AsyncRAT Analysis

IOB - Indicator of Behavior (101)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
de10
fr8
es6
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Bitrix Site Manager2
Itechscripts iTechBids2
Gempar Script Toko Online2
FiberHome HG6245D2
UCMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00986CVE-2004-2175
2PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01213CVE-2004-0250
3Kubernetes kubelet pprof information disclosure7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.62923CVE-2019-11248
4Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000.00000
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.120.49183CVE-2016-6210
6BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01213CVE-2020-8437
7Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.04386CVE-2004-0300
8MDaemon Webmail cross site scripting5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2019-8983
9vbLOGIX Tutorial Script main.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.020.01139CVE-2008-4350
10Synology DiskStation Manager Change Password password recovery7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-8916
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
12Coppermine Photo Gallery init.inc.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.06790CVE-2004-1988
13Cisco IOS/IOS XE/Meraki/NX-OS/Small Business Switch IPv6 RA Guard authentication spoofing5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2021-27862
14OpMon cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.050.02173CVE-2021-43009
15NVIDIA CUDA Toolkit SDK cuobjdump buffer overflow6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01103CVE-2022-21821
16Todd Miller sudo sudoedit sudoers access control7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.03821CVE-2015-5602
17ActionApps item_content.php3 code injection6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.15272CVE-2006-2686
18RCMS Pro RGameScript Pro page.php file inclusion9.89.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.04482CVE-2007-3980
19TestLink Attachment attachmentdownload.php information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.050.01055CVE-2018-7668
20FiberHome HG6245D info.asp information disclosure5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2021-27139

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
4TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (61)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
2File/debug/pprofpredictiveMedium
3File/etc/sudoerspredictiveMedium
4File/info.asppredictiveMedium
5File/ucms/chk.phppredictiveHigh
6File/uncpath/predictiveMedium
7File5.2.9\syscrb.exepredictiveHigh
8Fileadmin/category.inc.phppredictiveHigh
9Filexxx.xxxpredictiveLow
10Filexxxx.xxxxpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxx.xxx.xxxpredictiveMedium
17Filexxxx_xxxxxxx.xxxxpredictiveHigh
18Filexxxxx/xxxxxxxx.xpredictiveHigh
19Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxx.xxxpredictiveMedium
22Filexxx.xxpredictiveLow
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
26Filexxxx_xxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxx_xxxxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxx.xxxxpredictiveHigh
34Filexxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxxxxxxxxxx.xxxpredictiveHigh
39Library/xxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
40ArgumentxxxxxxpredictiveLow
41ArgumentxxxpredictiveLow
42Argumentxxxxxxxx[xxxxxxx]predictiveHigh
43ArgumentxxxxxpredictiveLow
44Argumentxxx_xxpredictiveLow
45Argumentxxx_x_xxxpredictiveMedium
46Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
47ArgumentxxxxpredictiveLow
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxpredictiveLow
50ArgumentxxpredictiveLow
51Argumentxxxx_xxpredictiveLow
52ArgumentxxxxxpredictiveLow
53ArgumentxxxpredictiveLow
54Argumentxxxxx_xxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxpredictiveLow
57ArgumentxxxpredictiveLow
58Argumentxxxxx_xxxxxxpredictiveMedium
59ArgumentxxxxxxpredictiveLow
60Argumentxxxx_xxpredictiveLow
61Network Portxxx/xxxxpredictiveMedium

References (10)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!