CetaRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en880
zh40
ru14
de12
fr10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl942
us56
sa2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer7
Domestic Kitten3
Mylobot3
Dorkbot3
CetaRAT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined184
Operating System130
Content Management System58
Firewall Software40
Web Server40

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined228
Microsoft130
Apache36
Linux30
Cisco30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows92
Linux Kernel30
Apache HTTP Server22
F5 BIG-IP18
Google Android18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00289CVE-2019-7550
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.550.00000CVE-2020-12440
3Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00218CVE-2014-8572
4Microsoft Windows WPAD access control8.07.9$25k-$100k$0-$5kHighOfficial Fix0.030.93879CVE-2016-3213
5Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.070.00259CVE-2021-34530
6Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00043CVE-2021-34487
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.450.00400CVE-2017-0055
8Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.060.00252CVE-2022-20798
9nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00054CVE-2016-1247
10Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.030.00138CVE-2020-1927
11Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.010.00149CVE-2021-26423
12Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$5k-$25kUnprovenOfficial Fix0.030.02000CVE-2021-26424
13Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.030.00044CVE-2021-26425
14Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.060.00043CVE-2021-34537
15Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.050.01550CVE-2021-34524
16Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00043CVE-2021-34536
17Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00259CVE-2021-34533
18Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00600CVE-2021-36926
19Microsoft ASP.NET Core/Visual Studio information disclosure4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.040.00043CVE-2021-34532
20Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.070.00600CVE-2021-36933

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1109.236.85.152customer.worldstream.nlCetaRAT09/07/2021verifiedHigh
2XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh
3XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh
4XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh
5XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (222)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin.phppredictiveMedium
4File/admin/subnets/ripe-query.phppredictiveHigh
5File/apply.cgipredictiveMedium
6File/core/conditions/AbstractWrapper.javapredictiveHigh
7File/debug/pprofpredictiveMedium
8File/exportpredictiveLow
9File/file?action=download&filepredictiveHigh
10File/hardwarepredictiveMedium
11File/librarian/bookdetails.phppredictiveHigh
12File/medical/inventories.phppredictiveHigh
13File/monitoringpredictiveMedium
14File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
15File/plugin/LiveChat/getChat.json.phppredictiveHigh
16File/plugins/servlet/audit/resourcepredictiveHigh
17File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
18File/replicationpredictiveMedium
19File/RestAPIpredictiveMedium
20File/tmp/speedtest_urls.xmlpredictiveHigh
21File/tmp/zarafa-vacation-*predictiveHigh
22File/uncpath/predictiveMedium
23File/uploadpredictiveLow
24File/user/loader.php?api=1predictiveHigh
25File/var/log/nginxpredictiveHigh
26File/xxx/xxx/xxxxxxxx.xxxpredictiveHigh
27File/xxxxxx/xxxxxx.xxxxpredictiveHigh
28File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
29Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxx.xxxpredictiveMedium
34Filexxx/xxx/xxxx-xxxpredictiveHigh
35Filexxx/xx/xxxxxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
39Filexxxx-xxxx.xpredictiveMedium
40Filexxxx/xxxxxxx.xxxpredictiveHigh
41Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
42Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
43Filexxx-xxx/xx.xxxpredictiveHigh
44Filexxx/xxxxxxx.xxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxx_xxxxxx.xxxpredictiveHigh
48Filexxx.xxxpredictiveLow
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxpredictiveMedium
51Filex_xxxxxxpredictiveMedium
52Filexxxxxx.xxxpredictiveMedium
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
55Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
56Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHigh
57Filexxxx_xxxxx.xxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
60Filexxxxxxxx.xpredictiveMedium
61Filexx/xxxxxxxxx.xpredictiveHigh
62Filexx/xxxxx.xpredictiveMedium
63Filexx/xxxxx/xxxxxxx.xpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxxxxxx.xxpredictiveHigh
66Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
67Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxx-xxxxx.xpredictiveHigh
69Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
70Filexxxxx-xxxxxxxxxx.xpredictiveHigh
71Filexxxxxxx/xxxx.xxxpredictiveHigh
72Filexxxxx.xxxpredictiveMedium
73Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictiveHigh
74Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
75Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
76Filexxxx_xxxxxx.xxpredictiveHigh
77Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
78Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictiveHigh
79Filexxxxxxx/xx_xxx.xpredictiveHigh
80Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
81Filexxxx.xxxpredictiveMedium
82Filexxxxx.xxxpredictiveMedium
83Filexxxxx.xxxpredictiveMedium
84Filexxxxxxxxxx/xxx.xpredictiveHigh
85Filexxxx.xpredictiveLow
86Filexxxx.xxxpredictiveMedium
87Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
88Filexxxxxxxxxxxxxxxx.xpredictiveHigh
89Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
90Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
91Filexxxx.xxxpredictiveMedium
92Filexxx_xxxxxxx.xpredictiveHigh
93Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
94Filexxx_xx.xpredictiveMedium
95Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxxx.xxx.xxxpredictiveHigh
97Filexxxxxxx.xxxpredictiveMedium
98Filexxxxxxxx.xxxxpredictiveHigh
99Filexxxxxxxxxxxxx.xxxxpredictiveHigh
100Filexxxxxx.xpredictiveMedium
101Filexxxxx.xxxpredictiveMedium
102Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxxxx.xpredictiveMedium
105Filexxxxxxx.xxxpredictiveMedium
106Filexxxxx.xxxpredictiveMedium
107Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
108Filexxxxxxx.xpredictiveMedium
109Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
110Filexxxx_xxx_xx.xpredictiveHigh
111Filexx_xxx.xpredictiveMedium
112Filexxx.xpredictiveLow
113Filexxxxxx.xpredictiveMedium
114Filexxxxx.xxxpredictiveMedium
115Filexxxx-xxxxxx.xpredictiveHigh
116Filexxxxxxx.xpredictiveMedium
117Filexxx/xxx_xxxxx.xpredictiveHigh
118Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
119Filexxxxxx.xxxpredictiveMedium
120Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
121Filexxxx.xxxxxxxxx.xxxpredictiveHigh
122Filexxxx_xxxx.xxxpredictiveHigh
123Filexxxxxx.xxxpredictiveMedium
124Filexxx.xxxpredictiveLow
125Filexxxxxx/xx/xxxx.xxxpredictiveHigh
126Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
127Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
128Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
129Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
130Filexx/xx/xxxxxpredictiveMedium
131Filexx_xxxxxxx.xpredictiveMedium
132File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
133File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
134Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
135Libraryxxxxxxxx.xxxpredictiveMedium
136Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
137Libraryxxxxxxxx.xxxpredictiveMedium
138Libraryxxxxxxxxx.xxxpredictiveHigh
139Libraryxxxxxxxx.xxxpredictiveMedium
140Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
141Libraryxxxxxxxx.xxxpredictiveMedium
142Libraryxxxxxxxx.xxxpredictiveMedium
143Argument-xpredictiveLow
144Argumentxxxxxx_xxxxpredictiveMedium
145ArgumentxxxpredictiveLow
146ArgumentxxxxxpredictiveLow
147Argumentxxx_xxpredictiveLow
148ArgumentxxxxxxxxxxxxxxxpredictiveHigh
149ArgumentxxxxxxpredictiveLow
150Argumentxxxxxxx xxxxpredictiveMedium
151ArgumentxxxxxxxxxxpredictiveMedium
152ArgumentxxxxxxxpredictiveLow
153Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
154ArgumentxxxxpredictiveLow
155ArgumentxxxxxxxxxxxpredictiveMedium
156Argumentxxxxxx_xxxxpredictiveMedium
157ArgumentxxxxpredictiveLow
158ArgumentxxpredictiveLow
159ArgumentxxpredictiveLow
160ArgumentxxxxxxxxxxxxxxpredictiveHigh
161ArgumentxxxxxxxpredictiveLow
162Argumentxxxx_xxxxxx_xxxxpredictiveHigh
163Argumentxxxx x xxxxpredictiveMedium
164Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
165ArgumentxxxpredictiveLow
166Argumentxx_xxxxpredictiveLow
167ArgumentxxxxpredictiveLow
168ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
169ArgumentxxpredictiveLow
170Argumentxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
171ArgumentxxxxxpredictiveLow
172Argumentxxxxx/xxxxxxpredictiveMedium
173ArgumentxxxxpredictiveLow
174Argumentxxxx_xxxxpredictiveMedium
175ArgumentxxxxxxxxpredictiveMedium
176ArgumentxxxxxxxxpredictiveMedium
177ArgumentxxxxxxxxpredictiveMedium
178ArgumentxxxxxxxxxpredictiveMedium
179Argumentxxx_xxxpredictiveLow
180ArgumentxxxxxxpredictiveLow
181ArgumentxxxxxxpredictiveLow
182Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
183ArgumentxxxxxxxxxxxxxpredictiveHigh
184ArgumentxxxxxpredictiveLow
185Argumentxxxxxxx_xxxpredictiveMedium
186ArgumentxxxxpredictiveLow
187ArgumentxxxxxxxpredictiveLow
188ArgumentxxxxxxpredictiveLow
189Argumentxxxxxxxx_xxxxxpredictiveHigh
190ArgumentxxxpredictiveLow
191ArgumentxxxxxxxxxxxxpredictiveMedium
192ArgumentxxxxxxpredictiveLow
193ArgumentxxxxxxxxxpredictiveMedium
194ArgumentxxxpredictiveLow
195ArgumentxxxxxxpredictiveLow
196ArgumentxxxpredictiveLow
197Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
198ArgumentxxxpredictiveLow
199ArgumentxxxxpredictiveLow
200ArgumentxxxxxxxxpredictiveMedium
201ArgumentxxxxxxxpredictiveLow
202Argumentxxxx->xxxxxxxpredictiveHigh
203Argumentx-xxxxxxxxx-xxxpredictiveHigh
204ArgumentxxxpredictiveLow
205Argument\xxxxxx\predictiveMedium
206Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
207Argument_xxx_xxxxxxxxxxx_predictiveHigh
208Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
209Input Value.%xx.../.%xx.../predictiveHigh
210Input Value//predictiveLow
211Input Valuexxx xxxxxxxxpredictiveMedium
212Input ValuexxxxxxxxpredictiveMedium
213Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
214Input ValuexxxxxpredictiveLow
215Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
216Input Value\xpredictiveLow
217Input Value….//predictiveLow
218Pattern|xx|predictiveLow
219Network PortxxxxxpredictiveLow
220Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
221Network Portxxx/xx (xxxxxx)predictiveHigh
222Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!