Darkkomet Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Lang

en	68
es	2

Land

us	42
ru	12
gb	4
it	2
ua	2

Skådespelare

Darkkomet	8
Adwind	2
NjRAT	2
Nanocore RAT	2
NetWire	2

Intressera

Typ

Not Defined	20
Content Management System	10
JavaScript Library	8
Domain Name Software	4
WordPress Plugin	4

Säljare

Not Defined	28
ISC	4
Byzoro	4
Schoolhos	2
GNU	2

Produkt

Node.js	8
WordPress	8
ISC BIND	4
Byzoro Smart S85F Management Platform	4
Schoolhos CMS	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.25	CVE-2010-0966
3	Totolink LR1200GB Web Interface cstecgi.cgi loginAuth minneskorruption	9.8	9.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.62	CVE-2024-1783
4	Drag and Drop Multiple File Upload Plugin SVG File dnd_codedropz_upload cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00102	0.00	CVE-2022-0595
5	Interactive Contact Form and Multi Step Form Builder Plugin cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.02	CVE-2023-4950
6	Byzoro Smart S85F Management Platform privilegier eskalering	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00207	0.05	CVE-2023-4121
7	Byzoro Smart S85F Management Platform importhtml.php privilegier eskalering	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00617	0.00	CVE-2023-4120
8	Campcodes Online Thesis Archiving System view_department.php sql injektion	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00073	0.04	CVE-2023-2144
9	CodeIgniter DB_query_builder.php or_like sql injektion	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00153	0.00	CVE-2022-40829
10	CodeIgniter DB_query_builder.php sql injektion	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00153	0.02	CVE-2022-40835
11	centreon Contact Groups Form formContactGroup.php sql injektion	6.3	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00212	0.04	CVE-2022-3827
12	Sourcecodehero ERP System Project processlogin.php sql injektion	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00170	0.10	CVE-2022-3118
13	CPG Dragonfly CMS MSAnalysis Module index.php sql injektion	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00918	0.03	CVE-2006-0727
14	Sophos SFOS Administration Service/User Portal sql injektion	9.1	8.9	$5k-$25k	$0-$5k	High	Official Fix	0.01655	0.08	CVE-2020-12271
15	ampleShop category.cfm sql injektion	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00621	0.02	CVE-2006-2038
16	ProFTPD mod_tls svag kryptering	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00473	0.00	CVE-2009-3639
17	OpenSSH GSS2 auth-gss2.c Username informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00257	0.00	CVE-2018-15919
18	OpenSSH Readonly Mode sftp-server.c process_open privilegier eskalering	5.3	5.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00660	0.05	CVE-2017-15906
19	Gempar Script Toko Online shop_display_products.php sql injektion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
20	ESMI PayPal Storefront products1h.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05468	0.00	CVE-2005-0936

