DarkHydrus Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (155)

Tidslinje

Lang

en140
es10
de2
zh2
fr2

Land

us146

Skådespelare

DarkHydrus1
APT331
DarkHydrus (.iqy)1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined38
Content Management System16
Forum Software4
Groupware Software2
Chat Software2

Säljare

Not Defined32
Tiki4
EFS2
Bitrix2
Thomas R. Pasawicz2

Produkt

WordPress4
PHPWind4
Tiki Wiki CMS Groupware2
EFS Easy Chat Server2
Tiki2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.25CVE-2010-0966
3Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009365.03CVE-2020-15906
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
5TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.87CVE-2006-6168
6jforum User privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
7JForum jforum.page förfalskning på begäran över webbplatsen4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2022-26173
8Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.04CVE-2018-25085
9Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2010-4240
10PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003741.10CVE-2007-0529
11Smartisoft phpBazar classified_right.php privilegier eskalering6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.03CVE-2006-2528
12JForum Login privilegier eskalering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
13cpCommerce register.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.006410.03CVE-2007-2968
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.26
15Pligg cloud.php sql injektion6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.67
16PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.14CVE-2015-4134
17Advisto Peel SHOPPING caddie_ajout.php förfalskning på begäran över webbplatsen6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.04CVE-2018-20848
18Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.24CVE-2005-4222
19Serendipity exit.php privilegier eskalering6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.53
20Bitrix Site Manager redirect.php privilegier eskalering5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052

Kampanjer (1)

These are the campaigns that can be associated with the actor:

  • DarkHydrus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
194.130.88.9cm16.debounce.ioDarkHydrus22/12/2020verifiedHög
2XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx29/08/2021verifiedHög
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx16/12/2020verifiedHög
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx16/12/2020verifiedHög
5XXX.XX.XXX.XXXxxxxxxxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxXxxxxxxxxx22/12/2020verifiedHög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-59, CWE-73, CWE-119, CWE-189, CWE-287, CWE-352, CWE-369, CWE-399, CWE-400, CWE-404, CWE-416, CWE-862, CWE-863Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHög
3File/obs/book.phppredictiveHög
4File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHög
5File/register.dopredictiveMedium
6File4.3.0.CP04predictiveMedium
7Fileadclick.phppredictiveMedium
8Fileaddentry.phppredictiveMedium
9Fileadd_comment.phppredictiveHög
10Filebook.phppredictiveMedium
11Filexxxxxxxxxx_xxxxx.xxxpredictiveHög
12Filexxxxx.xxxpredictiveMedium
13Filexxxxxx/xxx.xpredictiveMedium
14Filexxxxxxx_xxx.xxxpredictiveHög
15Filexxxxxx.xxxpredictiveMedium
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHög
20Filexxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveHög
23Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveHög
24Filexxx/xxxxxx.xxxpredictiveHög
25Filexxxxx.xxxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxx.xxxxpredictiveMedium
28Filexxx/xxxx/xxx.xpredictiveHög
29Filexxxxxxxxx.xpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxpredictiveMedium
35Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHög
36Filexxxxxxxx_xxxxxx.xxxpredictiveHög
37Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHög
38Filexxxxxxxxxxxxxx.xxxpredictiveHög
39Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveHög
40Filexxxx-xxxxxxxx.xxxpredictiveHög
41Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHög
42Filexxxx-xxxxx.xxxpredictiveHög
43Filexxxx-xxxxxxxx.xxxpredictiveHög
44Filexxxx/xxxxxxxx.xxxpredictiveHög
45Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHög
46Filexx-xxxxx.xxxpredictiveMedium
47Filexx-xxxxxxxx.xxxpredictiveHög
48Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveHög
49Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHög
50Argument$xxxxpredictiveLåg
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxpredictiveMedium
55Argumentxxxx_xxxxpredictiveMedium
56ArgumentxxxxxxxxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLåg
58Argumentxxxxxxxxx[x]predictiveMedium
59Argumentxx_xx_xxxx_xxxxpredictiveHög
60ArgumentxxxxpredictiveLåg
61ArgumentxxxxpredictiveLåg
62Argumentxxxxxx/xxxxxpredictiveMedium
63ArgumentxxpredictiveLåg
64Argumentxxxxxxxx_xxxpredictiveMedium
65Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHög
66ArgumentxxxxpredictiveLåg
67ArgumentxxxxxxxxxxxxxxxpredictiveHög
68ArgumentxxxxxpredictiveLåg
69Argumentxx_xxxxpredictiveLåg
70ArgumentxxxxxxxxxxpredictiveMedium
71ArgumentxxpredictiveLåg
72ArgumentxxxpredictiveLåg
73ArgumentxxxxpredictiveLåg
74ArgumentxxxpredictiveLåg
75Argumentxxxxxxxx/xxxxxxxxpredictiveHög
76Argumentxxxx_xxxxxpredictiveMedium

Referenser (5)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!