zgRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (268)

タイムライン

言語

en212
es16
de10
ru10
zh6

国・地域

us200
ru6
fr4
pt4
pl4

アクター

zgRAT9
RedLine Stealer5
Mirai5
Cobalt Strike5
AsyncRAT5

アクティビティ

関心

タイムライン

タイプ

Not Defined102
Programming Language Software16
Content Management System12
Web Browser10
Forum Software10

ベンダー

Not Defined60
SourceCodester18
Microsoft10
Cutephp6
Citrix4

製品

e-Quick Cart6
Cutephp CuteNews6
Microsoft Windows4
Zentrack4
Mozilla Firefox4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1SourceCodester Shopping Website insert-product.php 特権昇格7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.00CVE-2023-3503
2SourceCodester Shopping Website search-result.php SQLインジェクション6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000790.06CVE-2023-3502
3AppServ Open Project サービス拒否7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.095990.00CVE-2005-4296
4Citrix Metaframe login.asp クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.008670.00CVE-2003-1157
5Itech Multi Vendor Script product-list.php SQLインジェクション7.57.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.004590.00CVE-2017-20132
6Esoftpro Online Guestbook Pro ogp_show.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.04CVE-2009-2447
7Cutephp CuteNews Protection Feature shows.inc.php サービス拒否7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.029460.00CVE-2005-3010
8eClime eCommerce JE manufacturers.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.06
9ESecurityServices GPS Userdata Form allows Persistent クロスサイトスクリプティング5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
10Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.003960.00CVE-2007-3323
11Apple Safari BMP/GIF Image メモリ破損7.36.4$100k 以上$0-$5kProof-of-ConceptOfficial Fix0.007210.00CVE-2008-1573
12My SMTP Contact Plugin Contact Form 未知の脆弱性3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001350.00CVE-2021-29400
13Microsoft Windows Kerberos CRC32 Checksum 弱い暗号化6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2011-0043
14MediaWiki Login 未知の脆弱性5.55.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004130.00CVE-2010-1150
15OpenSSL SSL3 弱い暗号化5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.008850.06CVE-2011-4576
16Oracle Database desformat File rwservlet ディレクトリトラバーサル7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.932860.04CVE-2005-2371
17Google Chrome Mousemove Event サービス拒否10.09.0$100k 以上$0-$5kProof-of-ConceptOfficial Fix0.055150.00CVE-2011-3971
18WooCommerce Plugin ディレクトリトラバーサル7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.004940.04CVE-2017-17058
19Apple Safari 特権昇格7.37.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003040.00CVE-2010-1383
20NetBSD IPComp Payload Decompression メモリ破損5.95.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.025050.00CVE-2011-1547

