Parallax RAT Analysisinfo

IOB - Indicator of Behavior (232)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en144
zh16
sv10
ru10
ja8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Google Android6
Samba4
RoundCube Webmail4
Mozilla Thunderbird4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1CmsEasy language_admin.php getslide_child_action sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2024-0523
2cmseasy cleartext transmission5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.001000.00CVE-2020-18406
3cmseasy Database Configuration information disclosure5.04.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.00CVE-2021-42644
4RoundCube Webmail Config Setting rcube_image.php argument injection8.58.4$0-$5k$0-$5kHighOfficial Fix0.126960.00CVE-2020-12641
5Hitachi Energy UNEM R16A inadequate encryption6.76.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002000.00CVE-2021-40342
6Artifex MuJS jsdate.c MakeDay integer overflow6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001330.00CVE-2017-5628
7Centreon Poller sql injection4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.004340.04CVE-2022-41142
8Compuware ISPW Operations Plugin Configuration authorization3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2022-36898
9openSIS Community Edition index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.024280.06CVE-2020-6637
10marscode index.js fs.readFile path traversal7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.006370.00CVE-2020-7681
11Apple macOS behavioral workflow5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2024-44255
12IBM MQ Configuration memory allocation6.46.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.04CVE-2024-35116
13Advanced File Manager Plugin exposure of information through directory listing5.95.8$0-$5k$0-$5kNot DefinedNot Defined0.000640.00CVE-2024-5598
14Blossom Themes BlossomThemes Email Newsletter Plugin server-side request forgery4.64.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-37098
15Table Addons for Elementor Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000530.00CVE-2024-4313
16Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl stack-based overflow8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.05CVE-2024-23959
17Live Composer Team Page Builder Plugin cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2024-35768
18Trellix EDR UI XConsole cross site scripting4.34.3$0-$5kCalculatingNot DefinedOfficial Fix0.000450.04CVE-2024-4176
19Cybozu Garoon Mail Forwarding information disclosure3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31400
20CmsEasy index.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001650.00CVE-2018-11679

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.68.94Parallax RAT02/06/2022verifiedMedium
2XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxxx Xxx07/18/2021verifiedLow
3XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxxx Xxx11/10/2021verifiedMedium
4XXX.XXX.XXX.XXXXxxxxxxx Xxx02/16/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/action/ipcamSetParamPostpredictiveHigh
2File/admin/?page=orders/view_orderpredictiveHigh
3File/admin/add_exercises.phppredictiveHigh
4File/admin/baojia_list.phppredictiveHigh
5File/adminui/history_log.phppredictiveHigh
6File/ajax/remove_sniffer_raw_log/predictiveHigh
7File/bin/httpdpredictiveMedium
8File/dist/index.jspredictiveHigh
9File/goform/AddSysLogRulepredictiveHigh
10File/goform/delDhcpRules/predictiveHigh
11File/goform/SysToolRebootpredictiveHigh
12File/x/xxxxxx?xxxxxxpredictiveHigh
13File/xxxxx/xxxx/xx.xxxpredictiveHigh
14File/xxxxx.xxx?xxxx=xxxxx&xxx=xxx&xxxxx=xxxxxxx&xxxxx_xxx=xxxxxpredictiveHigh
15File/xxxxx.xxx?xxxxxx=xxxxxxxx/xxxxxxxxpredictiveHigh
16File/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxxx/xxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxx/xxxxxxx/xxxxxxxxpredictiveHigh
23Filexx_xxxxx_xxxxx.xxxpredictiveHigh
24Filexxxxxxxx/xxxxx.xxxpredictiveHigh
25Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
26Filexxxxxxxxxxx_xxxxpredictiveHigh
27Filexxxxxx.xxpredictiveMedium
28Filexxxx_xxxx.xpredictiveMedium
29Filexxxxxxx/xxxxx/xxx-xxxx/xxx_xxx.xpredictiveHigh
30Filexxxx-xxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxx.xxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxx.xpredictiveMedium
37Filexx/xxx.xpredictiveMedium
38Filexxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxx-xxx.xxxpredictiveMedium
41Filexxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxx_xxxxx.xxxpredictiveHigh
43Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxx.xxxpredictiveMedium
46Filexxxxxxx.xxpredictiveMedium
47Filexxxxxx.xxxpredictiveMedium
48Filexxx_xxxxxxxx.xxxpredictiveHigh
49Filexxx/xxxxxxxxx/xxxxx/xxxxxxx/predictiveHigh
50Filexxx/xxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexx-xxxxxxxxx.xxxpredictiveHigh
52Libraryxxx/xxxxx/xxxxxxxx_xxxxx.xxxpredictiveHigh
53Libraryxxx/xxxxx/xxxxxxxx_xxxxx.xxxpredictiveHigh
54Libraryxxx/xxxxxxx/xxx.xxpredictiveHigh
55Argumentxxx_xxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxxx_xxxpredictiveMedium
58ArgumentxxxxpredictiveLow
59ArgumentxxxxpredictiveLow
60Argumentxxxxxx_xxxxxxxxpredictiveHigh
61Argumentxxxx_xxxpredictiveMedium
62Argumentxxxxx/xxxxx/xxxxxxpredictiveHigh
63Argumentxxxxxxxx_xxxxxpredictiveHigh
64Argumentxxxx/xxpredictiveLow
65ArgumentxxxxpredictiveLow
66ArgumentxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68Argumentxxxxx_xxxxpredictiveMedium
69ArgumentxxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxpredictiveLow
73Argumentxxxxx_xxxx_xxxxpredictiveHigh
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxxxxxpredictiveMedium
76ArgumentxxxpredictiveLow
77ArgumentxxxxxxxxxxxxxxpredictiveHigh
78Argumentxx_xxpredictiveLow
79Argumentxxxx_xxxxpredictiveMedium
80ArgumentxxxpredictiveLow
81Argumentxxxx-xxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxxxxxx/xxxxpredictiveHigh
85Argumentxxxx_xxpredictiveLow
86Argumentxxxxx[_xxxxxxxx]predictiveHigh
87ArgumentxxxxxxxxxxxxxpredictiveHigh
88Argument_xxpredictiveLow
89Input Value%xxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!