tRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

タイムライン

言語

en106
fr20
ru4
sv2

国・地域

us50
ru28
pt4
ir2
br2

アクター

tRAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined34
Log Management Software8
Content Management System8
Programming Language Software6
Virtualization Software6

ベンダー

Not Defined50
IBM10
Microsoft8
Apple6
Issuetracker4

製品

PHP6
IBM QRadar Network Security6
Xen6
Issuetracker phpBugTracker4
Intel Puma4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft ASP.NET Core/.NET/Visual Studio 情報の漏洩6.26.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001430.04CVE-2023-35391
2CPU Speculative Execution Spectre 情報の漏洩6.15.8$5k-$25k$0-$5kProof-of-ConceptWorkaround0.975150.04CVE-2017-5715
3Microsoft SharePoint Server Privilege Escalation8.37.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000440.05CVE-2023-36892
4PHP zend_string.h zend_string_extend 特権昇格7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005410.00CVE-2017-8923
50mk Shortener Plugin zeromk_options_page 未知の脆弱性6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.002020.02CVE-2022-2933
6WordPress XML-RPC 特権昇格7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002880.06CVE-2020-28035
7Xinhu RockOA start 情報の漏洩5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.06CVE-2023-5297
8Microsoft Microsoft OLE DB Provider for DB2 V7 Remote Code Execution8.88.1$5k-$25k$0-$5kUnprovenOfficial Fix0.045210.04CVE-2023-38151
9Moodle 特権昇格6.46.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003230.07CVE-2023-5550
10Check Point Harmony Endpoint/ZoneAlarm Extreme Security 特権昇格6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2023-28134
11Moodle Lesson 特権昇格5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001660.00CVE-2023-5539
12pkp-lib クロスサイトスクリプティング3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.08CVE-2023-5895
13Download Manager Plugin SQLインジェクション5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-25069
14urllib3 HTTP Header 特権昇格6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.03CVE-2023-43804
15PHP GD Graphics Library gd_gif_in.c imagecreatefromstring サービス拒否5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002380.03CVE-2018-5711
16cargo unmask Local Privilege Escalation6.86.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.08CVE-2023-38497
17WordPress ディレクトリトラバーサル5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004000.00CVE-2023-2745
18Grundig Smart Inter@ctive TV Port 8085 未知の脆弱性6.56.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.004760.04CVE-2018-13989
19eXtended Keccak Code Package Hash Update メモリ破損7.77.6$0-$5k$0-$5kNot DefinedNot Defined0.016240.07CVE-2022-37454
20aio-libs aiohttp-session NaClCookieStorage 弱い認証6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2018-1000814

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
151.15.70.7474-70-15-51.instances.scw.cloudtRAT2018年11月16日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
11TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
13TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/api/contentspredictive
2File/sendrcpackage?keyid=-2544&keysymbol=-4081predictive
3File/uncpath/predictive
4Fileassets/misc/fallback-page.phppredictive
5Filebfd/aoutx.hpredictive
6Filecoders/mat.cpredictive
7Filexxxxxx/xxx.xpredictive
8Filexxxxxx/xxxx.xpredictive
9Filexxxxxx\xxx.xpredictive
10Filexxxx.xpredictive
11Filexxxxx.xpredictive
12Filexxxxx/xxx/xxx_xxxx/xxxxxxxxxx/xxxxxx.xxxpredictive
13Filexxx-xxxxx.xpredictive
14Filexxxxxxxx/xxxxxxxxxpredictive
15Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictive
16Filexxxxx/xxxxxx.xxxpredictive
17Filexx_xxx_xx.xpredictive
18Filexx/xxx_xxxxxxx.xx.xxxpredictive
19Filexxxxxx.xpredictive
20Filexxxxxxx/xxxxxxxxxxxxxxxx.xxpredictive
21Filexxxxxx_xx_xxx/xxxxxxx.xpredictive
22Filexxxxxx/xxxxx.xpredictive
23Filexxx/xxxxxxxx/xxxxxxx.xpredictive
24Filexx/xxxxxxxxxxx.xpredictive
25Filexxxxxxxx.xpredictive
26Filexxxxx-xx.xpredictive
27Filexxxxx-xx.xpredictive
28Filexxxxxxx.xxxpredictive
29Filex_xx_xxx.xxxpredictive
30Filexxxxxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxx.xxxxxxxxxxx.xxxpredictive
31Filexxxx.xxx?x=xxx|xxxx&x=xxxxxxpredictive
32Filexxxx/xxxxxxx-xxxx.xpredictive
33Filexxxx/xxxx_xxxxxx.xpredictive
34Libraryxxxxpredictive
35Argumentxxxxxpredictive
36Argumentxxxxxxpredictive
37Argumentxxxxpredictive
38Argumentxxpredictive
39Argumentxxxxpredictive
40Argumentxxxxxxx_xxxpredictive
41Argumentxxxxxxxxpredictive
42Argumentxxxxxx[]predictive
43Argumentxxxxxxxpredictive
44Argumentxxxx_xxxx/xxxxxxx/xxxx_xxxpredictive
45Argumentxxxx->xxxxxxxpredictive
46Argumentxxxxxx_xxxx/xxxxxx_xxxxxxxpredictive
47Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!