Ekipa RAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (166)

タイムライン

言語

en104
de22
ja22
zh4
fr2

国・地域

us162
ru4

アクター

Ekipa RAT4
Cobalt Strike3
RedLine Stealer3
Rhadamanthys2
Ave Maria2

アクティビティ

関心

タイムライン

タイプ

Not Defined78
Photo Gallery Software10
Content Management System8
Forum Software6
Mail Server Software6

ベンダー

Not Defined56
Microsoft8
Atlassian4
Coinsoft Technologies4
Fortinet4

製品

Bludit6
Atlassian Data Center4
ferretCMS4
Coinsoft Technologies phpCOIN4
Microsoft Windows4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Hassan Consulting Shopping Cart shop.cgi ディレクトリトラバーサル5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.021490.06CVE-2000-0921
2Squitosoft Squito Gallery photolist.inc.php メモリ破損7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.04CVE-2005-2258
3PhotoPost PhotoPost vBGallery File Upload upload.php 特権昇格6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.06CVE-2008-7088
4Midicart Software MidiCart PHP Shopping Cart search_list.php クロスサイトスクリプティング6.36.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.073380.03CVE-2005-1502
5HP Integrated Lights-Out 情報の漏洩9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.022860.02CVE-2012-3271
6Dell EMC PowerScale OneFS master.passwd 未知の脆弱性4.14.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.00CVE-2022-22563
7Asternic Flash Operator Panel User Control Panel 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002140.04CVE-2018-5694
8Ilohamail クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.06
9Cybernetikz Easy Social Icons Authentication admin.php 未知の脆弱性6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005540.00CVE-2015-2084
10HD FLV PLayer Plugin functions.php hd_update_media SQLインジェクション7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.15CVE-2012-10011
11Franklin Fueling Systems Colibri Controller Module ディレクトリトラバーサル8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.647720.07CVE-2021-46417
12Fortinet FortiADC クロスサイトスクリプティング6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000700.04CVE-2022-38374
13FacileForms facileforms.frame.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018450.02CVE-2008-2990
14htmltonuke htmltonuke.php 特権昇格7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.018490.04CVE-2006-0308
15SimpleBoard file_upload.php 特権昇格8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.128910.00CVE-2006-3528
16Skrypty Ppa Gallery functions.inc.php メモリ破損7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.02CVE-2005-2199
17Mamboxchange Extended Registration registration_detailed.inc.php 特権昇格7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050540.04CVE-2006-5254
18EyouCMS Index.php wechat_return XML External Entity5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2021-42194
19BD Totalys MultiProcessor 弱い認証8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
20Sennheiser HeadSetup Certificates SennComCCKey.pem Key 弱い認証5.75.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.004570.05CVE-2018-17612

