Dkvn Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Curso de tempo

Idioma

en56
de4
sv2
it2

País

us58
au2

Actores

Dkvn3
Zbot1
Emotet1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined14
Content Management System4
Forum Software2
E-Commerce Management Software2
Office Suite Software2

Fabricante

Not Defined12
Jadu Limited2
DZCP2
Thomas R. Pasawicz2
Ecommerce Online2

Produto

Jadu Limited Jadu CMS2
DZCP deV!L`z Clanportal2
Thomas R. Pasawicz HyperBook Guestbook2
jforum2
Ecommerce Online Store Kit2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
3magmi ajax_gettime.php Roteiro Cruzado de Sítios5.25.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.00CVE-2017-7391
4Audacity DLL Loader avformat-55.dll direitos alargados6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2017-1000010
5Ashley Brown iWeb Server Encoded URL Directório Traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.015820.00CVE-2003-0475
6Cisco IOS Point-to-Point Tunneling Protocol Server Memory Divulgação de Informação5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.02CVE-2016-6398
7Magento GraphQL API Falsificação de Pedido Cross Site4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.06CVE-2021-21027
8Cloudera HUE LdapBackend Fraca autenticação7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000810.00CVE-2019-7319
9Microsoft Windows CredSSP Fraca autenticação6.25.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.708010.02CVE-2018-0886
10Splunk Enterprise splunk-launch.conf direitos alargados7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-18348
11Spidersales viewCart.asp Injecção SQL9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.04CVE-2004-0348
12jforum User direitos alargados5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
13Active Web Softwares Active Business Directory default.asp Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2008-5972
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.19
15Maran PHP Shop prod.php Injecção SQL7.37.3$0-$5k$0-$5kHighUnavailable0.001370.03CVE-2008-4879
16X-CMS PHP member_news.php Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2018-18887
17Ecommerce Online Store Kit shop.php Injecção SQL9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
18StashCat Backend Database Stored Remote Code Execution5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000600.00CVE-2017-11136
19PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.22CVE-2015-4134
20BXCP index.php Injecção SQL7.37.0$0-$5k$0-$5kHighOfficial Fix0.003070.00CVE-2006-0821

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
145.40.183.1ip-45-40-183-1.ip.secureserver.netDkvn12/04/2022verifiedAlto
2XX.XXX.XXX.Xxxxxx.xxxxxxx.xxxXxxx12/04/2022verifiedAlto
3XXX.XX.XXX.XXXxx.xxxxxxx.xxx.xxXxxx12/04/2022verifiedAlto
4XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxx12/04/2022verifiedAlto
5XXX.XXX.XXX.XXXxxxxxx.xxxXxxx12/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveAlto
2File/etc/master.passwdpredictiveAlto
3File/etc/passwdpredictiveMédio
4File/forum/away.phppredictiveAlto
5Filexxxxxx_xx.xpredictiveMédio
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxxxx.xxxpredictiveMédio
8Filexxxxxxxx.xxxpredictiveMédio
9Filexxxx.xxxpredictiveMédio
10Filexxx/xxxxxx.xxxpredictiveAlto
11Filexxxxx.xxxpredictiveMédio
12Filexxxxx-xxx-xxxxxx/xxxxx/xxx/xxxx_xxxxxxx.xxxpredictiveAlto
13Filexxxxxx/xxxxxx_xxxx.xxxpredictiveAlto
14Filexxxx.xxxpredictiveMédio
15Filexxxxxxxx.xxxpredictiveMédio
16Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
17Filexxxx.xxxpredictiveMédio
18Filexxxxxxxx.xxxpredictiveMédio
19Filexxxxxxxx.xxxpredictiveMédio
20Libraryxxxxxxxx-xx.xxxpredictiveAlto
21ArgumentxxxxxxpredictiveBaixo
22ArgumentxxxxxxxxpredictiveMédio
23ArgumentxxxpredictiveBaixo
24ArgumentxxxxxpredictiveBaixo
25ArgumentxxpredictiveBaixo
26ArgumentxxxxxxpredictiveBaixo
27ArgumentxxxpredictiveBaixo
28ArgumentxxxxpredictiveBaixo
29ArgumentxxxpredictiveBaixo
30ArgumentxxxxxxpredictiveBaixo
31Input Value%xx%xx%xxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!