RagnarLocker Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en303
pl28
de14
es9
zh7

Country

us231
de31
cn14
ru6
fr6

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.71CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
3Phorum register.php cross site scriting6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.07CVE-2007-0769
4Biometric Shift Employee Management System index.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-17995
5AlstraSoft AskMe Pro register.php cross site scriting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.03
6Trend Micro HouseCall for Home Networks Library uncontrolled search path6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2021-32466
7SSReader Ultra Star Reader ActiveX Control pdg2.dll Register memory corruption10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.06CVE-2007-5892
8Moreover.com Cached Feed.cgi Script cached_feed.cgi path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2000-0906
9cpCommerce register.php cross site scriting4.34.2$0-$5k$0-$5kHighUnavailable0.03CVE-2007-2968
10The Address Book register.php privileges management7.36.4$0-$5k$0-$5kUnprovenUnavailable0.03CVE-2006-4580
11PsychoStats register.php cross site scriting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.00
12Phorum register.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2004-2110
13SmartDataSoft SmartBlog archive.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-37538
14Tiki TikiWiki tiki-editpage.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2004-1386
15Woltlab Burning Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.03CVE-2007-1443
16JContentSubscription register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.09
17Bitweaver register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.03CVE-2007-6374
18LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.03CVE-2007-0864
19Exo ExoPHPdesk register.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2007-5990
20Snitz Forums 2000 register.asp cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.05CVE-2004-2720

