D0nut Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (241)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en152
ru58
zh22
es4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us122
ru66
cn34
gb16
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TrickBot10
RedLine Stealer6
Conti4
Cobalt Strike3
DCRat3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined98
Operating System10
Web Server8
Application Server Software8
JavaScript Library6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined74
Apache14
Microsoft12
Bitrix6
VMware4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
jQuery4
Apache HTTP Server4
Microsoft Exchange Server4
Linux Kernel4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.76CVE-2010-0966
3Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.04CVE-2022-27228
4jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.019000.00CVE-2020-11023
5ILIAS Cloze Test Text gap Persistent cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.06CVE-2019-1010237
6Oracle WebLogic Server Web Container path traversal5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.645980.05CVE-2013-3827
7Yii Framework runAction sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003640.00CVE-2023-26750
8Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.020740.05CVE-2022-46463
9Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
10nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.88CVE-2020-12440
11Atlassian JIRA Server/Data Center QueryComponent!Default.jspa information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006280.03CVE-2020-14179
12WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
13Bitrix24 server-side request forgery8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.005210.02CVE-2020-13484
14Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kHighOfficial Fix0.971640.05CVE-2022-40684
15Apache Tomcat HTTP Digest Authentication Implementation improper authentication8.27.1$5k-$25k$0-$5kUnprovenOfficial Fix0.003420.02CVE-2012-5887
16TEM FLEX-1080/FLEX-1085 Log log.cgi information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.001500.09CVE-2022-1077
17F5 BIG-IP iControl REST Authentication bash missing authentication9.89.6$5k-$25k$0-$5kHighOfficial Fix0.974790.05CVE-2022-1388
18Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974490.00CVE-2022-22954
19Apache Groovy MethodClosure.java MethodClosure injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.022890.00CVE-2015-3253
20LightCMS External Image NEditorController.php Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006750.00CVE-2021-27112

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
183.149.93.150D0nut11/09/2023verifiedHigh
2XX.XXX.XX.Xxxxxxxxxxxxxxxxxxx.xxxXxxxx11/09/2023verifiedHigh
3XXX.XX.XXX.XXxxx.xxxxx.xxxXxxxx11/09/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (116)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index2.htmlpredictiveHigh
2File/admin/login.phppredictiveHigh
3File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
4File/mgmt/tm/util/bashpredictiveHigh
5File/mifs/c/i/reg/reg.htmlpredictiveHigh
6File/secure/QueryComponent!Default.jspapredictiveHigh
7File/secure/ViewCollectorspredictiveHigh
8File/SessionpredictiveMedium
9File/usr/bin/pkexecpredictiveHigh
10File/xAdmin/html/cm_doclist_view_uc.jsppredictiveHigh
11File/xxl-job-admin/jobinfopredictiveHigh
12Fileadclick.phppredictiveMedium
13Fileadd_comment.phppredictiveHigh
14Filexxxxx/xxxxxxx.xxxpredictiveHigh
15Filexxx-xxx/xxxxxxx.xxpredictiveHigh
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
19Filex_xxxxxxpredictiveMedium
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx_xxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxx_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
26Filexx/xxxxx/xxxxxxx.xpredictiveHigh
27Filexxxxxxxxxxx.xpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxx/xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxx/xxxxxxx/xxxxxpredictiveHigh
33Filexxxxx.xxpredictiveMedium
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxx_xxxxxxx.xxxxpredictiveHigh
37Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
38Filexxx.xxxpredictiveLow
39Filexxxxx-xxxx-xxxx.xxxpredictiveHigh
40Filexxxxxxxxxxxx.xxxpredictiveHigh
41Filexxx_xxxxx_xxxx.xpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
44Filexxx_xxxxxx.xxxxpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
49Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxx.xxpredictiveMedium
51Filexxxxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
53Filexxxx.xxxpredictiveMedium
54Filexxxx.xxpredictiveLow
55Filexxxxxxxx_xxxx.xxxpredictiveHigh
56Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxx_xxx_xxxxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxxx.xxxpredictiveHigh
60Filexxxxx.xpredictiveLow
61Filexxx-xxx/predictiveMedium
62Filexxxxxxx/xxx/xxxxxxxpredictiveHigh
63Filexx-xxxx.xxxpredictiveMedium
64Filexx-xxxxxxxxx.xxxpredictiveHigh
65Argument*xxxxpredictiveLow
66ArgumentxxpredictiveLow
67ArgumentxxxxxxxxxxxxpredictiveMedium
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxpredictiveMedium
72Argumentxxx_xxpredictiveLow
73Argumentxxxxxx_xxpredictiveMedium
74ArgumentxxxxxxpredictiveLow
75Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
76ArgumentxxxxpredictiveLow
77ArgumentxxxpredictiveLow
78ArgumentxxxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxpredictiveLow
80Argumentxx_xxxx/xxxxx/xxxpredictiveHigh
81Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxxxx_xxxxx_xxxpredictiveHigh
85Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
86ArgumentxxxxpredictiveLow
87ArgumentxxxxpredictiveLow
88Argumentxxxx_xxxxxpredictiveMedium
89ArgumentxxpredictiveLow
90ArgumentxxxxxxpredictiveLow
91ArgumentxxxxxxxpredictiveLow
92Argumentxxxx_xxxxxx_xxxxxx_xxxxpredictiveHigh
93ArgumentxxxxxxpredictiveLow
94Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
98ArgumentxxxxxxxxxpredictiveMedium
99Argumentxxxxxxxx_xxpredictiveMedium
100Argumentxxxxxxx xxxxxpredictiveHigh
101ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
102ArgumentxxxxxxpredictiveLow
103ArgumentxxxxxxpredictiveLow
104Argumentxxxxxx_xxxpredictiveMedium
105ArgumentxxxxxxpredictiveLow
106Argumentxx_xxpredictiveLow
107Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
108ArgumentxxxxxpredictiveLow
109ArgumentxxpredictiveLow
110ArgumentxxxxxxpredictiveLow
111Argument_xxxxxx[xxxxxxxx_xxxx]predictiveHigh
112Input Value/xxxxxx/..%xxpredictiveHigh
113Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
114Pattern__xxxxxxxxx=predictiveMedium
115Network PortxxxxpredictiveLow
116Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!