE-2021-30747
17Joomla CMS File Upload media.php privilege escalation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.784710.04CVE-2013-5576
18Samsung Mobile Devices Cameralyzer privilege escalation5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2020-15577
19DHIS tools register-q.sh privilege escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
20Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.46CVE-2009-4935

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • Darkside

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
151.79.243.236vps-55125c46.vps.ovh.caDarkSide2021-08-05verifiedWysoki
281.91.177.54free.example.comUNC2465Darkside2021-06-22verifiedWysoki
3XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2021-07-09verifiedWysoki
4XXX.XXX.XX.XXXXxxxxxxx2021-07-09verifiedWysoki
5XXX.XX.XXX.XXXxxxxxxxxx.xxxxx.xxx.xxXxxxxxxXxxxxxxx2021-06-22verifiedWysoki
6XXX.XXX.XX.XXXxxxx.xxxxxxx.xxxXxxxxxxXxxxxxxx2021-06-22verifiedWysoki
7XXX.XXX.XXX.XXXXxxxxxxx2021-06-18verifiedWysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-22Path TraversalpredictiveWysoki
2T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/cgi-bin/wapopenpredictiveWysoki
2File/cgi-bin/wlogin.cgipredictiveWysoki
3Fileaddentry.phppredictiveMedium
4Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveWysoki
5Filexxx/xxxxxxx.xxpredictiveWysoki
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
7Filexxx/xxxxxx.xxxpredictiveWysoki
8Filexxxxx.xxxpredictiveMedium
9Filexxx_xxxx.xxxpredictiveMedium
10Filexxxxxxxx-x.xxpredictiveWysoki
11Filexxxx_xxxxx.xxxxpredictiveWysoki
12Argumentxx/xxpredictiveNiski
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxxxxxpredictiveNiski
15ArgumentxxxxxxxxxxpredictiveMedium
16Argumentxxxxxxx/xxxxxpredictiveWysoki
17Input Value../..predictiveNiski

Referencje (4)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PoprzedniPrzeglądKolejny

Interested in the pricing of exploits?

See the underground prices here!