Rancor Analysis

IOB - Indicator of Behavior (868)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

sv166
fr162
pl150
it140
es136

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us842
vn12
cn8
dk2
me2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rancor5
LokiBot1
Emotet1
SharpPanda1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined362
Content Management System50
Web Browser48
Operating System36
Programming Language Software26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined230
Cisco36
Oracle36
IBM32
Microsoft22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel16
FFmpeg16
Google Chrome14
Microsoft Internet Explorer12
Oracle Java SE10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.470.38457CVE-2017-9833
2Anti-Web write.cgi path traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.010.14903CVE-2017-9097
3mpg123 MP3 File id3.c next_text memory corruption4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.01055CVE-2017-9545
4Lenovo X Server FFDC Service Log command injection5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-3744
5Synacor Zimbra Collaboration xml external entity reference8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.200.01055CVE-2016-9924
6phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.210.01055CVE-2005-3791
7Google Android SDK Platform Tools Signedness adb_client.c adb_connect memory corruption8.88.3$100k and more$0-$5kProof-of-ConceptOfficial Fix0.030.00000
8Netgear D6300B Credential Storage nvram cleartext storage5.44.6$5k-$25k$0-$5kProof-of-ConceptWorkaround0.030.00000
9OpenStack Keystone input validation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.120.01319CVE-2013-2014
10Sensysnetworks TrafficDOT code injection8.37.9$0-$5k$0-$5kNot DefinedOfficial Fix0.060.04611CVE-2014-2378
11Cws sahab-alkher.com X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00954CVE-2014-7052
12Appbasedtechnologies Belaire Family Orthodontics X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2014-7405
13Jobranco X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2014-7378
14Facebook Profits on Steroids X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00954CVE-2014-7376
15Mobileappcity Childcare X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00954CVE-2014-7375
16narr8 SPIN - Motion Comic X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2014-7374
17apps2you Cedar Kiosk X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2014-7380
18ACC Advocacy Action X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2014-7387
19Naranjas Con Tocados X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00954CVE-2014-7362
20magzter Electronics For You X.509 Certificate cryptographic issues6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00954CVE-2014-7457

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • PLAINTEE/DDKONG

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.76.176.23645.76.176.236.vultr.comRancorPLAINTEE/DDKONGverifiedMedium
245.121.146.26businesso.topRancorPLAINTEE/DDKONGverifiedHigh
3XX.XX.XXX.XXxx.xxx.xx.xx.xx-xxxx.xxxxXxxxxxXxxxxxxx/xxxxxxverifiedHigh
4XXX.XX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxXxxxxxxx/xxxxxxverifiedHigh
5XXX.XX.XXX.XXxxxxxxxxxxxxxxx.xxxxXxxxxxXxxxxxxx/xxxxxxverifiedHigh
6XXX.XX.XXX.XXXXxxxxxXxxxxxxx/xxxxxxverifiedHigh
7XXX.XXX.XX.XXXXxxxxxXxxxxxxx/xxxxxxverifiedHigh
8XXX.XXX.X.XXXxxx.xxx.x.xxx.xxxxx.xxxXxxxxxXxxxxxxx/xxxxxxverifiedMedium

