Drinik Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (313)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	258
it	22
de	10
fr	8
es	6

Country

us	236
es	68
it	2
de	2

Actors

Drinik	4
Cobalt Strike	2
TrickBot	1
APT36	1
Remcos	1

Activities

Interest

Timeline

Type

Not Defined	54
Content Management System	14
Operating System	12
Forum Software	12
Programming Language Software	8

Vendor

Not Defined	56
Microsoft	18
Siemens	6
IBM	4
Cisco	2

Product

Microsoft Windows	10
Siemens SPPA-T3000 MS3000 Migration Server	6
Microsoft Office	4
IBM QRadar	2
Cisco IOS	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.78	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.02016	0.02	CVE-2007-1192
3	Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00110	0.00	CVE-2010-4240
4	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.92
5	Tiki TikiWiki tiki-editpage.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01194	0.03	CVE-2004-1386
6	JForum jforum.page cross-site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.02	CVE-2022-26173
7	Tiki Admin Password tiki-login.php improper authentication	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.33	CVE-2020-15906
8	HP Storage Data Protector memory corruption	10.0	10.0	$25k-$100k	$0-$5k	High	Not Defined	0.52178	0.06	CVE-2014-2623
9	AlstraSoft AskMe Pro register.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
10	Siemens SPPA-T3000 MS3000 Migration Server Service Port 5010 integer overflow	6.4	6.3	$5k-$25k	$5k-$25k	Not Defined	Workaround	0.00275	0.04	CVE-2019-18304
11	Siemens SPPA-T3000 MS3000 Migration Server Service Port 7061 stack-based overflow	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00097	0.04	CVE-2019-18310
12	Microsoft Windows OpenType Font Parser memory corruption	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.05608	0.04	CVE-2019-1456
13	Microsoft Windows Win32k information disclosure	4.9	4.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00049	0.00	CVE-2019-1440
14	Microsoft Windows GDI information disclosure	4.9	4.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02481	0.00	CVE-2019-1439
15	Expinion.net News Manager Lite comment_add.asp cross site scripting	4.3	3.8	$0-$5k	$0-$5k	Unproven	Official Fix	0.00607	0.02	CVE-2004-1845
16	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	6.65	CVE-2006-6168
17	My Link Trader out.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
18	Openads adclick.php Remote Code Execution	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01871	0.17	CVE-2007-2046
19	WordPress wp-register.php cross site scripting	4.3	4.2	$5k-$25k	$0-$5k	High	Unavailable	0.00533	0.05	CVE-2007-5106
20	PHPizabi template.class.php assignuser information disclosure	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00507	0.05	CVE-2008-2018

