DetaRAT Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en45
de17

Country

us18
de16
ca3

Actors

ActionRAT62

Activities

Interest

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.40CVE-2010-0966
3Play Framework PlayJava denial of service5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-27196
4Linksys WAG54GS Default Password access control7.37.1$0-$5k$0-$5kHighNot Defined0.05CVE-2007-6709
5Linksys WAG54GS User Account setup.cgi cross-site request forgery4.34.2$0-$5k$0-$5kHighNot Defined0.00CVE-2007-6708
6Linksys WAG54GS cross site scripting4.34.2$0-$5k$0-$5kHighNot Defined0.08CVE-2007-6707
7IHU I Hear U player.cpp processpacket input validation5.34.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.08CVE-2007-6103
8PHP denial of service6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2007-5898
9B. Braun OnlineSuite Excel Export injection6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-25170
10IBM UrbanCode Deploy REST Call access control6.46.1$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2020-4482
11Synopsys hub-rest-api-python SSL Certificate certificate validation6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-27589
12Play Framework JSON form-data resource consumption5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-26882
13Play Framework JSON Document recursion5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-26883
14PowerScripts PowerNews news.php sql injection7.37.3$0-$5k$0-$5kHighNot Defined0.06CVE-2009-0705
15Cellinx NVT Web Server SetFileContent.cgi improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-28250
16Joplin Note cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-28249
17MIT Kerberos 5 ASN.1 asn1_encode.c recursion5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-28196
18Subrion CMS cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.09CVE-2019-7356
19Qmail Non-Delivery Notification denial of service5.35.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03
20W3 Total Cache Plugin Performance Menu admin.php Reflected cross site scriting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.00

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameCampaignsConfidence
1173.212.224.110vmi587275.contaboserver.netHigh
2173.249.50.230vmi626137.contaboserver.netHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1499CWE-400, CWE-404, CWE-770Resource ConsumptionHigh
4TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/wordpress/wp-admin/admin.phpHigh
2Fileadmin/index.phpHigh
3Filedata/gbconfiguration.datHigh
4Filexxxxxx.xxxMedium
5Filexxx/xxxxxx.xxxHigh
6Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xHigh
7Filexxxxx.xxxMedium
8Filexxxxxxx.xxxMedium
9Filexxxxxxxxx/xxxx-xxxxHigh
10Filexxxx.xxxMedium
11Filexxxxx/xxxxxxx/High
12Filexxxxxx.xxxMedium
13Filexxxxxxxxxxxxxx.xxxHigh
14Filexxxxx.xxxMedium
15Libraryxxx/xxxxxxxxxxxxx.xxxHigh
16ArgumentxxxxxxxxMedium
17ArgumentxxxxxxxLow
18ArgumentxxxxLow
19ArgumentxxxxxxxxxxMedium
20ArgumentxxxxxxLow
21Argumentxxxxxxx_xxMedium
22ArgumentxxxxxxxLow
23ArgumentxxxxLow
24ArgumentxxxxxLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!