ElectroRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

言語

en	8

国・地域

ru	4
us	2
gb	2

アクター

Raccoon	2
RecordBreaker	2
ElectroRAT	2
Bumblebee	1
DCRat	1

関心

タイプ

Web Server	4
Not Defined	2
Firewall Software	2

ベンダー

Not Defined	6
Microsoft	2

製品

Discuz!ML	2
Microsoft IIS	2
nginx	2
SonicWall SSLVPN SMA100	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	SonicWall SSLVPN SMA100 SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.02628	0.00	CVE-2021-20016
2	e7d Speed Test ディレクトリトラバーサル	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00098	0.00	CVE-2021-40349
3	Discuz!ML Cookie 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04015	0.02	CVE-2019-13956
4	nginx 特権昇格	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	2.32	CVE-2020-12440
5	DataLife Engine addnews.html クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.05	CVE-2018-14777
6	Microsoft IIS クロスサイトスクリプティング	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.00	CVE-2017-0055
7	Joomla CMS index.php SQLインジェクション	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02774	0.04	CVE-2010-4166

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	193.38.55.4	vm579410.stark-industries.solutions	ElectroRAT	2024年02月12日	verified	高
2	XXX.XX.XX.XXX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxxxxxxxx	2024年02月12日	verified	高
3	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxxxxxxxx	2024年02月12日	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-139	CWE-23	Path Traversal	predictive	高
2	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/addnews.html	predictive	高
2	File	/xxxxxxx/	predictive	中
3	File	xxxxx.xxx	predictive	中
4	Argument	xxxxxx_xxxxx_xxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!