DarkVNC Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
it12
ru4
es4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

it26
us16
fr6
gb4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

DarkVNC5
RedLine Stealer2
IcedID2
BazarBackdoor1
Stealc1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Content Management System10
Web Server6
File Transfer Software6
Photo Gallery Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft6
FileZilla4
ESMI2
Gallarific2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
ESMI PayPal Storefront2
Gallarific PHP Photo Gallery script2
Ovidentia2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Secomea GateManager insufficient privileges5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.04CVE-2022-25782
2Ovidentia fileman.php privileges management7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.352030.02CVE-2006-2811
3Plohni Shoutbox index.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001860.00CVE-2009-4767
4FileZilla FileZilla Server Terminal FTP Command memory corruption7.57.5$0-$5k$0-$5kHighNot Defined0.558650.05CVE-2005-3589
5Sendmail Access Restriction cryptographic issues7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005410.05CVE-2009-4565
6sitepress-multilingual-cms Plugin class-wp-installer.php cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
7Canonical Linux SSL Certificate authentication spoofing7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.005980.00CVE-2011-4408
8SBLIM Small Footprint CIM Broker POST Request cimom null pointer dereference6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.03CVE-2018-6644
9php-fusion downloads.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2020-12708
10Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001360.05CVE-2011-0519
11Gallery My Photo Gallery image.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
12Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.05
13ESMI PayPal Storefront products1h.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.054680.00CVE-2005-0936
14Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.05CVE-2004-0300
15Simple Real Estate Portal System sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2022-28410
16Infoblox NIOS access control6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2018-10239
17Microsoft Windows Win32k privileges management7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.03CVE-2021-1709
18php-fpm link following5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2015-3211
19ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count numeric error7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.019800.02CVE-2013-4359
20EmbedThis GoAhead cgi.c cgiHandler input validation7.77.5$0-$5k$0-$5kHighOfficial Fix0.974550.00CVE-2017-17562

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • DarkVNC

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.152.208.1352.152.208.135.dyn.user.ono.comDarkVNC08/13/2023verifiedHigh
220.211.121.138DarkVNC10/13/2023verifiedHigh
3XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx04/06/2024verifiedHigh
4XX.XXX.XX.XXXxxxxxx06/29/2022verifiedHigh
5XXX.XXX.XXX.XXXXxxxxxx07/27/2022verifiedHigh
6XXX.XX.XXX.XXXXxxxxxx11/01/2022verifiedHigh
7XXX.XXX.XX.XXXxxxxxx08/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cimompredictiveLow
2File/my_photo_gallery/image.phppredictiveHigh
3File/reps/classes/Users.php?f=delete_agentpredictiveHigh
4File/uncpath/predictiveMedium
5Filexxx.xpredictiveLow
6Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxx_xxxxxxxx.xpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxx.xpredictiveMedium
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxxxxxx.xxxpredictiveHigh
15Filexxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxxx.xxxpredictiveMedium
18Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
19ArgumentxxxxxxpredictiveLow
20ArgumentxxxxxxxxxxxxxxpredictiveHigh
21Argumentxxx_xxpredictiveLow
22ArgumentxxpredictiveLow
23ArgumentxxxxxpredictiveLow
24ArgumentxxxxpredictiveLow
25Argumentxxxxxx_xxxxpredictiveMedium
26Input Value//predictiveLow
27Input Valuex xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx)--predictiveHigh
28Network Portxxx/xxxx (xxx)predictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!