HiatusRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

言語

en	54

国・地域

us	54

アクター

HiatusRAT	1

関心

タイプ

Not Defined	12
Content Management System	4
Operating System	4
Versioning Software	2
WordPress Plugin	2

ベンダー

Not Defined	24
GNU	2
Cisco	2
Adobe	2
Apple	2

製品

WordPress	4
Image Sharing Script	4
git-hub	2
GNU tar	2
W3 Total Cache Plugin	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Yandex Browser Security WiFi 特権昇格	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.00	CVE-2016-8501
2	Cisco IOS/IOS XE DHCP Relay 特権昇格	9.8	9.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.05178	0.02	CVE-2017-12240
3	Image Sharing Script followBoard.php Error SQLインジェクション	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
4	Revive Adserver Web Installer Reflected クロスサイトスクリプティング	4.4	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.02	CVE-2016-9472
5	Apple macOS Server Web Server Timeout サービス拒否	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01696	0.04	CVE-2007-6750
6	Tenable Nessus .nessus File クロスサイトスクリプティング	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00110	0.00	CVE-2016-9260
7	git-hub Repository URL 特権昇格	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01205	0.00	CVE-2016-7793
8	Guacamole File Browser クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.00	CVE-2016-1566
9	HPE Financial Transaction Manager Web UI クロスサイトスクリプティング	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00072	0.00	CVE-2016-5920
10	Apple watchOS libarchive 特権昇格	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00625	0.00	CVE-2016-4679
11	Oracle Application Server SQLインジェクション	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00322	0.04	CVE-2007-0286
12	Adobe Flash Player Adobe Texture Format File メモリ破損	8.0	7.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.91801	0.00	CVE-2017-2934
13	Foxit PDF Toolkit PDF File メモリ破損	7.0	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00377	0.00	CVE-2017-7584
14	mcart.xls Module mcart_xls_import.php SQLインジェクション	7.1	7.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00465	0.00	CVE-2015-8356
15	Google Android Mediaserver メモリ破損	8.7	8.7	$25k-$100k	$25k-$100k	Not Defined	Not Defined	0.01288	0.00	CVE-2017-0541
16	Linux Kernel vc4_gem.c vc4_get_bcl メモリ破損	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2017-5576
17	Ubiquiti NSM5 未知の脆弱性	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	0.00
18	PHPList Edit Subscription index.php SQLインジェクション	7.9	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00152	0.31	CVE-2017-20029
19	Foxit Reader TIFF Image ConvertToPdf_x86.dll CreateFXPDFConvertor メモリ破損	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02776	0.00	CVE-2016-3740
20	Avast Premier Self-Protection 特権昇格	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.03	CVE-2017-5567

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.63.70.57	45.63.70.57.vultrusercontent.com	HiatusRAT	2023年08月20日	verified	高
2	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxxxxxxx.xxx	Xxxxxxxxx	2023年08月20日	verified	高
3	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxx	2023年08月20日	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/ajax-files/followBoard.php	predictive	高
2	File	/categorypage.php	predictive	高
3	File	/lists/index.php	predictive	高
4	File	/xxxxxxxxx/xx-xxxxx/xxxxx.xxx	predictive	高
5	File	xxxxx/xxxxx_xxx_xxxxxx.xxx	predictive	高
6	File	xxxxxx/xxxxx_xxxx.x	predictive	高
7	File	xxxxxxx/xxx/xxx/xxx/xxx_xxx.x	predictive	高
8	File	xxxxxxxxxx/xxx.x	predictive	高
9	File	xxxxxxxxxx/xxxxxxx.x	predictive	高
10	File	xx-xxxxx/xxxxx.xxx	predictive	高
11	File	xx-xxxx.xxx	predictive	中
12	File	xxxx/xxxx_xxxx.x	predictive	高
13	Library	xxxxxxxxxxxx_xxx.xxx	predictive	高
14	Argument	xxxxx	predictive	低
15	Argument	xxxxxx/xxxxxx	predictive	高
16	Argument	xxxxx_xx/xxxxx	predictive	高
17	Argument	xxxxxxx_xx	predictive	中
18	Argument	xxxxxxxxxxxxxxx	predictive	高
19	Argument	xxxxx	predictive	低
20	Argument	xxx_xxxxxx_xxxxxxx_xx_xxx	predictive	高
21	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	高
22	Input Value	xxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!