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
185.208.136.130Ekipa RAT2024年02月27日verified
2146.70.87.148Ekipa RAT2024年02月27日verified
3XXX.XX.XX.XXXXxxxx Xxx2024年02月27日verified
4XXX.XX.XX.XXXXxxxx Xxx2024年02月27日verified
5XXX.XXX.XXX.XXXXxxxx Xxx2024年02月27日verified
6XXX.XXX.XXX.XXXXxxxx Xxx2024年02月27日verified
7XXX.XX.XX.XXXXxxxx Xxx2024年02月27日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (159)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/bl-plugins/backup/plugin.phppredictive
2File/cgi-bin/nightled.cgipredictive
3File/controller/Index.phppredictive
4File/etc/master.passwdpredictive
5File/etc/passwdpredictive
6File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
7File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictive
8File/secure/admin/RestoreDefaults.jspapredictive
9File/wmiwizard.jsppredictive
10Fileaccounts/inc/include.phppredictive
11Fileacrotxt.phppredictive
12Fileaddpost_newpoll.phppredictive
13Fileadmin.phppredictive
14Fileadmin.php/index/upload because app/common/service/UploadService.phppredictive
15Fileadmin/handlers.phppredictive
16FileadminBoards.phppredictive
17FileadminSmileys.phppredictive
18Fileakocomments.phppredictive
19Fileampie.swfpredictive
20Filexxxxxxxxxxx/xxxxxx/xxxxxx.xxxpredictive
21Filexxxxxxxx.xxxxxxx.xxxpredictive
22Filexxxxxxxxx/xxxxx.xxxpredictive
23Filexx-xxxxxx/xxxx/xxxxxx-xxxx.xxxpredictive
24Filexx-xxxxxx/xxxxx/xxxxxxxxxxx/xxxx-xxxxxxxx.xxxpredictive
25Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictive
26Filexx-xxxxxx/xxxxxxxx.xxxxx.xxxpredictive
27Filexx_xxxxxxxxx_xxxx.xxxpredictive
28Filexx_xxxxxxxxxx_xxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexx_xxxx.xxxpredictive
31Filexxxx_xxxxxxx.xxxpredictive
32Filexxx-xxx/xxxxxxx.xxpredictive
33Filexxx-xxx/xxxxxxxx.xxxpredictive
34Filexxxx_xxxxxxxx/xx.xxxpredictive
35Filexxxxxxxx_xxxxxxx.xxxpredictive
36Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictive
37Filexxxxxxxxx.xxxpredictive
38Filexxxxxxxxxxx\xxxxx.xxxpredictive
39Filexxx.xxxpredictive
40Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictive
41Filexxxxxx.xxxpredictive
42Filexxxxxxx.xxxpredictive
43Filexxxxxxxxxxxxxxx.xxxpredictive
44Filexxxxxxxx_xxx.xxxpredictive
45Filexxxxxxxx.xxpredictive
46Filexxxxxxxx.xxx.xxxpredictive
47Filexxxxxxxxxxx.xxxxx.xxxpredictive
48Filexxxxx_xxxxxx.xpredictive
49Filexxxx_xxxxxx.xxxpredictive
50Filexxxxxxxxx.xxxpredictive
51Filexxxxxxx.xxxpredictive
52Filexxxxxxxxxx.xxxpredictive
53Filexxxxx_xxxxxx.xxxpredictive
54Filexxxxxxxxx.xxxpredictive
55Filexxx/xxxxxxxxx.xxx.xxxpredictive
56Filexxx_xxxxxxxxxxxxxx.xxxpredictive
57Filexxxxx.xxxpredictive
58Filexxxx.xxx.xxxpredictive
59Filexxxxxxx.xxxxxxxxxx.xxxpredictive
60Filexxxxxxxxxx/xxxxx.xxpredictive
61Filexxxx_xxxx.xxxpredictive
62Filexxx_xxxxxxx.xxxpredictive
63Filexxxxx.xxxpredictive
64Filexxx_xxxx.xxxpredictive
65Filexxxx.xxxpredictive
66Filexxxxxxxxxxxxx.xxxxpredictive
67Filexxxxxxxxx.xxxpredictive
68Filexxx_xxxxx.xxxpredictive
69Filexxxxx.xxxxxxxxxx.xxxpredictive
70Filexxxxxxxxx.xxx.xxxpredictive
71Filexxxxxxxx.xxxpredictive
72Filexxxxxxxxxxxxxxxxxxxxxxxxxxx!xxxxxxx.xxxxpredictive
73Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictive
74Filexxxxxxx_xxxxxx_xxxxx.xxxpredictive
75Filexxxxxxx_xxxxxx_xxxxxx.xxxpredictive
76Filexxxxxx_xxxx.xxxpredictive
77Filexxxxxxxxxxxx.xxxpredictive
78Filexxxx$xx.xxxpredictive
79Filexxxx.xxxpredictive
80Filexxxx.xxxpredictive
81Filexxxxxxx.xxxpredictive
82Filexxxxxxxxxxxxxxxx.xxxpredictive
83Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictive
84Filexxxx_xxxxxxx.xxxxx.xxxpredictive
85Filexxxxx_xxxxx.xxxpredictive
86Filexxx-xxxxxxxxx.xxxpredictive
87Filexxxxxx.xxxpredictive
88Filexxxxxxxxx.xxxpredictive
89Filexx-xxxxx/xxxxx.xxxpredictive
90Filexxxxxx.xxxpredictive
91File_xxxxxxxxx.xxxpredictive
92File~/xxx/xxxxx.xxxpredictive
93Libraryxxxxxx[xxxxxx_xxxxpredictive
94Libraryxxxxxx.xxxxxxx('xxxxx_xxxx:/xxx/xxxxxx')predictive
95Argumentxxxxxxpredictive
96Argumentxxxx_xxxxpredictive
97Argumentxxxxxxxxpredictive
98Argumentxxxxxpredictive
99Argumentxxxxxxpredictive
100Argumentxxxx_xxx_xxxxpredictive
101Argumentxxxpredictive
102Argumentxxxpredictive
103Argumentxxxxxxxxxxpredictive
104Argumentxxxxxxxxxxpredictive
105Argumentxxxx_xxpredictive
106Argumentxxxxxxxpredictive
107Argumentxxxxxxpredictive
108Argumentxxxxxx[xxxxxx_xxxx]predictive
109Argumentxxxxxx[xxx_xxxx_xxxx]predictive
110Argumentxxx_x_xxxpredictive
111Argumentxxxx_xxxxpredictive
112Argumentxxxpredictive
113Argumentxxx[xxx]predictive
114Argumentxx_xxxxxxxpredictive
115Argumentxxxxxxxpredictive
116Argumentxxxxxxxpredictive
117Argumentxxxxxxx_xxxxxxxpredictive
118Argumentxxxx_xxpredictive
119Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictive
120Argumentxxpredictive
121Argumentxxxxx_xxxxpredictive
122Argumentxxxxpredictive
123Argumentxxxxxxpredictive
124Argumentxxxxxxpredictive
125Argumentxxxxxxxpredictive
126Argumentxxx_xxxx_xxxxpredictive
127Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
128Argumentxxxxxxx_xxxxpredictive
129Argumentxxxxpredictive
130Argumentxxxx_xxxxpredictive
131Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictive
132Argumentxxxxxx xxxxxxpredictive
133Argumentxxxxpredictive
134Argumentxxxxxxxxxpredictive
135Argumentxxxx_xxxx/xxxxx_xxxxpredictive
136Argumentxxxxxxxxxx[x]predictive
137Argumentxxxxxxpredictive
138Argumentxxxxxpredictive
139Argumentxxxxxxxxxxxpredictive
140Argumentxxxpredictive
141Argumentxxxxxxxxxxxxxxxxxxxpredictive
142Argumentxxxxxxxxxxxxpredictive
143Argumentxxxx$xx.xxxpredictive
144Argumentxxxxpredictive
145Argumentxxxx_xxxxx_xxpredictive
146Argumentxxxx_xxxxpredictive
147Argumentxxxxx_xxxxpredictive
148Argumentxxxxxxpredictive
149Argumentxxxxxxpredictive
150Argumentxxxxxxxxxxpredictive
151Argumentxxxxxxxxpredictive
152Argumentxxxxpredictive
153Argumentxxxxxxxxxxxxx.xxxxxxxxxxpredictive
154Argumentxxxxxxxxpredictive
155Argumentxxxx_xxpredictive
156Argumentx-xxxxxxxxx-xxxpredictive
157Argument_xxxx[_xxx_xxxx_xxxxpredictive
158Argument_xxxx[_xxx_xxxx_xxxx]predictive
159Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!