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.15.156.186zgRAT2024年01月13日verified
245.81.39.182zgRAT2023年09月28日verified
345.88.66.118zgRAT2023年05月05日verified
4XX.XXX.XX.XXXXxxxx2024年01月11日verified
5XX.XXX.XX.XXXXxxxx2024年04月22日verified
6XXX.XXX.X.XXXXxxxx2024年01月08日verified
7XXX.XXX.XX.XXXXxxxx2023年11月12日verified
8XXX.XX.XXX.XXxxxx-xxx.xx.xxx.xx.xxxxxxxx.xxx.xxXxxxx2023年10月20日verified
9XXX.XXX.XXX.XXXxxxx2023年06月27日verified
10XXX.XX.XX.XXXXxxxx2024年01月26日verified
11XXX.XXX.XX.XXXxxxx2024年03月29日verified
12XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx2023年08月23日verified
13XXX.XXX.XXX.XXXXxxxx2023年08月23日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1059CAPEC-242CWE-94Argument Injectionpredictive
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (239)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/+CSCOE+/logon.htmlpredictive
2File/about.phppredictive
3File/adminpredictive
4File/admin/?page=user/manage_user&id=3predictive
5File/admin/admin.phppredictive
6File/Admin/createClass.phppredictive
7File/admin/edit_product.phppredictive
8File/admin/products/manage_product.phppredictive
9File/admin/products/view_product.phppredictive
10File/config/myfield/test.phppredictive
11File/eclime/manufacturers.phppredictive
12File/forum/away.phppredictive
13File/horde/util/go.phppredictive
14File/index.phppredictive
15File/index.php?app=main&func=passport&action=loginpredictive
16File/manage-apartment.phppredictive
17File/multi-vendor-shopping-script/product-list.phppredictive
18File/Noxen-master/users.phppredictive
19File/pages/animals.phppredictive
20File/reports/rwservletpredictive
21File/reviewer/system/system/admins/manage/users/user-update.phppredictive
22File/Service/ImageStationDataService.asmxpredictive
23File/wp-admin/options-general.phppredictive
24File/wp-content/plugins/woocommerce/templates/emails/plain/predictive
25Filead.cgipredictive
26Fileadclick.phppredictive
27Fileadmin.color.phppredictive
28Fileadmin.cropcanvas.phppredictive
29Fileadmin.joomlaradiov5.phppredictive
30Filexxxxx.xxxpredictive
31Filexxxxx/xxxxxx/xxxxxxx/xxxxxxx.xxxpredictive
32Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictive
33Filexxxxx/xxxxx-xxxxxxx-xx-xxxxxxxxxxxxxxxxxxxx-xxxxx.xxxpredictive
34Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictive
35Filexxxxxxxxxxx.xxxpredictive
36Filexxxxx_xxxxxx.xxxpredictive
37Filexxxxxxxxxxx.xxpredictive
38Filexx_xxxxxxxxxx.xxxpredictive
39Filexxxxxxx.xxpredictive
40Filexxxxxxxxxxxxx.xxxpredictive
41Filexxxxxxxxxxxxx.xxpredictive
42Filexxxxxxx.xxxpredictive
43Filexxx_xxxxx.xxxpredictive
44Filexxxxx.xxxpredictive
45Filexxxxxxxxxxxx/xxxxx/xxxxxxxx/xxxxx.xxxpredictive
46Filexxxxxx_xxxx.xxxpredictive
47Filexxxxxxxx.xxxpredictive
48Filexxx-xxx/xxxxxxx.xxpredictive
49Filexxxxxxx.xxx.xxxpredictive
50Filexxxxxxx/xxxxxx.xxxpredictive
51Filexxxxxxxxxxx.xxxpredictive
52Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictive
53Filexxxxxx/xxxx.xxxpredictive
54Filexxxxxx.xxxpredictive
55Filexxxxxx_xxxxx.xxxpredictive
56Filexxxxxxxxxx\xxxx.xxxpredictive
57Filexxxxxxxxx.xxxpredictive
58Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictive
