Darkkomet 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

时间轴

语言

en66
es2
de2

国家/地区

us46
ru12
ua2
it2
fr2

演员

Darkkomet9
Adwind2
NjRAT2
Nanocore RAT2
NetWire2

活动

利益

时间轴

类型

Not Defined22
Content Management System12
JavaScript Library6
Programming Language Software4
Vehicle Software4

供应商

Not Defined26
Byzoro4
Daimler4
Sourcecodehero2
Maran2

产品

WordPress6
Node.js4
Byzoro Smart S85F Management Platform4
Sourcecodehero ERP System Project2
DokuWiki2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k计算HighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.38CVE-2010-0966
3Totolink LR1200GB Web Interface cstecgi.cgi loginAuth 内存损坏9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-1783
4Drag and Drop Multiple File Upload Plugin SVG File dnd_codedropz_upload 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2022-0595
5Interactive Contact Form and Multi Step Form Builder Plugin 跨网站脚本5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.02CVE-2023-4950
6Byzoro Smart S85F Management Platform 权限升级7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002070.08CVE-2023-4121
7Byzoro Smart S85F Management Platform importhtml.php 权限升级7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.006170.00CVE-2023-4120
8Campcodes Online Thesis Archiving System view_department.php SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.08CVE-2023-2144
9CodeIgniter DB_query_builder.php or_like SQL注入8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-40829
10CodeIgniter DB_query_builder.php SQL注入8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2022-40835
11centreon Contact Groups Form formContactGroup.php SQL注入6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002120.08CVE-2022-3827
12Sourcecodehero ERP System Project processlogin.php SQL注入8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.04CVE-2022-3118
13CPG Dragonfly CMS MSAnalysis Module index.php SQL注入6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.009180.00CVE-2006-0727
14Sophos SFOS Administration Service/User Portal SQL注入9.18.9$5k-$25k$0-$5kHighOfficial Fix0.016550.03CVE-2020-12271
15ampleShop category.cfm SQL注入7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.04CVE-2006-2038
16ProFTPD mod_tls 弱加密6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004730.00CVE-2009-3639
17OpenSSH GSS2 auth-gss2.c Username 信息公开5.35.2$5k-$25k$5k-$25kNot DefinedWorkaround0.002570.04CVE-2018-15919
18OpenSSH Readonly Mode sftp-server.c process_open 权限升级5.35.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006600.00CVE-2017-15906
19Gempar Script Toko Online shop_display_products.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
20ESMI PayPal Storefront products1h.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.189.137.8vending.softjourn.if.uaDarkkomet2023-01-24verified
212.167.151.119Darkkomet2022-04-13verified
320.72.235.82DarkKomet2022-09-07verified
420.81.111.85DarkKomet2022-09-07verified
523.49.102.35a23-49-102-35.deploy.static.akamaitechnologies.comDarkkomet2023-06-03verified
623.221.227.172a23-221-227-172.deploy.static.akamaitechnologies.comDarkKomet2022-09-07verified
735.205.61.6767.61.205.35.bc.googleusercontent.comDarkKomet2022-09-07verified
8XX.XX.XXX.XXXXxxxxxxxx2022-04-07verified
9XX.XX.XXX.XXXxxxxxxxx2022-04-07verified
10XX.XX.XXX.XXXXxxxxxxxx2022-04-07verified
11XX.XX.XXX.Xxxx-xxxxxxxx.xxx.xxx.xxxXxxxxxxxx2022-04-13verified
12XX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xxXxxxxxxxx2022-09-07verified
13XX.XX.X.XXXXxxxxxxxx2022-04-13verified
14XX.XXX.XXX.XXXXxxxxxxxx2023-06-03verified
15XX.XXX.XXX.XXXXxxxxxxxx2022-04-08verified
16XX.XXX.XXX.XXXXxxxxxxxx2023-06-03verified
17XXX.XX.XXX.XXXxxxxxxxx2022-04-13verified
18XXX.XX.XXX.XXXxxxxxxxx2022-04-13verified
19XXX.XXX.XXX.XXXXxxxxxxxx2022-09-24verified
20XXX.XXX.XX.XXXXxxxxxxxx2022-09-07verified
21XXX.XX.XXX.XXxxxxxxxx-xxxxxx.xxxxxx.xxxXxxxxxxxx2022-04-13verified
22XXX.XXX.X.XXXxxxxxxxx2023-04-25verified
23XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxxx2022-04-07verified
24XXX.XXX.XXX.XXXxxxxxxxx2022-09-24verified
25XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxx2022-09-07verified
26XXX.XXX.XXX.XXxxxxxxxx.xx-xxx-xxx-xxx.xxXxxxxxxxx2022-09-07verified
27XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxxx2023-01-24verified
28XXX.XX.XX.XXXXxxxxxxxx2022-09-07verified
29XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxxxxx.xxxXxxxxxxxx2021-12-06verified
30XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx2022-04-07verified
31XXX.XX.X.XXXxx-xxx.xx.x.xxx.xxxxxxxxx.xxxXxxxxxxxx2022-04-07verified
32XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxxx2022-04-13verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/departments/view_department.phppredictive
2File/cgi-bin/cstecgi.cgipredictive
3File/pages/processlogin.phppredictive
4File/SCRIPTPATH/index.phppredictive
5Fileadmin/index.phppredictive
6Fileauth-gss2.cpredictive
7Filexxxxxxx.xxxpredictive
8Filexxxxxxxx.xxxpredictive
9Filexxx-xxx/xxxxx/xxxxx.xxxpredictive
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
11Filexxxxxxx.xxxxpredictive
12Filexxxxxxxxxxxxxxxx.xxxpredictive
13Filexxxxxxxxxx.xxxpredictive
14Filexxx/xxxxxx.xxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxx_xxxx.xxxpredictive
17Filexxx?xxxx.xxxpredictive
18Filexxxx.xpredictive
19Filexxxx.xxxpredictive
20Filexxxxxxxxxx.xxxpredictive
21Filexxxxxxxx.xxxpredictive
22Filexxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxxpredictive
23Filexxxx-xxxxxx.xpredictive
24Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
25Filexxx/xxxxxxx.xpredictive
26Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictive
27Library/xxx/xxx/xxxx.xxxpredictive
28Argumentxxxxxxxxpredictive
29Argumentxxxxxpredictive
30Argumentxxxxpredictive
31Argumentxxxpredictive
32Argumentxxx_xxpredictive
33Argumentxx_xxpredictive
34Argumentxxxx_xxpredictive
35Argumentxxxxxxx-xxxxxxpredictive
36Argumentxxxx_xxxxxxpredictive
37Argumentxxpredictive
38Argumentxxxx_xxxxpredictive
39Argumentxxpredictive
40Argumentxxxxxpredictive
41Argumentxx_xxxxpredictive
42Argumentxxxxxxxpredictive
43Argumentxxxxpredictive
44Argumentxxxpredictive
45Argumentxxxxpredictive
46Input Value=x' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictive
47Input Valuexxx?xxxx.xxxpredictive

参考 (10)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!