WarZoneRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

タイムライン

言語

en62
zh14
de8

国・地域

us22
cn22
es8
de6
it4

アクター

Remcos2
Ave Maria2
Nanocore RAT2
BitRAT2
AsyncRAT2

アクティビティ

関心

タイムライン

タイプ

Not Defined32
Log Management Software8
Network Attached Storage Software6
Operating System4
Automation Software2

ベンダー

Not Defined24
Microsoft8
HPE6
QNAP6
VMware4

製品

HPE Intelligent Management Center6
Microsoft Windows4
QNAP QTS4
XenForo2
B&R Industrial Automation APROL2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Apache HTTP Server mod_proxy 特権昇格7.37.3$5k-$25k$25k-$100kHighNot Defined0.974460.04CVE-2021-40438
2Microsoft Excel メモリ破損7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.014920.07CVE-2020-0650
3VMware Spring Boot HTTP Request サービス拒否5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.06CVE-2023-34055
4bouncycastle Self-Signed Certificate X509LDAPCertStoreSpi.java 特権昇格3.93.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.04CVE-2023-33201
5Nagios XI POST Request banner_message-ajaxhelper.php SQLインジェクション6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.03CVE-2023-40931
6Taokeyun HTTP POST Request Drs.php index SQLインジェクション8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.12CVE-2024-0480
7Apache ShardingSphere ElasticJob-UI 情報の漏洩3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.249300.00CVE-2022-22733
8phpMyAdmin SQL File クロスサイトスクリプティング4.44.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000530.04CVE-2023-25727
9ZoneMinder HostController.php daemonControl 特権昇格7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2023-26039
10Zoho ManageEngine Recovery Manager Plus Proxy Setting Privilege Escalation5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.005070.00CVE-2023-48646
11jeecgboot JimuReport image ディレクトリトラバーサル7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.09CVE-2023-6307
12WP Shortcodes Plugin 特権昇格4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2023-6226
13QDocs Smart School HTTP POST Request SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.06CVE-2023-5495
14MongoDB 特権昇格6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.05CVE-2019-2386
15MongoDB Message Decompressor サービス拒否5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2019-20925
16MongoDB SysV Init Script Kill 特権昇格4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2019-2389
17Job Configuration History Plugin ディレクトリトラバーサル3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-41930
18TEL-STER TelWin SCADA WebInterface 情報の漏洩6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2023-0956
19Tongda OA delete_seal.php SQLインジェクション6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000660.06CVE-2023-4165
20Autodesk AutoCAD STP File Parser サービス拒否4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-41139

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1185.19.85.163WarZoneRAT2022年07月12日verified
2XXX.XXX.XX.XXXXxxxxxxxxx2022年07月12日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/syslogpredictive
2File/course/filterRecords/predictive
3File/download/imagepredictive
4File/nagiosxi/admin/banner_message-ajaxhelper.phppredictive
5File/see_more_details.phppredictive
6File/xxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictive
7Filexxxxx/xxxxx_xxxxx.xxxpredictive
8Filexxxxx/xxxxxxxxxxxxx.xxxpredictive
9Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxx.xxxpredictive
12Filexxxxxx/xxx.xpredictive
13Filexxxxxxx.xxxpredictive
14Filexxxxxxx/xxxxxx/xxxx_xxxxxx/xxxxxxxxxx/xxxxxx_xxxx.xxxpredictive
15Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
16Filexxxx_xxxxxxx.xxxpredictive
17Filexxxxx_xxx.xxxpredictive
18Filexxxxxxxx.xxxpredictive
19Filexxxx.xxxpredictive
20Filexxxx-xxxxxx.xpredictive
21Filexxxxx.xxxpredictive
22Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictive
23Libraryxxxxxx.xxxpredictive
24Argumentxxxxxxpredictive
25Argumentxxxpredictive
26Argumentxxxpredictive
27Argumentxxxxxx_xxxpredictive
28Argumentxxxxxpredictive
29Argumentxxpredictive
30Argumentxxpredictive
31Argumentxxxxxxxxpredictive
32Argumentxxxxpredictive
33Argumentxxxxxxxxxx[x][xxxxx]/xxxxxxxxxx[x][xxxxxxxxxxx]/xxxxxxxxxx[x][xxxxxxxxxxx]predictive
34Argumentxxxxxxxxpredictive
35Argumentxxxpredictive
36Argumentxxxxpredictive
37Pattern|xx xx xx|predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!