RuRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (474)

タイムライン

言語

en228
de208
it30
es8

国・地域

us470

アクター

RuRAT2

アクティビティ

関心

タイムライン

タイプ

Not Defined42
Content Management System22
Forum Software16
Programming Language Software6
Operating System4

ベンダー

Not Defined56
Russcom Network2
Total PC2
Expinion.net2
WordPress2

製品

WordPress10
Phorum4
PHP4
Russcom Network Loginphp2
FLDS2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.26CVE-2010-0966
3Woltlab Burning Board register.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.009570.00CVE-2007-1443
4Magic Photo Storage Website register.php 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
5YaBB register.pl メモリ破損10.08.7$0-$5k$0-$5kUnprovenOfficial Fix0.173480.05CVE-2007-3208
6WordPress wp-register.php クロスサイトスクリプティング4.34.2$5k-$25k$0-$5kHighUnavailable0.003220.00CVE-2007-5105
7Phpwebgallery register.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005730.03CVE-2007-1109
8Expinion.net News Manager Lite comment_add.asp クロスサイトスクリプティング4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.00CVE-2004-1845
9Phorum register.php クロスサイトスクリプティング6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.016010.02CVE-2007-0769
10SSReader Ultra Star Reader ActiveX Control pdg2.dll Register メモリ破損10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.070570.05CVE-2007-5892
11SSReader Ultra Star Reader ActiveX Control register メモリ破損7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.036170.00CVE-2007-5807
12StoreSprite register.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.018500.02CVE-2007-4307
13AlstraSoft AskMe Pro register.php クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
14Microsoft Register Server サービス拒否5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.003500.00CVE-2007-3658
15Scribe forum.php register 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.024340.00CVE-2007-5822
16WordPress wp-register.php クロスサイトスクリプティング4.34.2$5k-$25k$0-$5kHighUnavailable0.005330.05CVE-2007-5106
17Andys Chat register.php メモリ破損10.010.0$0-$5k$0-$5kNot DefinedUnavailable0.031060.00CVE-2006-7036
18PBSite register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
19LushiWarPlaner register.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.008210.05CVE-2007-0864
20TeamCal register.php ディレクトリトラバーサル3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
186.104.15.123cphost07.qhoster.netRuRAT2022年08月04日verified
2XXX.XXX.XX.XXXxxxxx-x.xxx-xxxxxxx.xxxXxxxx2022年08月04日verified

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
11TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (85)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/index.phppredictive
2File/rom-0predictive
3File/uncpath/predictive
4Fileadclick.phppredictive
5Fileadd_comment.phppredictive
6Filebase_maintenance.phppredictive
7Filecomment_add.asppredictive
8Filedata/gbconfiguration.datpredictive
9Filedrivers/block/floppy.cpredictive
10Fileemail.phppredictive
11FileEmployeeSearch.ccpredictive
12Fileexit.phppredictive
13Fileforum.phppredictive
14Filegoto.phppredictive
15Filexxxxxxxxx.xxxpredictive
16Filexxx/xxxxxx.xxxpredictive
17Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictive
18Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictive
19Filexxxxx.xxxpredictive
20Filexxxxx.xxx.xxxpredictive
21Filexxxxx.xxxpredictive
22Filexxxxx.xxxpredictive
23Filexxxxx.xxxpredictive
24Filexxxxxxxx.xxxpredictive
25Filexxxxxxxx.xxxxpredictive
26Filexxxxxxxx.xxxpredictive
27Filexxxxxxxx.xxxpredictive
28Filexxxxxxxx.xxpredictive
29Filexxxxxxxx_xxxxxx.xxxpredictive
30Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
31Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictive
32Filexxxxxx/xxxxxxxx.xxxpredictive
33Filexxxxxx.xxxpredictive
34Filexxxxxxx/xxxxxxxx.xxxpredictive
35Filexxxx-xxxxxxxx.xxxpredictive
36Filexxxx/xxxxxxxx.xxxpredictive
37Filexxxxx/xxxxxxxx.xxxpredictive
38Filexxxx/xxxxxxxx.xxxpredictive
39Filexx-xxxxx/xxxxx-xxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxxxxpredictive
40Filexx-xxxxx.xxxpredictive
41Filexx-xxxxxxxx.xxxpredictive
42Filexxxxxx.xxxpredictive
43Libraryxxxx.xxxpredictive
44Argumentxxxxxxxpredictive
45Argumentxxxxxxpredictive
46Argumentxxxxxxxxpredictive
47Argumentxxxxxxxpredictive
48Argumentxxxxpredictive
49Argumentxxxxxpredictive
50Argumentxxxxxpredictive
51Argumentxxxxxxx=xxxxxxxxpredictive
52Argumentxxxxpredictive
53Argumentxxxx_xxxxxpredictive
54Argumentxxxxxxxxpredictive
55Argumentxxpredictive
56Argumentxx_xxxxxxxxpredictive
57Argumentxxxxxxx_xxxxpredictive
58Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictive
59Argumentxxxxpredictive
60Argumentxxxxxxxxxxxxxpredictive
61Argumentxxxxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
64Argumentxxxxpredictive
65Argumentxxxxpredictive
66Argumentxxxxpredictive
67Argumentxxxxxxxxpredictive
68Argumentxxxx_xxxxpredictive
69Argumentxxx_xxxxpredictive
70Argumentxxxxxxpredictive
71Argumentxxxxxxxxxxxxpredictive
72Argumentxxxxxxpredictive
73Argumentxxxxxxxxxxpredictive
74Argumentxxxpredictive
75Argumentxxxxxpredictive
76Argumentxxxpredictive
77Argumentxxxxxxxxpredictive
78Argumentxxxx_xxxxxpredictive
79Argumentxxxx_xxxxxpredictive
80Argumentxxxpredictive
81Argument_xxxxxx[xxxx_xxxx]predictive
82Input Valuexxxxpredictive
83Input Valuexxxxxxxxx' xxx 'x'='xpredictive
84Input Valuexxxxpredictive
85Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!