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	78.110.116.82	78.110.116.82.asiatech.cloud	Drinik	04/03/2024	verified	High
2	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxx	04/03/2024	verified	High
3	XXX.X.XXX.XX	xxx-x-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxx	04/03/2024	verified	High
4	XXX.XX.XXX.XX	xxx-xx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxx	04/02/2024	verified	High
5	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxx	04/03/2024	verified	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
7	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (96)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/forum/away.php	predictive	High
2	File	/out.php	predictive	Medium
3	File	/php-sms/classes/Master.php	predictive	High
4	File	adclick.php	predictive	Medium
5	File	add.php/del.php	predictive	High
6	File	addentry.php	predictive	Medium
7	File	add_comment.php	predictive	High
8	File	admin.php	predictive	Medium
9	File	admin/index.php	predictive	High
10	File	admin/scripts/FileUploader/php.php	predictive	High
11	File	case.filemanager.php	predictive	High
12	File	cashconfirm.php	predictive	High
13	File	channels/chan_skinny.c	predictive	High
14	File	cloud.php	predictive	Medium
15	File	xxxxxxxx.xxx	predictive	Medium
16	File	xxxxxxx_xxx.xxx	predictive	High
17	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
18	File	xx/xxxxx/xxxxxx_xxxxx.xxx	predictive	High
19	File	xxxx.xxx	predictive	Medium
20	File	xxxx.xxx	predictive	Medium
21	File	xxxxxxxxx.xxx	predictive	High
22	File	xxx/xxxxxx.xxx	predictive	High
23	File	xxxxx.xxxx	predictive	Medium
24	File	xxxxx.xxx	predictive	Medium
25	File	xxxxxx.xxxx	predictive	Medium
26	File	xxxx.xxx	predictive	Medium
27	File	xxxxxxx/xxx.xxx	predictive	High
28	File	xxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxx	predictive	High
29	File	xxxxxxxxx.xxx	predictive	High
30	File	xxx_xxxx.xxx	predictive	Medium
31	File	xxxx.xxx	predictive	Medium
32	File	xxxxx.xxx	predictive	Medium
33	File	xxxxxxxx.xx	predictive	Medium
34	File	xxxxxxxx.xxx	predictive	Medium
35	File	xxxxxxxxxx.xxx	predictive	High
36	File	xxxxxxxx.xxx	predictive	Medium
37	File	xxxxxxxx.xxx	predictive	Medium
38	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	High
39	File	xxxxxx.xxx	predictive	Medium
40	File	xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	High
41	File	xxxxxxx-xxxxxxx.xxx	predictive	High
42	File	xxxxxxxx.xxxxx.xxx	predictive	High
43	File	xxxx-xxxxxxxx.xxx	predictive	High
44	File	xxxx-xxxx_xxxx_xxxxxxx.xxx	predictive	High
45	File	xxxx-xxxxx.xxx	predictive	High
46	File	xxxx-xxxxxxxx.xxx	predictive	High
47	File	xxxxxxx/xxxxxxxx.xxx	predictive	High
48	File	xxx.xxx	predictive	Low
49	File	xxxx/xxxxxxxx.xxx	predictive	High
50	File	xxxxx.xxx	predictive	Medium
51	File	xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx	predictive	High
52	File	xx-xxxxxxxx.xxx	predictive	High
53	Library	xxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxx	predictive	High
54	Library	xxxxxxxxx.x.x.xxx.xxx	predictive	High
55	Library	xxxxxxxx.xxx	predictive	Medium
56	Library	xxxxxxxx.xxx	predictive	Medium
57	Argument	$xxx_xxxx	predictive	Medium
58	Argument	$xxxx	predictive	Low
59	Argument	xx_xxxxx_xxx_xxxx	predictive	High
60	Argument	xxxxxxxx	predictive	Medium
61	Argument	xxx	predictive	Low
62	Argument	xxxxxxxxxx	predictive	Medium
63	Argument	xxxxxxxxx[x]	predictive	Medium
64	Argument	xxxxxxx	predictive	Low
65	Argument	xxxx	predictive	Low
66	Argument	xxxxxxx	predictive	Low
67	Argument	xxxxxxx	predictive	Low
68	Argument	xxxxx	predictive	Low
69	Argument	xx_xxxxx_xx	predictive	Medium
70	Argument	xxxxxxx	predictive	Low
71	Argument	xxxx_xxxxx	predictive	Medium
72	Argument	xxxx	predictive	Low
73	Argument	xxxxxxxx	predictive	Medium
74	Argument	xx	predictive	Low
75	Argument	xx_xxxx	predictive	Low
76	Argument	xxxx	predictive	Low
77	Argument	xxxxxxx	predictive	Low
78	Argument	xxx	predictive	Low
79	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	High
80	Argument	xxxxxx	predictive	Low
81	Argument	xx	predictive	Low
82	Argument	xxxx	predictive	Low
83	Argument	xxxxxxxx	predictive	Medium
84	Argument	xxxx_xxxx	predictive	Medium
85	Argument	xxx	predictive	Low
86	Argument	xxxxx	predictive	Low
87	Argument	xxxxxxxxxxxxxxx	predictive	High
88	Argument	xxx	predictive	Low
89	Argument	xxxx	predictive	Low
90	Argument	xxxxx	predictive	Low
91	Argument	xxx	predictive	Low
92	Argument	xxxx_xxxxx	predictive	Medium
93	Argument	xxxx_xxxxx	predictive	Medium
94	Input Value	xxxxx.xxx	predictive	Medium
95	Network Port	xxx/xxxx	predictive	Medium
96	Network Port	xxx/xxxx	predictive	Medium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!