DarkVision RAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

言語

en	44
de	4
pl	2

国・地域

cn	16
us	10

アクター

Nanocore RAT	1
AsyncRAT	1
Remcos	1
STRRAT	1
NetWire RC	1

関心

タイプ

Not Defined	28
Packet Analyzer Software	2
Web Server	2
Groupware Software	2
Operating System	2

ベンダー

Not Defined	18
Microsoft	4
Cellinx NVT	2
lirantal	2
HashiCorp	2

製品

Cellinx NVT IP PTZ Camera	2
Composer	2
lirantal daloradius	2
tcpdump	2
Tiny File Manager	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Sophos Firewall User Portal/Webadmin 特権昇格	8.5	8.5	$0-$5k	$0-$5k	High	Not Defined	0.12788	0.04	CVE-2022-3236
2	Microsoft Windows Win32k 特権昇格	8.1	8.0	$25k-$100k	$5k-$25k	High	Official Fix	0.97176	0.00	CVE-2019-1458
3	Softnext SPAM SQR 特権昇格	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00143	0.04	CVE-2023-24835
4	Textpattern Plug-In 特権昇格	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2021-30209
5	ZyXEL GS1900 Function Call libsal.so 特権昇格	7.6	7.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00042	0.00	CVE-2021-35032
6	PopojiCMS Backend Plugin 特権昇格	7.1	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00072	0.00	CVE-2022-47766
7	Apache DolphinScheduler Script Alert Plugin Parameter 特権昇格	8.0	8.0	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00139	0.00	CVE-2022-45875
8	Fontsy Plugin SQLインジェクション	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04713	0.00	CVE-2022-4447
9	frontaccounting faplanet ディレクトリトラバーサル	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.08	CVE-2014-125080
10	zephyrproject-rtos Zephyr Slot 0 情報の漏洩	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00064	0.00	CVE-2022-0553
11	SugarCRM Email Template 特権昇格	7.1	7.0	$0-$5k	$0-$5k	High	Official Fix	0.38004	0.00	CVE-2023-22952
12	gmail-servlet Model.java search SQLインジェクション	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.04	CVE-2014-125075
13	Qualcomm WSA8835 Boot メモリ破損	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2022-40516
14	Centos Panel 7 HTTP Request index.php 特権昇格	8.0	7.9	$0-$5k	$0-$5k	High	Official Fix	0.97374	0.05	CVE-2022-44877
15	lirantal daloradius Privilege Escalation	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00080	0.05	CVE-2023-0046
16	Popup Maker Plugin Shortcode Attribute クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00056	0.02	CVE-2022-4381
17	TRENDnet TEW755AP reject メモリ破損	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00190	0.00	CVE-2022-46591
18	Isode M-Link Archive Server 未知の脆弱性	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00064	0.03	CVE-2022-47634
19	Jasig CAS Server Google Account SamlUtils.java XML External Entity	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00438	0.00	CVE-2014-2296
20	TRENDnet TEW755AP setup_wizard_mydlink メモリ破損	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00190	0.04	CVE-2022-46588

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.153.240.147		DarkVision RAT	2024年04月08日	verified	高
2	XX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxxxx.xxxxx.xx	Xxxxxxxxxx Xxx	2024年04月08日	verified	高
3	XXX.XXX.XX.XX		Xxxxxxxxxx Xxx	2024年04月08日	verified	高
4	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxxxx.xxxxx.xx	Xxxxxxxxxx Xxx	2024年04月08日	verified	高

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/category_view.php	predictive	高
2	File	/cgi-bin/wapopen	predictive	高
3	File	/goform/WifiBasicSet	predictive	高
4	File	/login/index.php	predictive	高
5	File	/xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxx	predictive	高
6	File	/xxxxxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxxx	predictive	高
7	File	/xxx	predictive	低
8	File	xxxxxx.xxx	predictive	中
9	File	xxxx/xxx/xxxxx/xxx/xxxx/xxxxxxxxx.xxxx	predictive	高
10	File	xxx_xxxxx.xxx	predictive	高
11	File	xxxxx-xxxxx.x	predictive	高
12	File	xxxx.xxx	predictive	中
13	File	xxxxx/xxx/xxxx.xxx.xxx	predictive	高
14	File	xxx/xxx/xxxxxxx.x	predictive	高
15	File	xxx/xxxxx.xxxx	predictive	高
16	File	xxxxxxxxxxxxxxx.xxx	predictive	高
17	Library	xxxxxx.xx	predictive	中
18	Argument	xxx	predictive	低
19	Argument	xxxx/xxxxxxxxxx	predictive	高
20	Argument	xxxxxxxxxx	predictive	中
21	Argument	xxxx_xxxxxx	predictive	中
22	Argument	xx_xxxxx/xxxxxxxxxx	predictive	高
23	Argument	xxxx_xx	predictive	低
24	Argument	xxxxxx_xxx	predictive	中
25	Argument	xxx_xxxxxxx	predictive	中
26	Argument	xxxxxx	predictive	低
27	Input Value	../..	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!