CetaRAT Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en911
es23
de15
zh14
fr14

Country

nl852
us147
sa1

Actors

Charming Kitten162
CetaRAT147
APT3634
LinuxMoose34
FIN719

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.15CVE-2019-7550
2Cisco Jabber IM XML Parser input validation6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2013-1161
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined3.59CVE-2020-12440
4Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.49CVE-2017-0055
5nginx Log File link following7.87.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2016-1247
6Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-34530
7Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$25k-$100kUnprovenOfficial Fix0.00CVE-2021-34487
8Microsoft Windows Print Spooler Privilege Escalation8.88.2$100k and more$25k-$100kFunctionalOfficial Fix0.08CVE-2021-36936
9Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-26425
10Microsoft Windows Media MPEG-4 Video Decoder Remote Code Execution8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.11CVE-2021-36937
11Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-36933
12Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.05CVE-2021-26423
13Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$25k-$100kUnprovenOfficial Fix0.05CVE-2021-26424
14Microsoft Windows Cryptographic Primitives Library information disclosure4.94.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.12CVE-2021-36938
15Microsoft Windows Digital TV Tuner Device Registration Application Privilege Escalation8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.05CVE-2021-36927
16Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.05CVE-2021-34537
17Microsoft Windows MSHTML Platform Remote Code Execution5.95.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-34534
18Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.17CVE-2021-34536
19Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.05CVE-2021-34533
20Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.06CVE-2021-36926

