ObliqueRAT Analysis

IOB - Indicator of Behavior (537)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en502
es22
it8
fr6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us500
ru32
cn6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Drupal8
https-proxy-agent4
Google Android4
Blue Coat ProxySG4
FreeBSD2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apache HTTP Server mod_proxy_balancer.c balancer_handler cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.07344CVE-2012-4558
2Google Android Proxy Auto-Config ic.cc UpdateLoadElement out-of-bounds write8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01156CVE-2019-2047
3Telegram Desktop Proxy credentials management8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2018-17613
4https-proxy-agent JSON memory corruption7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2018-3739
5Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.220.05242CVE-2014-3583
6Apple iOS Proxy Authentication 7pk security6.66.4$100k and more$5k-$25kNot DefinedOfficial Fix0.040.00954CVE-2016-4642
7YoungZSoft CCProxy Proxy Service memory corruption7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.010.07687CVE-2004-2685
8CNCF Envoy Proxy resource consumption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.01018CVE-2020-8659
9Blue Coat ProxySG SGOS information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01136CVE-2015-4334
10Juniper WLC Proxy ARP/No Broadcast Feature input validation5.35.1$5k-$25kCalculatingNot DefinedOfficial Fix0.070.01136CVE-2014-6381
11Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored cross site scripting5.75.4$5k-$25kCalculatingNot DefinedOfficial Fix0.010.01055CVE-2018-18370
12Palo Alto PAN-OS DNS Proxy input validation8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.010.05785CVE-2017-8390
13QNAP Proxy Server Setting improper authentication7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2017-7639
14Squid Web Proxy cachemgr.cgi injection6.15.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01108CVE-2019-18860
15Bluecoat SGOS Management Console cross site scripting4.34.1$0-$5kCalculatingNot DefinedOfficial Fix0.020.01319CVE-2010-5192
16Artica Proxy fw.progrss.details.php path traversal7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.16531CVE-2020-13158
17Artica Proxy settings.inc command injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2019-7300
18Sarg Squid Analysis Report Generator Proxy Server useragent.c useragent memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.11270CVE-2008-1167
19Google Android Proxy Configuration hydrogen-alias-analysis.h HAliasAnalyzer.Query type conversion8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01156CVE-2019-2097
20Check point Firewall-1/VPN-1 IKE Aggressive Mode missing encryption5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02172CVE-2002-1623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1185.117.73.222ObliqueRATverifiedHigh
2XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileadmin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/listpredictiveHigh
2Filecachemgr.cgipredictiveMedium
3Filecgi-bin/cmh/webcam.shpredictiveHigh
4Filefw.progrss.details.phppredictiveHigh
5Filexxxxxxxx-xxxxx-xxxxxxxx.xpredictiveHigh
6Filexx.xxpredictiveLow
7Filexxxxxx.xxxpredictiveMedium
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxx.xpredictiveMedium
10Filexxx_xxxxx_xxxxxxxx.xpredictiveHigh
11Filexxx_xxxxx_xxxx.xpredictiveHigh
12Filexxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxx.xpredictiveMedium
14Filexxxxxxxxxxxxx.xxxxpredictiveHigh
15Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxxpredictiveHigh
16ArgumentxxxxpredictiveLow
17ArgumentxxxxxxxxxxxxxpredictiveHigh
18ArgumentxxxxxxxxpredictiveMedium
19Argumentxx_xxxxxxxxpredictiveMedium
20Argumentxxxx_xxxxx/xxxx_xxxxxxxxpredictiveHigh
21ArgumentxxxxxpredictiveLow
22ArgumentxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24Argumentxxxx xxxxpredictiveMedium
25Input Value%xx%xx%xxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!