RATLoader 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (154)

タイムライン

言語

en120
fr26
es4
pl2
de2

国・地域

us140
ch4
pl2
fr2

アクター

NjRAT1
RATLoader1
Purple Fox1
AsyncRAT1
BitRAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined46
Operating System8
Web Browser6
Content Management System6
Mail Server Software4

ベンダー

Not Defined18
Microsoft8
Cisco4
Google4
Metalinks2

製品

Microsoft Windows6
Google Chrome4
e-Quick Cart2
Metalinks MetaCart2.sql2
Itechscripts iTechBids2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Gempar Script Toko Online shop_display_products.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.07CVE-2009-0296
2FiberHome HG2201T telnet.cgi 特権昇格8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006090.00CVE-2019-17186
3Google Chrome Utility Process 競合状態9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.008010.07CVE-2011-3961
4DataLynx suGuard 特権昇格5.95.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.00CVE-1999-0388
5Ecommerce Online Store Kit shop.php SQLインジェクション9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.00CVE-2004-0300
6Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password 情報の漏洩5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.007550.00CVE-2001-0821
7Linksys WVC11B main.cgi クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.00CVE-2004-2508
8Asternic Flash Operator Panel User Control Panel 特権昇格7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002140.04CVE-2018-5694
9Contenido Contendio allow_url_fopen 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005750.00CVE-2005-4132
10MidiCart PHP Shopping Cart item_show.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
11Microsoft Windows Remote Desktop/Terminal Services Web Connection 弱い認証6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.00
12Ilohamail クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.08
13Microsoft IIS Error Message クロスサイトスクリプティング6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001690.05CVE-2000-1104
14Microsoft IIS Error Message クロスサイトスクリプティング4.24.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.039110.04CVE-2003-0223
15Adobe ColdFusion クロスサイトスクリプティング4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014790.00CVE-2007-0817
16SourceCodester Garage Management System createUser.php 特権昇格6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.003070.15CVE-2022-2578
17D-Link IP Cameras rtpd.cgi 構成ミス9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.901140.03CVE-2013-1599
18Microsoft IIS viewcode.asp 特権昇格5.35.1$25k-$100k$0-$5kHighOfficial Fix0.946320.04CVE-1999-0737
19UnrealIRCd 特権昇格7.37.3$0-$5k$0-$5kHighNot Defined0.649510.00CVE-2010-2075
20Stoverud PHPhotoalbum File Upload upload.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.028730.00CVE-2009-4819

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1185.81.157.59RATLoader2023年04月06日verified
2XXX.XX.XXX.XXXXxxxxxxxx2023年04月06日verified
3XXX.XX.XXX.XXXXxxxxxxxx2023年04月06日verified
4XXX.XX.XXX.XXXXxxxxxxxx2023年04月06日verified
5XXX.XX.XXX.XXXXxxxxxxxx2023年06月28日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/catalog/admin/categories.php?cPath=&action=new_productpredictive
2File/inc/HTTPClient.phppredictive
3File/php_action/createUser.phppredictive
4File/var/WEB-GUI/cgi-bin/telnet.cgipredictive
5Fileadmin.phppredictive
6Fileadmin/admin.shtmlpredictive
7FileAdmin/ADM_Pagina.phppredictive
8Fileadmin/editcatalogue.phppredictive
9Fileadmin/menus/edit.phppredictive
10Fileapage.cgipredictive
11Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictive
12Filexxxxxxxxxx.xxxpredictive
13Filexxxxxxxx.xxxpredictive
14Filexxxxxxxx_xxxx.xxxpredictive
15Filexxx_xxxx.xpredictive
16Filexxxxxxxxx.xxxpredictive
17Filexxxxxx-xxxxxpredictive
18Filexxxxxx.xxxpredictive
19Filexxxxxx.xxxpredictive
20Filexxxxx_xxx_xxxxx.xxxpredictive
21Filexxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxxpredictive
22Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictive
23Filexxxxxxx/xxxx_xxxxxxxx.xxxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxxxxxx.xxxpredictive
26Filexxxxxxxxxx.xxxpredictive
27Filexxxx_xxxx.xxxpredictive
28Filexxxxx_xx.xxxxpredictive
29Filexxxxxxxxxx/xxxxxxx.xpredictive
30Filexxxx.xxxpredictive
31Filexxxxxxxx.xxxpredictive
32Filexxxxxxxx.xxxpredictive
33Filexxx_xxxx.xxx.xxxpredictive
34Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictive
35Filexxxxxxxxxx.xxxpredictive
36Filexxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxxpredictive
37Filexxxxxxxx.xxxpredictive
38Filexxxx.xxxpredictive
39Filexxxxxxxxxxxxx.xxxpredictive
40Filexxxxxxxxx.xxxpredictive
41Filexxxxxxxxxxxxxxxx.xxxpredictive
42Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
43Filexxxxx_xxxxx.xxxpredictive
44Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictive
45Filexxxxxx.xxxpredictive
46Filexxxx_xxxxx.xxxpredictive
47Filexxx/xxx/xxx-xxx/xxxx.xxxpredictive
48Filexxxx.xxxpredictive
49Filexxxxxxxx.xxxpredictive
50Filexxxxxxx.xxxpredictive
51Libraryxxxxxx[xxxxxx_xxxxpredictive
52Libraryxxxxxx.xxxpredictive
53Libraryxxx/xx_xxx.xpredictive
54Argument(xxxxxx)predictive
55Argumentxxx_xxpredictive
56Argumentxx_xxxx_xxxxpredictive
57Argumentxxxpredictive
58Argumentxxxxxpredictive
59Argumentxxx_xxpredictive
60Argumentxxxpredictive
61Argumentxxxx_xxpredictive
62Argumentxxxxxxxpredictive
63Argumentxxxxxx[xxxxxx_xxxx]predictive
64Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictive
65Argumentxxxxxx_xxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxpredictive
68Argumentxxpredictive
69Argumentxxxx_xxpredictive
70Argumentxxxxx_xxxxpredictive
71Argumentxxxxxxpredictive
72Argumentxxxx_xxxxpredictive
73Argumentxxx[xxxx][xx_xxxx_xxxx]predictive
74Argumentxxxx_xxpredictive
75Argumentxxxxpredictive
76Argumentxxxxxx_xxxxpredictive
77Argumentxxxxxxxxpredictive
78Argumentxxxxxx_xxxx[]predictive
79Argumentxxxxxxpredictive
80Argumentxxxxxpredictive
81Argumentxxxxpredictive
82Argumentxxxxxxxxpredictive
83Argumentx-xxxx-xxxxxpredictive
84Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
85Input Value//xxx.xxxxxxx.xxxpredictive
86Pattern|xx xx xx|predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!