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
1109.236.85.152customer.worldstream.nlHigh
2161.97.142.96vmi745943.contaboserver.netHigh
3164.68.104.126vmd76303.contaboserver.netHigh
4XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxHigh
5XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (269)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File.travis.ymlMedium
2File/.envLow
3File/admin.phpMedium
4File/admin/config.php?display=disa&view=formHigh
5File/category_view.phpHigh
6File/dev/kmemMedium
7File/medical/inventories.phpHigh
8File/monitoringMedium
9File/NAGErrorsMedium
10File/plugins/servlet/audit/resourceHigh
11File/plugins/servlet/project-config/PROJECT/rolesHigh
12File/proc/ioportsHigh
13File/replicationMedium
14File/RestAPIMedium
15File/rom-0Low
16File/tmpLow
17File/tmp/speedtest_urls.xmlHigh
18File/uncpath/Medium
19File/var/log/nginxHigh
20File/wp-admin/admin.phpHigh
21Fileadclick.phpMedium
22Fileadmin-ajax.php?action=get_wdtable order[0][dir]High
23Fileadmin/index.phpHigh
24Fileadmin\model\catalog\download.phpHigh
25Fileapcupsd.pidMedium
26Fileapi/sms/send-smsHigh
27Fileapi/v1/alarmsHigh
28Fileapplication/controller/InstallerController.phpHigh
29Filearch/powerpc/kvm/book3s_rtas.cHigh
30Filexxxxxxxxxxxxxxxx.xxxHigh
31Filexxxx-xxxx.xMedium
32Filexxxx-xxxxxxx.xHigh
33Filexxxx/xxxxxxx.xxxHigh
34Filexxxxx-xxx.xMedium
35Filexxxxxx_xxxx.xxxHigh
36Filexxx/xxx.xMedium
37Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxHigh
38Filexxxxxxxx.xxxMedium
39Filexxxxxxxx.xxxMedium
40Filexxxx.xxxMedium
41Filexxx-xxx/xxxxxxxx.xxxHigh
42Filexxx-xxx/xxxxMedium
43Filexxx-xxx/xx.xxxHigh
44Filexxx-xxx/xxxx-xxxHigh
45Filexxx/xxxxxxx.xxHigh
46Filexxxx_xxxxxx.xHigh
47Filexxxxx.xx_xxxxxxxxx.xxxHigh
48Filexxxxxx.xxxMedium
49Filexxx.xxxLow
50Filexxx_xxxxxx.xxxHigh
51Filexxx.xxxLow
52Filexxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxHigh
53Filexxxxxx.xxxMedium
54Filexxxxxxxx.xxMedium
55Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
56Filexxxxxx.xxxMedium
57Filexxxxxxx.xxxMedium
58Filexxxxxxx/xxx/xxxx/xxxx.xHigh
59Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xHigh
60Filexxxxxxx_xxxx_xxxxxx_xxxx.xxxHigh
61Filexxxxx.xxxMedium
62Filexxxx/xxxxxxxxxx/xxxxxx-xxxx.xHigh
63Filexxxx.xxxMedium
64Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xHigh
65Filexxxxxxxxxxxx.xxxHigh
66Filexxxxxxx.xxxMedium
67Filexxxxx.xxxMedium
68Filexxx_xxxx.xMedium
69Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxHigh
70Filexx/xxxxxxxxx.xHigh
71Filexx/xxxxx.xMedium
72Filexx.xxxxx.xxxMedium
73Filexxxxxxxxxx.xxHigh
74Filexxxxxxxxxx.xxxHigh
75Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxHigh
76Filexxxxxxxxxxxxxxxxxxxxx.xxxHigh
77Filexxxxxx_xxxxx_xxxxxxx.xHigh
78Filexxx/xxxxxxxx.xxxHigh
79Filexxx/xxxxxx.xxxHigh
80Filexxxxxxx/xxxxx/xxx_xxxx.xHigh
81Filexxxxxxx/xxxx.xxxHigh
82Filexxxxxxxx/xxxxx-xxxxxxxxx.xxxHigh
83Filexxxxx.xxMedium
84Filexxxxx.xxxMedium
85Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxHigh
86Filexxxxx.xxMedium
87Filexxxxxxx.xxxMedium
88Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxHigh
89Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxHigh
90Filexxxxx.xxxxxxx.xxxHigh
91Filexxxx_xxxx.xxxHigh
92Filexxx/xxxxx-xxx-xxxxxxx.xxxHigh
93Filexxxxxxxxx/xxxxxxx/xxxxx.xxxHigh
94Filexxxxxx.xMedium
95Filexxxxxx/xxx/xxxxxxxx.xHigh
96Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xHigh
97Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxHigh
98Filexxxx.xxxMedium
99Filexxxxx.xxxMedium
100Filexxxxx.xxxMedium
101Filexxxx.xLow
102Filexxxxxx_xxxxx_xxxxxxx.xHigh
103Filexxxxxxxxxxxxxxxx.xHigh
104Filexxxxxx/xxxxxxxxxxxxx.xxxHigh
105Filexxx/xxxxxxxxx/xxxxx_xxxx.xHigh
106Filexxx/xxxxxxxxx/x_xxxxxx.xHigh
107Filexxxxxxxxxxxxxxxxxxxxx.xxxxHigh
108Filexx_xxxxxx_xxxxxxx/xxxx/xxxxxxxxxxx/xxxx.xxxHigh
109Filexxx_xx.xMedium
110Filexxx.xxLow
111Filexxxxxxxxxxxxxxx.xxxHigh
112Filexxxxxxxxx.xxx.xxxHigh
113Filexxx.xxxLow
114Filexxxxxxx.xxxMedium
115Filexxxxxxxxxxxxx.xxxHigh
116Filexxxxxxxxxxxx.xxxHigh
117Filexxxxx.xxxMedium
118Filexxxxxxxx/Medium
119Filexxxx.xxxMedium
120Filexxxxxxxxxx.xxxHigh
121Filexxxxxxx.xxxMedium
122Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]High
123Filexxxxxxxx.xxxxxxHigh
124Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxHigh
125Filexxxxxxxx.xxxMedium
126Filexxxxxxx.xMedium
127Filexxxxx.xxxMedium
128Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxHigh
129Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxHigh
130Filexxx.xLow
131Filexxxxxxxx/xxxxxxxx/xxxxx.xxxHigh
132Filexxxxx.xxxMedium
133Filexxxxx.xxxMedium
134Filexxxx-xxxxxx.xHigh
135Filexxxx.xxxMedium
136Filexxxx_xxxxxxx_xxxxxxxx.xxxHigh
137Filexxxxxxx.xMedium
138Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxHigh
139Filexxxxxxxxxx.xMedium
140Filexxxx/xxxx-xxxxxx_xxxx.xxxHigh
141Filexxxxxxxxx.xxxHigh
142Filexxxxxx.xxxMedium
143Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxHigh
144Filexxxx/xxxxxxxx/xxxxxxxx.xxxxHigh
145Filexxxxxxxxx.xMedium
146Filexxxxxxxxxxxxxxxxx.xxxHigh
147Filexxxx.xxxMedium
148Filexxxxx/xxxxx.xxHigh
149Filexxxxxx.xxxMedium
150Filexxxxxx/xxxxxxxxxxxxx.xxxHigh
151Filexx-xxxxx/xxxxx-xxxx.xxxHigh
152Filexx-xxxxx/xxxxxxxxx.xxxHigh
153Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xHigh
154Filexx-xxxxx/xxxx.xxxHigh
155Filexx-xxxxxxx/xxxxxxxHigh
156Filexx-xxxxxxxx/xxxxxxxxx.xxxHigh
157Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxHigh
158Filexx_xxxxxxx.xMedium
159Filexxxxxx.x/xxxxx.x/xxxx.xHigh
160Filexx_xxxx.xxxMedium
161Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxxx.xxxHigh
162Libraryxxxxxxx.xxxMedium
163Libraryxxxxxxxxx.xxxHigh
164Libraryxxxxxxxx.xxxMedium
165Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxx.xHigh
166Libraryxxxxxxxxxx/xxxxxxxx.xHigh
167Libraryxxxxxx.xxxMedium
168Libraryxxxxxxxx.xxxMedium
169Argument-xLow
170Argument-xLow
171Argumentxxx_xxxxMedium
172Argumentxxxxx_xxxxxxxxHigh
173ArgumentxxxxxxLow
174ArgumentxxxxxxxxxxxxxxHigh
175ArgumentxxxxxxxxMedium
176ArgumentxxxxxxxxxxMedium
177ArgumentxxxLow
178ArgumentxxxxxLow
179Argumentxxx_xxLow
180ArgumentxxxLow
181ArgumentxxxxxxxxxxxxxxxHigh
182Argumentxxxxxxx_xxxMedium
183Argumentxxxx_xxLow
184Argumentxxxxxxx-xxxxxxHigh
185ArgumentxxxxxxxLow
186Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)High
187ArgumentxxxxLow
188ArgumentxxxxxxxxxxxMedium
189Argumentxxxxx_xxxMedium
190ArgumentxxxxxxxxxxxMedium
191Argumentxxxxxxxxx->xxxxxxxxxHigh
192ArgumentxxxxLow
193ArgumentxxxxxxLow
194ArgumentxxxxxxxxMedium
195ArgumentxxxxxxxLow
196ArgumentxxxxxLow
197ArgumentxxxxLow
198ArgumentxxxxxxxxxxMedium
199ArgumentxxxxxxLow
200ArgumentxxxxxxxxxMedium
201ArgumentxxxxxxxxMedium
202ArgumentxxLow
203ArgumentxxxxxxxxxMedium
204ArgumentxxxxxxxxxMedium
205Argumentxxxxxxx_xxxMedium
206ArgumentxxxxxxxxxxxMedium
207ArgumentxxxxxxLow
208Argumentxxxx_xxLow
209Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxHigh
210Argumentxxxxxxxxx/xxxxxxxxxHigh
211ArgumentxxxLow
212Argumentxx_xxxxLow
213ArgumentxxxLow
214ArgumentxxxxLow
215Argumentxxx_xxxxxxxx_x/xxx_xxxxxxxx_xHigh
216Argumentxxxxxxx/xxxx/xxxxxxxxHigh
217ArgumentxxxxxLow
218Argumentxxxx_xxxxMedium
219ArgumentxxxxxxLow
220ArgumentxxxxxxxxMedium
221ArgumentxxxxxxxxMedium
222ArgumentxxxxLow
223ArgumentxxxxxxxxxMedium
224Argumentxxxxxx_xxxxMedium
225Argumentxxxxxxxx_xxxxxHigh
226ArgumentxxxxxxLow
227ArgumentxxxxxxLow
228ArgumentxxxxxLow
229ArgumentxxxxxxxxxxMedium
230ArgumentxxxxLow
231Argumentxxx_xxxxxxMedium
232ArgumentxxxxxxLow
233ArgumentxxxxxxLow
234ArgumentxxxxxxxxxMedium
235ArgumentxxxLow
236ArgumentxxxxxxxxxMedium
237ArgumentxxxxxxxxxMedium
238Argumentxxx$xxxLow
239ArgumentxxxLow
240ArgumentxxxLow
241Argumentxxxxx_xxxxxxxxHigh
242ArgumentxxxxLow
243Argumentxxxxxxxx-xxxxxxxxHigh
244Argumentxxxx_xxLow
245ArgumentxxxLow
246ArgumentxxxxLow
247ArgumentxxxxxxxxMedium
248Argumentxxxx->xxxxxxxHigh
249Argumentx-xxxx-xxMedium
250Argument\xxxxxx\Medium
251Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxHigh
252Argument_xxx_xxxxxxxxxxx_High
253Input Value%xxxxxxxx%xxxxxxx%xxx%xx%xx%xxxxxxxx%xxHigh
254Input Value.%xx.../.%xx.../High
255Input Value../Low
256Input Value//Low
257Input Valuexxx xxxxxxxxMedium
258Input Valuex;xxx=xxxx://xxxxxx.xxx/"; xxxx-xxxxx="xxxxxxx" xxx="High
259Input Valuexxxxxxxxx' xxx 'x'='xHigh
260Input Valuexxxxxxx/.......//./.......//./High
261Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxHigh
262Pattern() {Low
263Patternxxxxxxx.xxxMedium
264Network PortxxxxxLow
265Network Portxx xxxxxxx xxx.xx.xx.xxHigh
266Network Portxxx/xx (xxxxxx)High
267Network Portxxx/xxxxMedium
268Network Portxxx/xxxxxMedium
269Network Portxxx xxxxxx xxxxHigh

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!