Arkei Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (120)

Idioma

en	94
fr	12
de	6
ja	4
es	2

País

us	40
fr	10
de	4
nl	4
ru	2

Actores

Arkei	3
Cobalt Strike	2
RedLine Stealer	2
Quasar RAT	1
Emotet	1

Interesse

Tipo

Not Defined	40
WordPress Plugin	18
Content Management System	8
Router Operating System	4
Jenkins Plugin	4

Fabricante

Not Defined	42
D-Link	6
Maarch	4
SourceCodester	4
Google	4

Produto

Maarch RM	4
D-Link DIR-645	2
iNovo IB-8120-W21	2
iNovo IB-8120-W21E1	2
Adminer	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Array Networks ArrayOS direitos alargados	9.3	9.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00117	CVE-2022-42897
3	Maarch RM direitos alargados	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00104	CVE-2019-15854
4	Maarch RM Directório Traversal	7.8	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00254	CVE-2019-15855
5	Discuz! admin.php Roteiro Cruzado de Sítios	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00054	CVE-2018-19464
6	Sansuart Free simple guestbook PHP script act.php direitos alargados	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.04	0.11308	CVE-2008-6934
7	Cannot PHP infoBoard direitos alargados	7.3	6.9	$0-$5k	Calculado	Proof-of-Concept	Not Defined	0.00	0.01049	CVE-2008-4334
8	IPS IP.Board ipsconnect.php Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.02	0.00135	CVE-2014-9239
9	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.79	0.00943	CVE-2010-0966
10	baptisteArno typebot Sign-In Page Roteiro Cruzado de Sítios	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	0.00045	CVE-2024-30264
11	LY Yahoo Japan App Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00043	CVE-2024-28895
12	PowerPack Addons for Elementor Plugin Twitter Tweet Widget Roteiro Cruzado de Sítios	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00000	CVE-2024-2492
13	TikiWiki tiki-register.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	4.99	0.01009	CVE-2006-6168
14	Contact Form with Captcha Plugin Roteiro Cruzado de Sítios	5.7	5.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00043	CVE-2023-45771
15	Linux Kernel uss720_probe Negação de Serviço	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00044	CVE-2021-47173
16	osuuu LightPicture Setup.php direitos alargados	4.7	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.12	0.00045	CVE-2024-1921
17	Microsoft IIS Frontpage Server Extensions shtml.dll Username Divulgação de Informação	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.15958	CVE-2000-0114
18	Sichuan Yougou Technology KuERP common.php checklogin Fraca autenticação	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.09	0.00421	CVE-2024-0988
19	flink-extended ai-flow workflow_command.py cloudpickle.loads direitos alargados	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.29	0.00064	CVE-2024-0960
20	Voovi Social Networking Script perfil.php Injecção SQL	8.2	8.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00058	CVE-2023-6414

