OrcusRAT Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (12)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en8
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Nanocore RAT1
Ave Maria1
BitRAT1
NetWire1
AdWind1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Interspire4
Keenetic2
PSAUX2
Not Defined2
Brokerage Technology Solutions2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Interspire Email Marketer4
Keenetic KN-10102
Keenetic KN-14102
Keenetic KN-17112
Keenetic KN-18102

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System BatchOrder sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.000570.08CVE-2024-10947
2Netgear XR300/R8500/R7000P HTTP POST Request l2tp.cgi stack-based overflow8.88.8$25k-$100k$5k-$25kNot definedNot defined 0.000540.00CVE-2024-51002
3Brokerage Technology Solutions Aero API Endpoint reliance on untrusted inputs in a security decision9.89.5$0-$5k$0-$5kNot definedNot defined 0.002730.04CVE-2024-51561
4mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key3.12.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.001200.00CVE-2024-10920
5PSAUX CyberPanel File Manager upload ProcessUtilities.outputExecutioner os command injection9.99.7$0-$5k$0-$5kNot definedOfficial fixpossible0.639830.04CVE-2024-51568
6Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information disclosure5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaround 0.002090.00CVE-2024-4021
7Ajax Load More Plugin admin-ajax.php sql injection6.76.1$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.005340.05CVE-2021-24140
8Cookex Com Ckforms index.php sql injection7.37.0$0-$5k$0-$5kHighOfficial fixpossible0.011350.02CVE-2010-1344
9Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot definedNot defined 0.002440.02CVE-2018-19553
10Interspire Email Marketer Dynamiccontenttags.php sql injection7.57.5$0-$5k$0-$5kNot definedNot defined 0.002440.00CVE-2018-19551
11DeDeCMS co_do.php sql injection8.58.5$0-$5k$0-$5kNot definedNot defined 0.006010.00CVE-2018-19061

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.202.169.178OrcusRAT07/06/2022verifiedMedium
2XXX.X.XX.XXXXxxxxxxx05/12/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1202CAPEC-108CWE-78Command Shell in Externally Accessible DirectorypredictiveHigh
2TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/filemanager/uploadpredictiveHigh
2File/interlib/order/BatchOrder?cmdACT=admin_order&xsl=adminOrder_OrderList.xslpredictiveHigh
3File/ndmComponents.jspredictiveHigh
4File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
5Filexxxx\xx_xx.xxxpredictiveHigh
6Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxx-xxxx-xxx-xxxxxx\xxx\xxxx\xxxx\xx\xxxxxx\xxxxxxxxxxxxx\xxxxxxxxxxxxxx\xxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
10ArgumentxxxxxxxxxpredictiveMedium
11ArgumentxxxpredictiveLow
12ArgumentxxxpredictiveLow
13Argumentxxxx_xxxx_xxpredictiveMedium
14ArgumentxxxxxxxxpredictiveMedium
15ArgumentxxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!