Dkvn 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

语言

en	58
de	4
it	2

国家/地区

us	58
ca	2
au	2

演员

Dkvn	3
Zbot	1
Emotet	1

利益

类型

Not Defined	12
Content Management System	4
Operating System	2
E-Commerce Management Software	2
Web Server	2

供应商

Not Defined	14
Ecommerce Online	2
Ashley Brown	2
Thomas R. Pasawicz	2
Active Web Softwares	2

产品

Unix	2
Ecommerce Online Store Kit	2
PHPWind	2
Spidersales	2
Ashley Brown iWeb Server	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.23	CVE-2010-0966
3	magmi ajax_gettime.php 跨网站脚本	5.2	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00195	0.00	CVE-2017-7391
4	Audacity DLL Loader avformat-55.dll 权限升级	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00110	0.00	CVE-2017-1000010
5	Ashley Brown iWeb Server Encoded URL 目录遍历	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01582	0.00	CVE-2003-0475
6	Cisco IOS Point-to-Point Tunneling Protocol Server Memory 信息公开	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00264	0.02	CVE-2016-6398
7	Magento GraphQL API 跨网站请求伪造	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.03	CVE-2021-21027
8	Cloudera HUE LdapBackend 弱身份验证	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.00	CVE-2019-7319
9	Microsoft Windows CredSSP 弱身份验证	6.2	5.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.70801	0.02	CVE-2018-0886
10	Splunk Enterprise splunk-launch.conf 权限升级	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2017-18348
11	Spidersales viewCart.asp SQL注入	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00219	0.04	CVE-2004-0348
12	jforum User 权限升级	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.05	CVE-2019-7550
13	Active Web Softwares Active Business Directory default.asp SQL注入	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00064	0.00	CVE-2008-5972
14	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.13
15	Maran PHP Shop prod.php SQL注入	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00137	0.03	CVE-2008-4879
16	X-CMS PHP member_news.php SQL注入	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00153	0.00	CVE-2018-18887
17	Ecommerce Online Store Kit shop.php SQL注入	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.04	CVE-2004-0300
18	StashCat Backend Database Stored Remote Code Execution	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00060	0.00	CVE-2017-11136
19	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.09	CVE-2015-4134
20	BXCP index.php SQL注入	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00307	0.00	CVE-2006-0821

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	45.40.183.1	ip-45-40-183-1.ip.secureserver.net	Dkvn	2022-04-12	verified	高
2	XX.XXX.XXX.X	xxxxx.xxxxxxx.xxx	Xxxx	2022-04-12	verified	高
3	XXX.XX.XXX.XXX	xx.xxxxxxx.xxx.xx	Xxxx	2022-04-12	verified	高
4	XXX.XXX.XXX.XXX	xx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxx	2022-04-12	verified	高
5	XXX.XXX.XXX.XXX	xxxxxx.xxx	Xxxx	2022-04-12	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
8	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	$SPLUNK_HOME/etc/splunk-launch.conf	predictive	高
2	File	/etc/master.passwd	predictive	高
3	File	/etc/passwd	predictive	中
4	File	/forum/away.php	predictive	高
5	File	xxxxxx_xx.x	predictive	中
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
7	File	xxxxxxx.xxx	predictive	中
8	File	xxxxxxxx.xxx	predictive	中
9	File	xxxx.xxx	predictive	中
10	File	xxx/xxxxxx.xxx	predictive	高
11	File	xxxxx.xxx	predictive	中
12	File	xxxxx-xxx-xxxxxx/xxxxx/xxx/xxxx_xxxxxxx.xxx	predictive	高
13	File	xxxxxx/xxxxxx_xxxx.xxx	predictive	高
14	File	xxxx.xxx	predictive	中
15	File	xxxxxxxx.xxx	predictive	中
16	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	高
17	File	xxxx.xxx	predictive	中
18	File	xxxxxxxx.xxx	predictive	中
19	File	xxxxxxxx.xxx	predictive	中
20	Library	xxxxxxxx-xx.xxx	predictive	高
21	Argument	xxxxxx	predictive	低
22	Argument	xxxxxxxx	predictive	中
23	Argument	xxx	predictive	低
24	Argument	xxxxx	predictive	低
25	Argument	xx	predictive	低
26	Argument	xxxxxx	predictive	低
27	Argument	xxx	predictive	低
28	Argument	xxxx	predictive	低
29	Argument	xxx	predictive	低
30	Argument	xxxxxx	predictive	低
31	Input Value	%xx%xx%xx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!