Darkode Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (325)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en308
de6
fr6
es4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us150
ru14
ir14
fr8
gb6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Zeus3
Chthonic2
Dorkbot2
Ngioweb2
Sandworm2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined122
Firewall Software20
Operating System18
Content Management System16
Smartphone Operating System16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined92
Cisco30
Google12
Apache10
Apple10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA18
Linux Kernel10
Google Android6
PHP6
Google Chrome6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2PHPGurukul Nipah Virus Testing Management System password-recovery.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.10CVE-2023-6648
3Schneider Electric Modicon M340 SNMP Server Truncate unusual condition6.46.2$0-$5k$0-$5kNot DefinedWorkaround0.002240.04CVE-2019-6813
4Samsung Galaxy Store AppsPackageInstaller input validation6.56.4$0-$5kCalculatingNot DefinedOfficial Fix0.000420.03CVE-2022-33708
5EPrints Latex os command injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014020.04CVE-2021-26476
6Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget authorization5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.04CVE-2021-24914
7Google Chrome WebView Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001110.00CVE-2021-37990
8Microsoft Exchange Server Remote Code Execution7.37.0$5k-$25k$0-$5kHighOfficial Fix0.568450.00CVE-2021-26858
9CentOS Web Panel ajax_list_accounts.php sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.006870.00CVE-2020-15619
10Ay System Solutions CMS home.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.011680.00CVE-2006-4441
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.03CVE-2017-0055
12MikroTik RouterOS Winbox improper authentication8.28.0$0-$5k$0-$5kHighOfficial Fix0.974530.07CVE-2018-14847
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.05CVE-2017-5611
14Cisco IOS XR access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2016-9215
15Fluent Bit Embedded HTTP Server heap-based overflow9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.17CVE-2024-4323
16Linux Kernel batman-adv infinite loop5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2024-35982
17Linux Kernel fbmon fb_videomode_from_videomode divide by zero5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2024-35922
18Campcodes Online Examination System updateQuestion.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.38CVE-2024-4918
19realmag777 WOLF Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-34558
20wpdevteam Essential Addons for Elementor Plugin cross site scripting4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000450.05CVE-2024-4003

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
180.82.66.204no-reverse-dns-configured.comDarkode10/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (144)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File%PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.predictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3File/admin/search-appointment.phppredictiveHigh
4File/cgi-bin/user/Config.cgipredictiveHigh
5File/config/php.inipredictiveHigh
6File/htdocs/cgibinpredictiveHigh
7File/myprofile.phppredictiveHigh
8File/uncpath/predictiveMedium
9File/videotalkpredictiveMedium
10File/web/MCmsAction.javapredictiveHigh
11File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
12Fileactivity_log.phppredictiveHigh
13Fileadm/systools.asppredictiveHigh
14Fileadmin/getparam.cgipredictiveHigh
15Fileadmin/media/index.php"predictiveHigh
16FileadminCons.phppredictiveHigh
17Filexxxx_xxxx_xxxxxxxx.xxxpredictiveHigh
18Filexxxx-xxxxxxx.xpredictiveHigh
19Filexxx.xpredictiveLow
20Filexxx-xxx/xxxxxxpredictiveHigh
21Filexxx.xxxpredictiveLow
22Filexxx/xxx?xxxxpredictiveMedium
23Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
24Filexxxxxx/xxx.xpredictiveMedium
25Filexxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
26Filexxxxxxx/xxxxxxx/xxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx-xxxxxx.xxxpredictiveHigh
31Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
