Dacls RAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

タイムライン

言語

en100
de2
fr2
ja2
es2

国・地域

us88
me16
gb4

アクター

Dacls RAT6
Cobalt Strike5
Lazarus4
STRRAT3
Raccoon2

アクティビティ

関心

タイムライン

タイプ

Not Defined20
Operating System6
Content Management System6
File Compression Software2
Chip Software2

ベンダー

Not Defined12
Microsoft8
Joomla4
RARLabs2
NUUO2

製品

Microsoft Windows6
Joomla CMS4
RARLabs WinRAR2
NUUO Network Video Recorder2
Qualcomm Snapdragon Auto2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1BD Totalys MultiProcessor 弱い認証8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
2Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 特権昇格5.35.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000470.00CVE-2023-1453
3WordPress AdServe adclick.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507
4Microsoft Windows HMAC Key Derivation Local Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.03CVE-2023-36400
5RARLabs WinRAR ZIP Archive Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.443730.04CVE-2023-38831
6Maran PHP Shop prod.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.001370.05CVE-2008-4879
7PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.03CVE-2015-4134
8LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.28
9phpMyAdmin Redirect url.php 特権昇格7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.007640.06CVE-2015-7873
10Microsoft Windows Internet Shortcut File Remote Code Execution7.57.1$25k-$100k$5k-$25kHighOfficial Fix0.003630.06CVE-2024-21412
11Microsoft Windows MSHTML Platform Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.015450.03CVE-2023-35628
12Microsoft Windows Common Log File System Driver Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001970.00CVE-2023-36424
13Twister Antivirus IoControlCode filmfd.sys 0x801120E4 特権昇格6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.03CVE-2023-1007
14JBoss KeyCloak Incomplete Fix CVE-2020-10748 クロスサイトスクリプティング4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.001140.02CVE-2023-6134
15LMS Plugin SQLインジェクション8.18.0$0-$5k$0-$5kNot DefinedNot Defined0.000800.05CVE-2022-45820
16CodeAstro Internet Banking System pages_system_settings.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.03CVE-2023-5694
17Gambio GX gv_mail.php SQLインジェクション4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.02CVE-2020-10982
18Microsoft Visual Studio Remote Code Execution6.15.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000530.05CVE-2023-36759
19PHP pdo_mysql メモリ破損7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007920.03CVE-2022-31626
20Microsoft SQL Server Privilege Escalation7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.012570.00CVE-2022-29143

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.125.125.5Dacls RAT2019年12月17日verified
223.81.246.179Dacls RAT2019年12月17日verified
323.227.196.11623-227-196-116.static.hvvc.usDacls RAT2019年12月17日verified
4XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxx.xxxx.xxXxxxx Xxx2019年12月17日verified
5XX.XXX.XXX.XXXxxxx Xxx2019年12月17日verified
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxx.xxxx.xxXxxxx Xxx2019年12月17日verified
7XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxx2019年12月17日verified
8XX.XXX.XXX.XXXXxxxx Xxx2019年12月17日verified
9XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxx2019年12月17日verified
10XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxxx Xxx2019年12月17日verified
11XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxXxxxx Xxx2019年12月17日verified
12XXX.XX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxxx Xxx2019年12月17日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/forum/away.phppredictive
2File/out.phppredictive
3File/uncpath/predictive
4Fileadclick.phppredictive
5Filexxxxx/xx_xxxx.xxxpredictive
6Filexxxx.xxxpredictive
7Filexxxx.xxxpredictive
8Filexxxxxx_xxxx_xxxxxx.xxxpredictive
9Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictive
10Filexxxx.xxxpredictive
11Filexxxxxxxx.xxpredictive
12Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictive
13Filexxx.xxxpredictive
14Libraryxxxxxx.xxxpredictive
15Libraryxxx_xxxxxxx.xxxpredictive
16Libraryxxxx-xxxxxx.xxxpredictive
17Argumentxxxpredictive
18Argumentxxxxxxxxxpredictive
19Argumentxxpredictive
20Argumentxxxxxxxxpredictive
21Argumentxxxxxxxx_xxxpredictive
22Argumentxxxx_xxxpredictive
23Argumentxxx_xxxxpredictive
24Argumentxxxpredictive
25Input Value<xxxxxx >xxxxx(xxx)</xxxxxx>predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!