59Filexxxxxx.xxxpredictive
60Filexxxxxx.xxxpredictive
61Filexxxxxxxx.xxxpredictive
62Filexxxxxxx/xxx/x_xxxxx.xpredictive
63Filexxxxxxx.xxpredictive
64Filexxxxxxxx.xxxpredictive
65Filexxxxxxxx.xxxpredictive
66Filexxxxxxx.xxx_predictive
67Filexxxxxxxxxx.xxxpredictive
68Filexxxxxxxx.xxxpredictive
69Filexxx/xxxxx.xxx.xxxpredictive
70Filexxxxxxx.xxxpredictive
71Filexxxxx.xxxpredictive
72Filexxxxx.xxxpredictive
73Filexxxxxxxx.xxxpredictive
74Filexxxxxx-xxxxxxx.xxxpredictive
75Filexxxxxx/xxxxxx/xxxxx.xxxpredictive
76Filexxxxxx/xxxxxx/xxx_x.xxxpredictive
77Filexxxxx/xxxxx.xxxpredictive
78Filexxxx_xxxx.xxxpredictive
79Filexxxx_xxxx.xxxpredictive
80Filexxxxx.xxxpredictive
81Filexxxxx.xxxpredictive
82Filexxxxxxxx.xxpredictive
83Filexxxxxx.xxxpredictive
84Filexxxxxxx.xxxpredictive
85Filexxx_xxxxxxx_xxxxxxxxxx.xxxpredictive
86Filexxxxxxxx.xxxpredictive
87Filexxxx_xxxx.xxxpredictive
88Filexxx-xxxxxxxx.xxpredictive
89Filexxx_xxxx.xxxpredictive
90Filexxxxxxxx.xxxpredictive
91Filexxxxxxxxx.xxx.xxxpredictive
92Filexxx.xxxpredictive
93Filexxxxx\xxxxxx_xxxx.xxxpredictive
94Filexxxxxxx.xxxpredictive
95Filexxxxx_xxxxxx.xxxpredictive
96Filexxxxxxxxxxxxxx.xxxpredictive
97Filexxxxxxxx.xxxpredictive
98Filexxxxxxx_xxxxxxx.xxxpredictive
99Filexxxxxxxx.xxxpredictive
100Filexxxxxxxx.xxxpredictive
101Filexxxxxxxx_xxxxxx.xxxpredictive
102Filexxxxxxxxxxxxx.xxxpredictive
103Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
104Filexxxx/xxx/xxx_xxxx.xpredictive
105Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictive
106Filexxxxxx-xxxxxxxx.xxxpredictive
107Filexxxxxx-xxxxxx.xxxpredictive
108Filexxxxxxx.xxxpredictive
109Filexxxxxxxxxxxxxxxx.xxxpredictive
110Filexxxxxxxxxxxxxxx.xxxpredictive
111Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
112Filexxxxxxxxxxx.xxxpredictive
113Filexxxx_xxxxxxxx.xxxpredictive
114Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictive
115Filexxxx_xxx.xxxpredictive
116Filexxxxxx.xxxpredictive
117Filexxxxxx_xxxxxx.xxxpredictive
118Filexxxxx_xxxxx.xxxpredictive
119Filexxxxxxxx.xxxpredictive
120Filexxxxxxxxx/xxxxxxxx.xxxpredictive
121Filexxxx_xxx_xxxx.xxxpredictive
122Filexxxxxxx-xxxxxx.xxxpredictive
123Filexxxx.xxxpredictive
124Filexxxxxxxxxx.xxxpredictive
125Filexxxxxx/xxxxx/xxxxx.xxxpredictive
126Filexxxx_xxxx.xxxpredictive
127Filexxxx_xxxxxxx.xxxpredictive
128Filexxx-xxxxx.xxxpredictive
129Filexxxxxxxxx.xxxpredictive
130Library/_xxx_xxx/xxxxx.xxxpredictive
131Libraryxxxxxx[xxxxxx_xxxxpredictive
132Libraryxxxxxxxx-x.x/xxxxxxxx.xxxpredictive
133Libraryxxxxxxxxxxpredictive
134Argument$xxxx["xx"]predictive
135Argument$_xxxxxx['xxxxx_xxxxxx']predictive
136Argumentxxxxxxxxxxxpredictive
137Argumentxxxxxxpredictive
138Argumentxxxxxxxxx xxxxxxpredictive
139Argumentxxxxxxxxxpredictive
140Argumentxxxxxxxxpredictive
141Argumentxxxx_xxxpredictive
142Argumentxxxxxxxpredictive
143Argumentxxxxxxpredictive
144Argumentxxxxxx_xxxxxpredictive
145Argumentxxx_xxxpredictive
146Argumentxxxpredictive
147Argumentxxxxxxxx/xxxxxxpredictive
148Argumentxxx_xxpredictive
149Argumentxxxpredictive
150Argumentxxxxx_xxpredictive
151Argumentxxxx_xxpredictive
