Allakore Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (96)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en72
de22
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us56
de16
ca4
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Allakore5
Cobalt Strike2
NetWire1
IcedID1
ActionRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Content Management System8
Programming Language Software6
Learning Management Software6
Multimedia Player Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
IBM4
Mozilla2
BMW2
Apple2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Moodle6
Mozilla Firefox2
Mozilla Thunderbird2
PHP2
W3 Total Cache Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.76CVE-2010-0966
374CMS Company Logo Index.php#sendCompanyLogo unrestricted upload6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2561
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.70CVE-2020-15906
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.41
6phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003171.07CVE-2005-3791
7Indexu register.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedWorkaround0.000000.06
8Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.36
9MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.76CVE-2007-0354
10Untis WebUntis cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.03CVE-2020-22453
11DragDropCart productdetail.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
12Michael Salzer Guestbox gbshow.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.042830.02CVE-2006-0860
13Vunet VU Web Visitor Analyst redir.asp sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.001190.10CVE-2010-2338
14DolphinPHP User Management Page cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000530.05CVE-2022-1086
15LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.28
16vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.20CVE-2007-6138
17Dataiku DSS Project access control6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2021-27225
18payfort-php-SDK success.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.004630.02CVE-2018-19188
19MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
20Cisco Linksys EA2700 URL information disclosure4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.236.143.214mail213.mailerview.tropicalstrength.comAllakore03/20/2024verifiedHigh
223.254.136.60client-23-254-136-60.hostwindsdns.comAllakore03/20/2024verifiedHigh
323.254.138.211box.adminco.latAllakore03/20/2024verifiedHigh
423.254.202.85client-23-254-202-85.hostwindsdns.comAllakore03/20/2024verifiedHigh
5XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedHigh
6XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedHigh
7XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedHigh
8XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedHigh
9XXX.XX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedHigh
10XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedHigh
11XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx09/07/2021verifiedHigh
12XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx03/20/2024verifiedHigh
13XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx03/20/2024verifiedHigh
14XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx03/20/2024verifiedHigh
15XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx03/20/2024verifiedHigh
16XXX.XXX.XX.XXXxxxxxx-xxx-xxx-xx-xxx.xxxxxxxxxxxx.xxxXxxxxxxx03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (51)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/controller/company/Index.php#sendCompanyLogopredictiveHigh
2File/forum/away.phppredictiveHigh
3File/wordpress/wp-admin/admin.phppredictiveHigh
4Fileadclick.phppredictiveMedium
5Fileadmin/index.phppredictiveHigh
6Filecloud.phppredictiveMedium
7Filedata/gbconfiguration.datpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxxxxx.xxxpredictiveMedium
11Filexxxx.xxxpredictiveMedium
12Filexxx/xxxxxx.xxxpredictiveHigh
13Filexxxx_xxxx.xxxpredictiveHigh
14Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexxx_xxxx.xxxpredictiveMedium
21Filexxxxx/xxxxxxx/predictiveHigh
22Filexxxxxx.xxxpredictiveMedium
23FilexxxpredictiveLow
24Filexxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxx-xxxxx.xxxpredictiveHigh
31Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxxxxxxxpredictiveMedium
34Argumentxxxx_xxpredictiveLow
35ArgumentxxxxxxxpredictiveLow
36ArgumentxxxxxxxpredictiveLow
37ArgumentxxxxxpredictiveLow
38ArgumentxxxxpredictiveLow
39Argumentxxxx_xxpredictiveLow
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxpredictiveLow
42ArgumentxxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxxxpredictiveMedium
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxxxxxpredictiveMedium
46ArgumentxxxxxxxpredictiveLow
47Argumentxxxxxxx_xxpredictiveMedium
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxxpredictiveLow
50ArgumentxxxxpredictiveLow
51ArgumentxxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!