ActionRAT Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en48
de19
it1

Country

us23
de16
ca3

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.69CVE-2010-0966
3Mozilla Firefox/Thunderbird SetOffsets resource management7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2013-1677
4IBM InfoSphere Master Data Management cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2015-1968
5IBM Rational Collaborative Lifecycle Management Jazz Foundation cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2015-0130
6McAfee ePolicy Orchestrator cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2015-4559
7Moodle configonlylib.php min_get_slash_argument path traversal6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2015-1493
8WordPress Shortcodes/Post Content server-side request forgery6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2013-0235
9Moodle Contacts/Messages information disclosure5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.07CVE-2015-2266
10Moodle mdeploy.php access control6.35.5$5k-$25k$0-$5kUnprovenOfficial Fix0.06CVE-2015-2267
11Moodle Regular Expression resource management5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.00CVE-2015-2268
12Adobe Flash Player use after free10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.05CVE-2015-0342
13WhatsApp Messenger Profile Image information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.05
14Linux Foundation Xen GIC Logging Rate Limit resource management4.03.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2015-1563
15WordPress cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2013-0236
16tcpdump ppp Decapsulator allocation of resources5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-8037
17tcpdump SOME/IP Dissector tok2strbuf out-of-bounds read6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-8036
18Fuel CMS Page Preview access control7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-26167
19Adobe Flash Player use after free10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.00CVE-2015-0334
20Linux Foundation Xen GIC denial of service6.25.4$5k-$25k$0-$5kUnprovenOfficial Fix0.03

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/wordpress/wp-admin/admin.phppredictiveHigh
2Fileadmin/index.phppredictiveHigh
3Filebooks.phppredictiveMedium
4Filedata/gbconfiguration.datpredictiveHigh
5Filexxxxxx.xxxpredictiveMedium
6Filexxxxxxxxx.xxxpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxxx/xxxxxxx/predictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx_xxxx.xxxpredictiveHigh
17Filexxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxxpredictiveLow
22ArgumentxxxxxxxpredictiveLow
23ArgumentxxxxpredictiveLow
24ArgumentxxxxxxxxxxpredictiveMedium
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxxxxpredictiveLow
27Argumentxxxxxxx_xxpredictiveMedium
28ArgumentxxxxxxxpredictiveLow
29ArgumentxxxxpredictiveLow
30ArgumentxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!