DarkHydrus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (155)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en140
es6
de2
sv2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us146

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DarkHydrus1
APT331
DarkHydrus (.iqy)1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined38
Content Management System14
Operating System6
Forum Software6
Photo Gallery Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
SourceCodester4
E-topbiz2
Thomas R. Pasawicz2
Linux2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHPWind4
E-topbiz Viral DX 12
cmsimple2
Thomas R. Pasawicz HyperBook Guestbook2
Phpwebgallery2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.50CVE-2010-0966
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.12CVE-2020-15906
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.05CVE-2007-1287
5TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
6jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
7JForum jforum.page cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.001730.02CVE-2022-26173
8Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001270.04CVE-2018-25085
9Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.04CVE-2010-4240
10PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.50CVE-2007-0529
11Smartisoft phpBazar classified_right.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.09CVE-2006-2528
12JForum Login input validation6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001570.06CVE-2012-5338
13cpCommerce register.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.006410.03CVE-2007-2968
14LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.83
15Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000002.58
16PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.29CVE-2015-4134
17Advisto Peel SHOPPING caddie_ajout.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.04CVE-2018-20848
18Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.17CVE-2005-4222
19Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.59
20Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.04CVE-2008-2052

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • DarkHydrus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.130.88.9cm16.debounce.ioDarkHydrus12/22/2020verifiedHigh
2XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx08/29/2021verifiedHigh
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx12/16/2020verifiedHigh
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxxxxx12/16/2020verifiedHigh
5XXX.XX.XXX.XXXxxxxxxxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxXxxxxxxxxx12/22/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/obs/book.phppredictiveHigh
4File/opt/IBM/es/lib/libffq.cryptionjni.sopredictiveHigh
5File/register.dopredictiveMedium
6File4.3.0.CP04predictiveMedium
7Fileadclick.phppredictiveMedium
8Fileaddentry.phppredictiveMedium
9Fileadd_comment.phppredictiveHigh
10Filebook.phppredictiveMedium
11Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxxxx/xxx.xpredictiveMedium
14Filexxxxxxx_xxx.xxxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexx/xxxxxxx/xxxxxx_xxx.xpredictiveHigh
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxx.xxxxpredictiveMedium
28Filexxx/xxxx/xxx.xpredictiveHigh
29Filexxxxxxxxx.xpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxpredictiveMedium
35Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
36Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
37Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
38Filexxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
40Filexxxx-xxxxxxxx.xxxpredictiveHigh
41Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxx-xxxxx.xxxpredictiveHigh
43Filexxxx-xxxxxxxx.xxxpredictiveHigh
44Filexxxx/xxxxxxxx.xxxpredictiveHigh
45Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
46Filexx-xxxxx.xxxpredictiveMedium
47Filexx-xxxxxxxx.xxxpredictiveHigh
48Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveHigh
49Libraryxxx/xxx/xx/xxx/xxxxxx.xxxxxxxxxxx.xxpredictiveHigh
50Argument$xxxxpredictiveLow
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxpredictiveMedium
55Argumentxxxx_xxxxpredictiveMedium
56ArgumentxxxxxxxxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLow
58Argumentxxxxxxxxx[x]predictiveMedium
59Argumentxx_xx_xxxx_xxxxpredictiveHigh
60ArgumentxxxxpredictiveLow
61ArgumentxxxxpredictiveLow
62Argumentxxxxxx/xxxxxpredictiveMedium
63ArgumentxxpredictiveLow
64Argumentxxxxxxxx_xxxpredictiveMedium
65Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxxxxxxxxxxpredictiveHigh
68ArgumentxxxxxpredictiveLow
69Argumentxx_xxxxpredictiveLow
70ArgumentxxxxxxxxxxpredictiveMedium
71ArgumentxxpredictiveLow
72ArgumentxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxxpredictiveLow
75Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
76Argumentxxxx_xxxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!