NetDooka Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en128

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de128

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NetDooka1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined74
Web Browser8
WordPress Plugin8
Content Management System6
Cloud Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Cisco10
Siemens6
Google6
Aruba6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome6
Aruba AirWave Management Platform4
D-Link DVA-28004
D-Link DSL-2888A4
Cisco SD-WAN4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Panasonic AiSEG2 Header improper authentication9.29.2$5k-$25k$0-$5kNot DefinedNot Defined0.000530.03CVE-2023-28727
2Panasonic AiSEG2 os command injection8.48.4$5k-$25k$5k-$25kNot DefinedNot Defined0.001860.02CVE-2023-28726
3Aruba ClearPass OnGuard Agent privileges management7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.00CVE-2023-25590
4Aruba AOS-CX Network Analytics Engine Privilege Escalation7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001710.04CVE-2023-1168
5Aruba ClearPass Policy Manager Web-based Management Interface improper authorization7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000890.00CVE-2023-25594
6Netgear Orbi Router RBR750 HTTP Request os command injection8.48.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000970.05CVE-2022-37337
7Hsycms Add Category Module cate.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001860.08CVE-2023-1349
8Sage XRT Business Exchange Add Currencies/Payment Order/Transfer History sql injection7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000710.00CVE-2022-34324
9TRENDnet TEW755AP wizard_ipv6 stack-based overflow7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001900.00CVE-2022-46583
10Elvexys StreamX HTML Component path traversal5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.00CVE-2022-4778
11Mozilla Thunderbird WebGL use after free6.46.2$5k-$25k$5k-$25kNot DefinedOfficial Fix0.002080.00CVE-2022-46880
12Aruba EdgeConnect Enterprise Web Management Interface Privilege Escalation8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.001370.00CVE-2022-44533
13Aruba Networks ArubaOS PAPI command injection9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003210.04CVE-2022-37897
14House Rental System view-property.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002230.04CVE-2022-4274
15SimplePress Plugin cross site scripting5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4027
16Mozilla Firefox window.print denial of service4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001030.00CVE-2022-42929
17Juniper Junos OS/Junos OS Evolved RPD toctou5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000950.00CVE-2022-22225
18Academy Learning Management System cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002120.00CVE-2022-38553
19Modern Campus Omni CMS login-page sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001580.06CVE-2022-40766
20XPDF AcroForm.cc memory corruption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2022-36561

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1195.201.81.165static.165.81.201.195.clients.your-server.deNetDooka04/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/ZRMacClone/mac_addr_clonepredictiveHigh
2File/controller/publishHotel.php&amppredictiveHigh
3File/fuelCM/fuel/pages/edit/1?lang=englishpredictiveHigh
4File/interface/main/backup.phppredictiveHigh
5File/view-property.phppredictiveHigh
6File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
7File/xxxx/xxxxxxxx.xxpredictiveHigh
8Filexxx/xxxxx/xxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
9Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
10Filexxxx/xxpredictiveLow
11Filexxxxxxxx/xxxxx-xxxx-xxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
14File\xxxxx\xxxxxxxxxxxpredictiveHigh
15ArgumentxxxxpredictiveLow
16ArgumentxxxxxxxxxxxpredictiveMedium
17ArgumentxxxxxxxpredictiveLow
18ArgumentxxxxpredictiveLow
19Argumentxxxxx/xxxxxxxpredictiveHigh
20Argumentxxxxxxx/xxxxxpredictiveHigh
21ArgumentxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxxpredictiveLow
24Argumentxxxxxxxx_xxpredictiveMedium
25Argumentxxxxxx_xxxxpredictiveMedium
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxxxxxxxxpredictiveMedium
28ArgumentxxxxxxpredictiveLow
29ArgumentxxxpredictiveLow
30ArgumentxxxxxxxpredictiveLow
31Argumentxxxxxxxxx_xxxxx_xxxxxxx_xpredictiveHigh
32ArgumentxxxxxpredictiveLow
33ArgumentxxxxxpredictiveLow
34Argumentx-xxxxxxxxx-xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!