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	5.189.137.8	vending.softjourn.if.ua	Darkkomet	24/01/2023	verified	Hög
2	12.167.151.119		Darkkomet	13/04/2022	verified	Hög
3	20.72.235.82		DarkKomet	07/09/2022	verified	Hög
4	20.81.111.85		DarkKomet	07/09/2022	verified	Hög
5	23.49.102.35	a23-49-102-35.deploy.static.akamaitechnologies.com	Darkkomet	03/06/2023	verified	Hög
6	23.221.227.172	a23-221-227-172.deploy.static.akamaitechnologies.com	DarkKomet	07/09/2022	verified	Hög
7	35.205.61.67	67.61.205.35.bc.googleusercontent.com	DarkKomet	07/09/2022	verified	Medium
8	XX.XX.XXX.XXX		Xxxxxxxxx	07/04/2022	verified	Hög
9	XX.XX.XXX.XX		Xxxxxxxxx	07/04/2022	verified	Hög
10	XX.XX.XXX.XXX		Xxxxxxxxx	07/04/2022	verified	Hög
11	XX.XX.XXX.X	xxx-xxxxxxxx.xxx.xxx.xxx	Xxxxxxxxx	13/04/2022	verified	Hög
12	XX.XXX.XXX.XXX	xxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xx	Xxxxxxxxx	07/09/2022	verified	Hög
13	XX.XX.X.XXX		Xxxxxxxxx	13/04/2022	verified	Hög
14	XX.XXX.XXX.XXX		Xxxxxxxxx	03/06/2023	verified	Hög
15	XX.XXX.XXX.XXX		Xxxxxxxxx	08/04/2022	verified	Hög
16	XX.XXX.XXX.XXX		Xxxxxxxxx	03/06/2023	verified	Hög
17	XXX.XX.XXX.XX		Xxxxxxxxx	13/04/2022	verified	Hög
18	XXX.XX.XXX.XX		Xxxxxxxxx	13/04/2022	verified	Hög
19	XXX.XXX.XXX.XXX		Xxxxxxxxx	24/09/2022	verified	Hög
20	XXX.XXX.XX.XXX		Xxxxxxxxx	07/09/2022	verified	Hög
21	XXX.XX.XXX.XX	xxxxxxxx-xxxxxx.xxxxxx.xxx	Xxxxxxxxx	13/04/2022	verified	Hög
22	XXX.XXX.X.XX		Xxxxxxxxx	25/04/2023	verified	Hög
23	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxxxxx	07/04/2022	verified	Hög
24	XXX.XXX.XXX.XX		Xxxxxxxxx	24/09/2022	verified	Hög
25	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxx	07/09/2022	verified	Hög
26	XXX.XXX.XXX.XX	xxxxxxxx.xx-xxx-xxx-xxx.xx	Xxxxxxxxx	07/09/2022	verified	Hög
27	XXX.XXX.XX.XX	xxxxxxxx.xxxx.xxx	Xxxxxxxxx	24/01/2023	verified	Hög
28	XXX.XX.XX.XXX		Xxxxxxxxx	07/09/2022	verified	Hög
29	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxx	Xxxxxxxxx	06/12/2021	verified	Hög
30	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxxxxx	07/04/2022	verified	Hög
31	XXX.XX.X.XXX	xx-xxx.xx.x.xxx.xxxxxxxxx.xxx	Xxxxxxxxx	07/04/2022	verified	Hög
32	XXX.XXX.XX.XX	xxxxxxx-xxx.xxxxxx.xxx	Xxxxxxxxx	13/04/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-19, CWE-20, CWE-59, CWE-119, CWE-121, CWE-287, CWE-399, CWE-400, CWE-404, CWE-502, CWE-617	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
4	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
9	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
12	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/admin/departments/view_department.php	predictive	Hög
2	File	/cgi-bin/cstecgi.cgi	predictive	Hög
3	File	/pages/processlogin.php	predictive	Hög
4	File	/SCRIPTPATH/index.php	predictive	Hög
5	File	admin/index.php	predictive	Hög
6	File	auth-gss2.c	predictive	Medium
7	File	xxxxxxx.xxx	predictive	Medium
8	File	xxxxxxxx.xxx	predictive	Medium
9	File	xxx-xxx/xxxxx/xxxxx.xxx	predictive	Hög
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
11	File	xxxxxxx.xxxx	predictive	Medium
12	File	xxxxxxxxxxxxxxxx.xxx	predictive	Hög
13	File	xxxxxxxxxx.xxx	predictive	Hög
14	File	xxx/xxxxxx.xxx	predictive	Hög
15	File	xxxxx.xxx	predictive	Medium
16	File	xxxx_xxxx.xxx	predictive	Hög
17	File	xxx?xxxx.xxx	predictive	Medium
18	File	xxxx.x	predictive	Låg
19	File	xxxx.xxx	predictive	Medium
20	File	xxxxxxxxxx.xxx	predictive	Hög
21	File	xxxxxxxx.xxx	predictive	Medium
22	File	xxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxx	predictive	Hög
23	File	xxxx-xxxxxx.x	predictive	Hög
24	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Hög
25	File	xxx/xxxxxxx.x	predictive	Hög
26	File	xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx	predictive	Hög
27	Library	/xxx/xxx/xxxx.xxx	predictive	Hög
28	Argument	xxxxxxxx	predictive	Medium
29	Argument	xxxxx	predictive	Låg
30	Argument	xxxx	predictive	Låg
31	Argument	xxx	predictive	Låg
32	Argument	xxx_xx	predictive	Låg
33	Argument	xx_xx	predictive	Låg
34	Argument	xxxx_xx	predictive	Låg
35	Argument	xxxxxxx-xxxxxx	predictive	Hög
36	Argument	xxxx_xxxxxx	predictive	Medium
37	Argument	xx	predictive	Låg
38	Argument	xxxx_xxxx	predictive	Medium
39	Argument	xx	predictive	Låg
40	Argument	xxxxx	predictive	Låg
41	Argument	xx_xxxx	predictive	Låg
42	Argument	xxxxxxx	predictive	Låg
43	Argument	xxxx	predictive	Låg
44	Argument	xxx	predictive	Låg
45	Argument	xxxx	predictive	Låg
46	Input Value	=x' xxx xxxx=xxxx xxx 'xxxx'='xxxx	predictive	Hög
47	Input Value	xxx?xxxx.xxx	predictive	Medium

Referenser (10)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!