Dkvn Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (63)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60
it2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us56
ca2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dkvn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Content Management System4
Operating System4
Office Suite Software2
Cloud Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Microsoft4
Jadu Limited2
Apple2
Cloudera2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Jadu Limited Jadu CMS2
Unix2
Apple OS X Server2
Microsoft Office2
Cloudera HUE2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009432.13CVE-2010-0966
3magmi ajax_gettime.php cross site scripting5.25.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.00CVE-2017-7391
4Audacity DLL Loader avformat-55.dll access control6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2017-1000010
5Ashley Brown iWeb Server Encoded URL path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.015290.00CVE-2003-0475
6Cisco IOS Point-to-Point Tunneling Protocol Server Memory information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002640.00CVE-2016-6398
7Magento GraphQL API cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.03CVE-2021-21027
8Cloudera HUE LdapBackend improper authentication7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000810.00CVE-2019-7319
9Microsoft Windows CredSSP improper authentication6.25.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.708010.04CVE-2018-0886
10Splunk Enterprise splunk-launch.conf access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2017-18348
11Spidersales viewCart.asp sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.03CVE-2004-0348
12jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.06CVE-2019-7550
13Active Web Softwares Active Business Directory default.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2008-5972
14LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.83
15Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001370.00CVE-2008-4879
16X-CMS PHP member_news.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2018-18887
17Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.00CVE-2004-0300
18StashCat Backend Database Stored key management5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000600.00CVE-2017-11136
19PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.40CVE-2015-4134
20BXCP index.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.003070.00CVE-2006-0821

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.40.183.1ip-45-40-183-1.ip.secureserver.netDkvn04/12/2022verifiedHigh
2XX.XXX.XXX.Xxxxxx.xxxxxxx.xxxXxxx04/12/2022verifiedHigh
3XXX.XX.XXX.XXXxx.xxxxxxx.xxx.xxXxxx04/12/2022verifiedHigh
4XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxx04/12/2022verifiedHigh
5XXX.XXX.XXX.XXXxxxxxx.xxxXxxx04/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File$SPLUNK_HOME/etc/splunk-launch.confpredictiveHigh
2File/etc/master.passwdpredictiveHigh
3File/etc/passwdpredictiveMedium
4File/forum/away.phppredictiveHigh
5Filexxxxxx_xx.xpredictiveMedium
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxxxx.xxxpredictiveMedium
9Filexxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxx-xxx-xxxxxx/xxxxx/xxx/xxxx_xxxxxxx.xxxpredictiveHigh
13Filexxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
17Filexxxx.xxxpredictiveMedium
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxxxxx.xxxpredictiveMedium
20Libraryxxxxxxxx-xx.xxxpredictiveHigh
21ArgumentxxxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxpredictiveLow
24ArgumentxxxxxpredictiveLow
25ArgumentxxpredictiveLow
26ArgumentxxxxxxpredictiveLow
27ArgumentxxxpredictiveLow
28ArgumentxxxxpredictiveLow
29ArgumentxxxpredictiveLow
30ArgumentxxxxxxpredictiveLow
31Input Value%xx%xx%xxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!