32Filexx/xxxxxxx.xpredictiveMedium
33Filexxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxxxx.xxxpredictiveHigh
38Filexxxxx/xxxxxxxxxxxxxxpredictiveHigh
39Filexxx/xxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxxx.xpredictiveMedium
43Filexxxxxxxxx/xxxx_xxxxxxx/xxxxxxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Filexxxxx/?xxxxxx=xxxxxxx&xxxxpredictiveHigh
46Filexxxxxxxxxx/xxxx.xpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxxxxxx.xpredictiveMedium
49Filexx/xxxxxxxxx.xpredictiveHigh
50Filexxx_xxx_xxxxxx.xpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxpredictiveHigh
53Filexxx.xpredictiveLow
54Filexxx/xxxxx/xxx_xxxxx.xpredictiveHigh
55Filexxxxxxxx.xpredictiveMedium
56Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxx_xxxxx.xxxpredictiveHigh
61Filexxxxx_xxxxx.xxxpredictiveHigh
62Filexxxxxx.xxxpredictiveMedium
63Filexxxxxx.xxxxpredictiveMedium
64Filexxxxxx.xxxpredictiveMedium
65Filexxxx.xxxpredictiveMedium
66Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
67Filexxx/xxxx/xxxx/xxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
68Filexxx_xxxxxxxx.xpredictiveHigh
69Filexxxxxxxxx/xxxx/xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
70Filexxxx-xxxxxxxx.xxxpredictiveHigh
71Filexxx/xxx/xxx_xx.xpredictiveHigh
72Filexxxxxxx/xxx_xxxx_xxx.xxxpredictiveHigh
73Filexxxxxxxxxxxxxx.xxxpredictiveHigh
74Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
75Filexxxx.xxxpredictiveMedium
76Filexxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxxx.xxxpredictiveMedium
78Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
79Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
80Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxxxxxx.xxxpredictiveHigh
81Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xx-xxxx-xxxxxxxxx-xxpredictiveHigh
82Filexx-xxxxx/xxxx.xxxpredictiveHigh
83Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
84Filexx-xxxx.xxxpredictiveMedium
85Libraryxxxxxxxxx.x.x.xxx.xxxpredictiveHigh
86Libraryxxxxxx.xxxpredictiveMedium
87Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
88ArgumentxxxxxxpredictiveLow
89ArgumentxxxxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx_xxxpredictiveMedium
92Argumentxxx_xxpredictiveLow
93ArgumentxxxpredictiveLow
94Argumentxxxx_xxxx_xxxxxxx_xxxxx_xxxxxxxpredictiveHigh
95Argumentxxxxx->xxxxpredictiveMedium
96Argumentxxxxx xxxxxpredictiveMedium
97ArgumentxxxxpredictiveLow
98ArgumentxxxxxxxpredictiveLow
99ArgumentxxxxxxxxpredictiveMedium
100Argumentxxxx_xxpredictiveLow
101Argumentxxxx_xxxxxxxxxx_xxxpredictiveHigh
102ArgumentxxxxpredictiveLow
103ArgumentxxxxpredictiveLow
104ArgumentxxpredictiveLow
105Argumentxxxxx_xxpredictiveMedium
106Argumentxxxx_xxpredictiveLow
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109Argumentxx_xxxxxxx_xxxxpredictiveHigh
110Argumentxxxxxxx_xxxx[xx][xxxxxxxx]predictiveHigh
111Argumentxxxxx_xxx_xxx_xxxx_xx_xxxxxxxpredictiveHigh
112Argumentxxxx_xxxxpredictiveMedium
113ArgumentxxxxpredictiveLow
114ArgumentxxxxpredictiveLow
115ArgumentxxxxpredictiveLow
116Argumentxxxx[xxxxxxxxxxxxxxxxx]predictiveHigh
117Argumentxxxxx_xxxx_xxxxpredictiveHigh
118ArgumentxxxxxpredictiveLow
119ArgumentxxxpredictiveLow
120ArgumentxxxxxpredictiveLow
121ArgumentxxxxxxxxpredictiveMedium
122ArgumentxxxxxxxxxxpredictiveMedium
123Argumentxxxxxxxx[xxxx]predictiveHigh
124ArgumentxxxxxxxxpredictiveMedium
125Argumentxxxx_xxpredictiveLow
126ArgumentxxxxxpredictiveLow
127ArgumentxxxxxpredictiveLow
128ArgumentxxxxpredictiveLow
129Argumentxxx xxxxxxx xxxxpredictiveHigh
130ArgumentxxxxxxxxpredictiveMedium
131Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
132Argumentx_xxxxpredictiveLow
133ArgumentxxxxpredictiveLow
134Argumentxxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxxpredictiveHigh
135Argumentx-xxxxxxxxx-xxxpredictiveHigh
136ArgumentxxxxpredictiveLow
137Argument_xxxxxpredictiveLow
138Input Value">[xxxxxx]xxxxx(xxxxxxxx.xxxxxx);[/xxxxxx]<!--predictiveHigh
139Input Valuex%xxxx%xxx=xpredictiveMedium
140Input Value<xxxxxx>xxxxx(x)</xxxxxx>xxxpredictiveHigh
141Input Valuexxxxxx=xxx&xxxxxxxx=xxxxxxx.*predictiveHigh
142Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
143Network PortxxxpredictiveLow
144Network Portxxx/xxx (xxxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!