152Argumentxxxxxxxpredictive
153Argumentxxxxxxxxxxxxpredictive
154Argumentxxxxxxpredictive
155Argumentxxxxxxxxxxpredictive
156Argumentxxxxxx[xxxxxx_xxxx]predictive
157Argumentxxxxxxx_xxpredictive
158Argumentxxxxxx_xxxx_xxxxxxxxpredictive
159Argumentxxxxxxxxxxxxpredictive
160Argumentxxxxxxxxpredictive
161Argumentxxpredictive
162Argumentxxxxpredictive
163Argumentxxxxxxxpredictive
164Argumentxxxxxpredictive
165Argumentxxxxxxxxpredictive
166Argumentxxxxxpredictive
167Argumentxxxxpredictive
168Argumentxxxxxxxpredictive
169Argumentxxxxxx_xxxxx_xxxpredictive
170Argumentxxxxxpredictive
171Argumentxxxxxxxxpredictive
172Argumentxxxx/xxxxpredictive
173Argumentxxxx_xxxx_xxxxxxxpredictive
174Argumentxxxx_xxxxxx_xxpredictive
175Argumentxxpredictive
176Argumentxxpredictive
177Argumentxxpredictive
178Argumentxxxxxxxxxpredictive
179Argumentxxx_xxxpredictive
180Argumentxxxxpredictive
181Argumentxxxxxpredictive
182Argumentxxxxxxxxxxxxx_xxpredictive
183Argumentxxxxpredictive
184Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
185Argumentxxxxxxxxx_xxxx_xxxxpredictive
186Argumentxxxx/xxxxxxxpredictive
187Argumentxxxx_xxpredictive
188Argumentxxxxx_xxxxxxxpredictive
189Argumentxxxxx_xxxpredictive
190Argumentxxxxxxxxpredictive
191Argumentxxxxxxxxxpredictive
192Argumentxxxxx_xxxx_xxxxpredictive
193Argumentxxxxx_xxxxxxx_xxxxpredictive
194Argumentxxxxxxx_xxxpredictive
195Argumentxxxpredictive
196Argumentxxxxxpredictive
197Argumentxxpredictive
198Argumentxxxxpredictive
199Argumentxxxxxxpredictive
200Argumentxxxxxxxpredictive
201Argumentxxxpredictive
202Argumentxxxpredictive
203Argumentxxxxxxxpredictive
204Argumentxxxx_xxxpredictive
205Argumentxxxxxxx_xxxxxx_xxxxx.xxxpredictive
206Argumentxxxxxx_xxxxxxpredictive
207Argumentxxxxxx_xxxxxxxxpredictive
208Argumentxxx_xxxxxxpredictive
209Argumentxxxx_xxxxpredictive
210Argumentxxxxxxxxxpredictive
211Argumentxxxpredictive
212Argumentxxxxxxpredictive
213Argumentxxxxxxxxxpredictive
214Argumentxxxxxxpredictive
215Argumentxxxxxxpredictive
216Argumentxxxxxxxxpredictive
217Argumentxxxxxpredictive
218Argumentxx_xxxxxxxxxxxpredictive
219Argumentxxxxxxxxxxxpredictive
220Argumentxxxxx/xxxxpredictive
221Argumentxxxpredictive
222Argumentxxxxxxxxpredictive
223Argumentxxxxxxxx/xxxxxxxxpredictive
224Argumentxxxx_xxpredictive
225Argumentxxxxpredictive
226Argumentxxxxxpredictive
227Argumentxxxxx_xxxpredictive
228Argumentxx-xxxxxx_xxxxpredictive
229Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictive
230Input Value%xx%xx%xxxxx%xxxxx%xx%xxxxxx.xxx%xx%xxxxxxxxx%xxxxxxxxxxxx%xxxxxxx('xxx')%xxpredictive
231Input Value'xx''='predictive
232Input Value-xpredictive
233Input Value<xxxxxxxx>\xpredictive
234Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
235Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictive
236Input Valuex==predictive
237Input Value\xxx../../../../xxx/xxxxxxpredictive
238Network Portxxx/xx (xxx xxxxxxxx)predictive
239Network Portxxx xxxxxx xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

Samples (4)

The following list contains associated samples:

概要

Do you know our Splunk app?

Download it now for free!