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	5.79.66.145	mail.zzz.com.ua	Arkei	06/05/2022	verified	Alto
2	23.3.13.154	a23-3-13-154.deploy.static.akamaitechnologies.com	Arkei	06/05/2022	verified	Alto
3	37.252.15.126	google.com	Arkei	22/02/2022	verified	Alto
4	72.21.81.240		Arkei	06/05/2022	verified	Alto
5	74.125.155.202		Arkei	06/05/2022	verified	Alto
6	74.125.155.216		Arkei	06/05/2022	verified	Alto
7	XX.XXX.XXX.XX	xxxxxxxxx.xxxxx.xxx.xx	Xxxxx	22/02/2022	verified	Alto
8	XX.XXX.XXX.XXX	xxx.xxxxxx-xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
9	XXX.XXX.XX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
10	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
11	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
12	XXX.XXX.XXX.XXX	xx-xx-xxxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
13	XXX.XXX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
14	XXX.XXX.X.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
15	XXX.XXX.X.XXX		Xxxxx	06/05/2022	verified	Alto
16	XXX.XXX.XX.XXX		Xxxxx	06/05/2022	verified	Alto
17	XXX.XXX.XX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
18	XXX.XXX.XX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
19	XXX.XXX.XXX.XX	xxxxxxxx-xx-xxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
20	XXX.XXX.XXX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
21	XXX.XXX.XXX.XXX	xxxxxxxx-xx-xx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
22	XXX.X.XXX.XXX		Xxxxx	22/02/2022	verified	Alto
23	XXX.XXX.XX.XXX		Xxxxx	06/05/2022	verified	Alto
24	XXX.XX.XX.XX	xxxxx.xxxxxxx.xxx.xx	Xxxxx	06/05/2022	verified	Alto
25	XXX.XX.XXX.XXX		Xxxxx	06/05/2022	verified	Alto
26	XXX.XX.XXX.XXX	x-xxxx.x-xxxxxx.xxx	Xxxxx	06/05/2022	verified	Alto
27	XXX.XX.XXX.X	xx-xxx.xxx	Xxxxx	06/05/2022	verified	Alto
28	XXX.XX.XXX.XX	xx-xx-xxx.xxxxx.xxx	Xxxxx	06/05/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/admin/orders/update_status.php	predictive	Alto
2	File	/admin/sys_sql_query.php	predictive	Alto
3	File	/app/controller/Setup.php	predictive	Alto
4	File	/application/index/common.php	predictive	Alto
5	File	/getcfg.php	predictive	Médio
6	File	/paysystem/datatable.php	predictive	Alto
7	File	/settings/account	predictive	Alto
8	File	act.php	predictive	Baixo
9	File	admin.php	predictive	Médio
10	File	xxxxx\xxxxx\xxxxxx_xxxx.xxx	predictive	Alto
11	File	xxx/xxxxx/xxxxxx-xxxxxx/xxxxxx-xxxx-xxxx.xxx	predictive	Alto
12	File	xxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Alto
14	File	xxxxx.xxxxxxxxxxx.xxx	predictive	Alto
15	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxxxx/xxxxxxxxxx/xxxx/xxx.x	predictive	Alto
17	File	xxx/xxxxxx.xxx	predictive	Alto
18	File	xxxxx.xxx	predictive	Médio
19	File	xxxxxx.xxx	predictive	Médio
20	File	xxxxxxxxxx.xxx	predictive	Alto
21	File	xxxxx.xxx	predictive	Médio
22	File	xxx/xxxxxxxxx/xxxxx_xxxx.x	predictive	Alto
23	File	xxx/xxxxx/xxx_xxxx.x	predictive	Alto
24	File	xxxxxxxxx.xxx	predictive	Alto
25	File	xxxxxx.xxx	predictive	Médio
26	File	xxxxxxx.xxx	predictive	Médio
27	File	xxxxxxx_xxxxxx_xxxxxxx.xxx	predictive	Alto
28	File	xxxxxxx_xxxx.xxx	predictive	Alto
29	File	xxxx.xxx	predictive	Médio
30	File	xxxxxxxx.xxx	predictive	Médio
31	File	xxxx.xxx	predictive	Médio
32	File	xxxx.xxx	predictive	Médio
33	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
34	File	xxx/xxx/xxxxxxx/xxxx.xxx	predictive	Alto
35	File	xxxx-xxxxxxxx.xxx	predictive	Alto
36	File	xxxxxxxxxx.xxx	predictive	Alto
37	File	\xx_xxxx\xxx\xxxxxxxx\xxxxxxxx_xxxxxxx.xx	predictive	Alto
38	Library	/_xxx_xxx/xxxxx.xxx	predictive	Alto
39	Library	xxxxxxxxxxxx_xxx.xxx	predictive	Alto
40	Argument	xxxxx	predictive	Baixo
41	Argument	xxx_xxxx_xx/xxx_xxxx_xxxxx	predictive	Alto
42	Argument	xxxxxxxx	predictive	Médio
43	Argument	xxx_xx	predictive	Baixo
44	Argument	xxxxxx xxxxxxxx	predictive	Alto
45	Argument	xxxxxxx	predictive	Baixo
46	Argument	xxx	predictive	Baixo
47	Argument	xxxxxx	predictive	Baixo
48	Argument	xxxxxxxx	predictive	Médio
49	Argument	xx	predictive	Baixo
50	Argument	xx/xxxx	predictive	Baixo
51	Argument	xxxx xxxxx	predictive	Médio
52	Argument	xxxxxxx	predictive	Baixo
53	Argument	xxxxxx	predictive	Baixo
54	Argument	xxxx	predictive	Baixo
55	Argument	xxxxxxxxx	predictive	Médio
56	Argument	xxxxxxxx_xx	predictive	Médio
57	Argument	xxxxxxxxxxxxxxx	predictive	Alto
58	Argument	xxxxxx	predictive	Baixo
59	Argument	xxxxxxxx	predictive	Médio
60	Argument	xxxxxxxx	predictive	Médio
61	Argument	xxxxxxxx	predictive	Médio
62	Argument	xxxxx	predictive	Baixo
63	Argument	xxxx/xxxx	predictive	Médio
64	Argument	xxxxx	predictive	Baixo
65	Input Value	"><xxx xxx=x xxxxxxx=xxxxx('xxxxxx+xx+xxxx')>	predictive	Alto
66	Input Value	::$xxxxx_xxxxxxxxxx	predictive	Alto
67	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	Alto
68	Network Port	xxx xxxxxx xxxx	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!