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.45.65.52RagnarLockerverifiedHigh
223.106.122.192RagnarLockerverifiedHigh
323.227.202.7223-227-202-72.static.hvvc.usRagnarLockerverifiedHigh
437.120.238.107RagnarLockerverifiedHigh
545.63.89.25045.63.89.250.vultr.comRagnarLockerverifiedMedium
645.90.59.131unallocated.layer6.netRagnarLockerverifiedHigh
745.91.93.75mnbbim4.uniteq.xyzRagnarLockerverifiedHigh
8XX.XXX.XX.Xxxxxxxxx.xx.xxxxxxxXxxxxxxxxxxxverifiedHigh
9XX.XXX.XXX.XXXXxxxxxxxxxxxverifiedHigh
10XX.XX.XX.XXxxx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
11XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxverifiedHigh
12XX.XXX.XXX.XXxx-xxx-xxx-xx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
13XX.XXX.XXX.XXxxx.xxxxxxx.xx.xxXxxxxxxxxxxxverifiedHigh
14XX.XX.XX.XXXxxxxxxxxxxxverifiedHigh
15XX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxverifiedHigh
16XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
17XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
18XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxverifiedHigh
19XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxxxverifiedHigh
20XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxxxxxxxxxverifiedMedium
21XXX.XX.XXX.Xxxxxx.xxxxxxxxxxx.xxx.xxXxxxxxxxxxxxverifiedHigh
22XXX.XX.XX.XXxxxxxx.xx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxverifiedHigh
23XXX.XX.XXX.XXxxx.xxx.xxxxx.xxxXxxxxxxxxxxxverifiedHigh
24XXX.XXX.XXX.XXxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
25XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxxxxxxverifiedHigh
26XXX.XXX.XXX.XXXXxxxxxxxxxxxverifiedHigh
27XXX.XX.XX.XXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
28XXX.XX.XX.XXxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
29XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxxxverifiedHigh
30XXX.XX.XX.XXxxx-xx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
31XXX.XX.XXX.XXXxxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
32XXX.XX.XX.XXXxxxxxx-xxxxxxx.xxxxx.xxXxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (156)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminlogin.asppredictiveHigh
2File/category_view.phppredictiveHigh
3File/forum/away.phppredictiveHigh
4File/HNAP1predictiveLow
5File/mc-admin/post.php?state=delete&deletepredictiveHigh
6File/public/login.htmpredictiveHigh
7File/usr/ucb/mailpredictiveHigh
8File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
9Fileadclick.phppredictiveMedium
10Fileaddmember.phppredictiveHigh
11Fileaddtocart.asppredictiveHigh
12Fileaddtomylist.asppredictiveHigh
13Fileadmin.x-shop.phppredictiveHigh
14Fileadmin/auth.phppredictiveHigh
15Fileadmin/import/class-import-settings.phppredictiveHigh
16Fileadmin/sqlpatch.phppredictiveHigh
17Fileadmincp/auth/checklogin.phppredictiveHigh
18Fileadminlogin.asppredictiveHigh
19Fileaj.htmlpredictiveLow
20Fileajax/autocompletion.phppredictiveHigh
21Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
22Filexxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxpredictiveMedium
24Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
25Filexxxxxx_xxxx.xxxpredictiveHigh
26Filexxx.xxxpredictiveLow
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
29Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHigh
30Filexxx-xxx/xxxxxx/xxxxx.xxpredictiveHigh
31Filexxxxxxxxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
32Filexxxx/xxxx/xxx.xxxxxxx.xxxxxxx/xxxxxx_xxxxx/xxx.xxxpredictiveHigh
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxx.xxxpredictiveLow
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
38Filexxxx.xpredictiveLow
39Filexxxxx.xxxpredictiveMedium
40Filexxxx.xxxpredictiveMedium
41Filexxxxxxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxx/xxxxxx.xxxpredictiveHigh
45Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
46Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
47Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx/xxx.xxxpredictiveHigh
48Filexxxxxxxx/xxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxxx.xxx.xxxpredictiveHigh
51Filexx.xxxpredictiveLow
52Filexxxx.xxxpredictiveMedium
53Filexxxxx/xxxxx.xxxpredictiveHigh
54Filexxxx/x/xxxxxx.xpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Filexx_xxxx.xpredictiveMedium
58Filexxxxxxxxx.xxpredictiveMedium
59FilexxxpredictiveLow
60Filexxx.xpredictiveLow
61Filexxxxx/xxxxxxx.xpredictiveHigh
62Filexxxxx-xxxxx.xpredictiveHigh
63Filexxxxxxx.xxxpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxx.xxxpredictiveMedium
67Filexxxxxxxx.xxxpredictiveMedium
68Filexxxxxxxx.xxpredictiveMedium
69Filexxxxxx.xxxpredictiveMedium
70Filexxxxxx.xxxpredictiveMedium
71Filexxxxxx_xxxx.xxxpredictiveHigh
72Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
73Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
74Filexxxx.xxxpredictiveMedium
75Filexxxx/xxxx.xxxpredictiveHigh
76Filexxxxxxxxxxx.xxxpredictiveHigh
77Filexxxx-xxxxxxxx.xxxpredictiveHigh
78Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
79Filexxxx.xxxpredictiveMedium
80Filexxxxxxxx-x.xpredictiveMedium
81Filexxxxxx.xxxpredictiveMedium
82Filexxxxxx.xxxpredictiveMedium
83Filexxx.xxxpredictiveLow
84Filexxxxx/xxxxxxxx.xxxpredictiveHigh
85Filexxxx.xxxpredictiveMedium
86Filexxxx/xxxxxxxx.xxxpredictiveHigh
87Filexxxx_xxx.xxxpredictiveMedium
88Filexx-xxxxxxxx-xxxx.xxxpredictiveHigh
89Filexx-xxxxxxxx.xxxpredictiveHigh
90Filexxx/xxxx/xx/xxxxxxx.xxxpredictiveHigh
91File~/xxx/xxxxxxxxx/xxxx/xxxx/xxxxxx.xxxpredictiveHigh
92Libraryxxxxx/xxxxxxxxx/xxxxx.xxxxxxxxx.xxxpredictiveHigh
93Libraryxxxxxxxx.xxxpredictiveMedium
94Libraryxxxx.xxxpredictiveMedium
95Libraryxxxxxxx.xxxpredictiveMedium
96ArgumentxxxxxxpredictiveLow
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxx_xxxpredictiveMedium
99Argumentxxxxxxxxx xx xxxxxxxpredictiveHigh
100ArgumentxxxpredictiveLow
101Argumentxxxxxxxx/xxxxxxpredictiveHigh
102Argumentxxxxxxxx_xxpredictiveMedium
103ArgumentxxxxxxxxxxpredictiveMedium
104ArgumentxxxxxxxpredictiveLow
105ArgumentxxxxxxpredictiveLow
106ArgumentxxxxxxpredictiveLow
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109ArgumentxxxxxpredictiveLow
110Argumentxxxxx_xxxx_xxxxpredictiveHigh
111ArgumentxxxxxpredictiveLow
112Argumentxxxxx_xxxxxxxxxxxpredictiveHigh
113ArgumentxxxxxxpredictiveLow
114Argumentxxxx_xxxxxpredictiveMedium
115Argumentxxxx_xxxxxxxpredictiveMedium
116ArgumentxxpredictiveLow
117ArgumentxxpredictiveLow
118ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
119Argumentxxxxxxx_xxxxpredictiveMedium
120ArgumentxxxxxxxxxpredictiveMedium
121ArgumentxxxxpredictiveLow
122ArgumentxxxxpredictiveLow
123Argumentxxxx_xxxxpredictiveMedium
124ArgumentxxxxxxxxxxxxxxpredictiveHigh
125ArgumentxxxxxxxxxxxxxpredictiveHigh
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxpredictiveLow
128Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
129ArgumentxxxxpredictiveLow
130ArgumentxxxxpredictiveLow
131Argumentxx_xxxxxxxxxxxpredictiveHigh
132Argumentxxxx_xxxxpredictiveMedium
133Argumentxxxxx_xxxx_xxxxpredictiveHigh
134ArgumentxxxxxxxpredictiveLow
135Argumentxxxxx_xxxxxxpredictiveMedium
136ArgumentxxxxxxxxxxxpredictiveMedium
137ArgumentxxxxxxxxxxxxpredictiveMedium
138ArgumentxxxxxxxxxxpredictiveMedium
139Argumentxxxx_xxxxpredictiveMedium
140Argumentxxxxxxxxxx_xxxxpredictiveHigh
141ArgumentxxxxxxxxxxpredictiveMedium
142ArgumentxxxpredictiveLow
143ArgumentxxxxpredictiveLow
144Argumentxxxx_xx[]predictiveMedium
145ArgumentxxxpredictiveLow
146Argumentxxxx-xxxxxpredictiveMedium
147ArgumentxxxxxxxxpredictiveMedium
148Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
149Argumentxxxx_xxxxxpredictiveMedium
150Argumentxxxx_xxxxxpredictiveMedium
151Argumentxxxxx_xxxpredictiveMedium
152ArgumentxxxxpredictiveLow
153Argument_xxx_xxxxxxx_xxxxx_xxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxx_xxxxxpredictiveHigh
154Argument__xxxxxxxxxpredictiveMedium
155Input Value'xx''='predictiveLow
156Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!