Dkvn Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Tidslinje

Lang

en56
de4
it2
pl2

Land

us58
ca4

Skådespelare

Dkvn2

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined14
Programming Language Software2
Office Suite Software2
Android App Software2
E-Commerce Management Software2

Säljare

Not Defined14
Maran2
Microsoft2
Ecommerce Online2
DZCP2

Produkt

Maran PHP Shop2
Microsoft Office2
StashCat2
PHPWind2
BXCP2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.81CVE-2010-0966
3magmi ajax_gettime.php cross site scripting5.25.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.00CVE-2017-7391
4Audacity DLL Loader avformat-55.dll privilegier eskalering6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2017-1000010
5Ashley Brown iWeb Server Encoded URL kataloggenomgång5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.015820.03CVE-2003-0475
6Cisco IOS Point-to-Point Tunneling Protocol Server Memory informationsgivning5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.02CVE-2016-6398
7Magento GraphQL API förfalskning på begäran över webbplatsen4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.03CVE-2021-21027
8Cloudera HUE LdapBackend svag autentisering7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000810.00CVE-2019-7319
9Microsoft Windows CredSSP svag autentisering6.25.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.708010.02CVE-2018-0886
10Splunk Enterprise splunk-launch.conf privilegier eskalering7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-18348
11Spidersales viewCart.asp sql injektion9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.04CVE-2004-0348
12jforum User privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
13Active Web Softwares Active Business Directory default.asp sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2008-5972
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.34
15Maran PHP Shop prod.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.001370.03CVE-2008-4879
16X-CMS PHP member_news.php sql injektion8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2018-18887
17Ecommerce Online Store Kit shop.php sql injektion9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
18StashCat Backend Database Stored Remote Code Execution5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000600.00CVE-2017-11136
19PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.04CVE-2015-4134
20BXCP index.php sql injektion7.37.0$0-$5k$0-$5kHighOfficial Fix0.003070.00CVE-2006-0821

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.40.183.1ip-45-40-183-1.ip.secureserver.netDkvn12/04/2022verifiedHög
2XX.XXX.XXX.Xxxxxx.xxxxxxx.xxxXxxx12/04/2022verifiedHög
3XXX.XX.XXX.XXXxx.xxxxxxx.xxx.xxXxxx12/04/2022verifiedHög
4XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxx12/04/2022verifiedHög
5XXX.XXX.XXX.XXXxxxxxx.xxxXxxx12/04/2022verifiedHög

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1059CWE-94Argument InjectionpredictiveHög
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
8TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveHög
2File/etc/master.passwdpredictiveHög
3File/etc/passwdpredictiveMedium
4File/forum/away.phppredictiveHög
5Filexxxxxx_xx.xpredictiveMedium
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxxxx.xxxpredictiveMedium
9Filexxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHög
11Filexxxxx.xxxpredictiveMedium
12Filexxxxx-xxx-xxxxxx/xxxxx/xxx/xxxx_xxxxxxx.xxxpredictiveHög
13Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHög
14Filexxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHög
17Filexxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxxxxx.xxxpredictiveMedium
20Libraryxxxxxxxx-xx.xxxpredictiveHög
21ArgumentxxxxxxpredictiveLåg
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxpredictiveLåg
24ArgumentxxxxxpredictiveLåg
25ArgumentxxpredictiveLåg
26ArgumentxxxxxxpredictiveLåg
27ArgumentxxxpredictiveLåg
28ArgumentxxxxpredictiveLåg
29ArgumentxxxpredictiveLåg
30ArgumentxxxxxxpredictiveLåg
31Input Value%xx%xx%xxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!