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (217)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bin/login.phppredictiveHigh
2File/cgi-bin/wapopenpredictiveHigh
3File/cgi/cpaddons_feature.plpredictiveHigh
4File/data/nvrampredictiveMedium
5File/forum/away.phppredictiveHigh
6File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveHigh
7File/fs/cifs/file.cpredictiveHigh
8File/goform/loginpredictiveHigh
9File/horde/util/go.phppredictiveHigh
10File/mib.dbpredictiveLow
11File/modules/profile/index.phppredictiveHigh
12File/OA_HTML/cabo/jsps/a.jsppredictiveHigh
13File/out.phppredictiveMedium
14File/system/site.phppredictiveHigh
15Fileadb/adb_client.cpredictiveHigh
16Fileadclick.phppredictiveMedium
17Fileadd_comment.phppredictiveHigh
18Fileadelogs.adobe.compredictiveHigh
19Fileadmin.phppredictiveMedium
20Fileadmin/google_search_console/class-gsc-table.phppredictiveHigh
21Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
22Fileandroid/webkit/SearchBoxImpl.javapredictiveHigh
23Fileapp-layer-ssh.cpredictiveHigh
24Filearch_init.cpredictiveMedium
25Fileauthenticate.cpredictiveHigh
26Filexxxxxxxxx.xxxpredictiveHigh
27Filexx.xxxpredictiveLow
28FilexxxxxxpredictiveLow
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxxxx.xxxpredictiveHigh
31Filexxx-xxxx.xxxpredictiveMedium
32Filexxx-xxx/xxxxx.xxxpredictiveHigh
33FilexxxxxxxxpredictiveMedium
34Filexxxxxx/xxx.xpredictiveMedium
35Filexxxxxx/xxxxx/xxxxxxx.xpredictiveHigh
36Filexxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxx-xxxxx-xxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxxxxx/xxxxxxxxxxxxxxx_xxxx.xxpredictiveHigh
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxx_xxxxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxxx-xxxxx.xpredictiveHigh
45Filexxxx_xxxxx.xxxpredictiveHigh
46Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
47Filexxxxxxxxxxxxx/predictiveHigh
48Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveHigh
49Filexxxxxxxx_xxxxxxxx.xxxpredictiveHigh
50Filexx/xxx/xxxxx.xpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxx_xxxx.xxxpredictiveHigh
53Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxx.xxpredictiveMedium
57Filexxxxxxxx-xxxx-xxxxxx-xx-xxxxxxx.xxxpredictiveHigh
58Filexxx/xxxxxx.xxxpredictiveHigh
59Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
60Filexxxxx.xxxpredictiveMedium
61Filexxxxxxx-xx.xpredictiveMedium
62Filexxx.xpredictiveLow
63Filexxxxxxxxxx/xxxx.xpredictiveHigh
64Filexxxxxxxxxx/xxxx.xpredictiveHigh
65Filexxxxxxxxxx/xxxx_xxpredictiveHigh
66Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
67Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveHigh
68Filexxxxx.xxxpredictiveMedium
69Filexxxxx.xxxpredictiveMedium
70Filexxxx.xxxpredictiveMedium
71Filexxxxxxxxxx.xpredictiveMedium
72Filexxxxx/xxxxxxx/xxxxxx_xxxxx_xxxxxxx.xxpredictiveHigh
73Filexxxx_xxxxx.xxxxxxxx-xxx.xxxpredictiveHigh
74Filexxxxxxxx.xpredictiveMedium
75Filexxxx.xxxpredictiveMedium
76Filexxx-xxxxxxxx.xpredictiveHigh
77Filexxxxxxx.xxxpredictiveMedium
78Filexxxxxxx/xxxxxxxxxxxx.xpredictiveHigh
79Filexxx_xxx_xxx/xxxxx.xpredictiveHigh
80Filexxxxxxxxx.xpredictiveMedium
81Filexxx/xxxx/xxx_xxxxxx.xpredictiveHigh
82Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
83Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
84Filexxxx/xxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
86Filexx_xxxx.xxxpredictiveMedium
87Filexxx.xxxxpredictiveMedium
88Filexxxxxxx.xxxpredictiveMedium
89Filexxxxx.xxxpredictiveMedium
90Filexxxxxxxx.xxxpredictiveMedium
91Filexxxxxxxxxx.xxxpredictiveHigh
92Filexxxxxxxxx/xxx/xxxxxxxxxxxxx.xxxpredictiveHigh
93Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
94Filexxxxxx.xxxpredictiveMedium
95Filexxxxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxx.xxxpredictiveMedium
97Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveHigh
98Filexxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
99Filexxxxxxxxx.xpredictiveMedium
100Filexxxxx/xxxx/xxxxx.xpredictiveHigh
101Filexxxxxxxxx.xxxpredictiveHigh
102Filexx_xxxxxxx.xxxpredictiveHigh
103Filexxxxxxxxxxx.xxxpredictiveHigh
104Filexxxxxxxx.xxxpredictiveMedium
105Filexxx.xxxpredictiveLow
106Filexxxxxxxxxxx_xxxxx.xxxpredictiveHigh
107Filexxxx/xxxx_xxxx.xpredictiveHigh
108Filexxxxxxxxx_xxxx.xpredictiveHigh
109Filexxxxxxx.xpredictiveMedium
110Filexxxxxxx.xxxpredictiveMedium
111Filexxx.xxxpredictiveLow
112Filexx-xxxxx/xx/xxxx-xxx.xxpredictiveHigh
113Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
114Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
115Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
116Filexx-xxxxxxxxxxx.xxxpredictiveHigh
117Filexx-xxxxxxxxx.xxxpredictiveHigh
118Libraryxxxxxxx\xxx\xxxxxxxx-xxx-x.xxxpredictiveHigh
119Libraryxxx/xxxxxx_xxxx.xx)predictiveHigh
120Libraryxxx/xxxxxx/xxxxxx_.xpredictiveHigh
121Libraryxxx/xxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
122Libraryxxx/xxx.xxpredictiveMedium
123Libraryxxx/xxxxxxxx/xxxx.xxpredictiveHigh
124LibraryxxxxxxpredictiveLow
125Libraryxxxxxxx/xxxxx/xxx/xxxxxx.xpredictiveHigh
126Libraryxxx/xxxxxxxxx/xxx.xpredictiveHigh
127Argument$_xxxxxxx['xxxx']predictiveHigh
128Argument-xpredictiveLow
129Argument/../predictiveLow
130ArgumentxxxxxxxxxxpredictiveMedium
131ArgumentxxxxxxxxxxxpredictiveMedium
132ArgumentxxxxxxxxpredictiveMedium
133ArgumentxxxpredictiveLow
134ArgumentxxxpredictiveLow
135ArgumentxxxxxxxpredictiveLow
136ArgumentxxxpredictiveLow
137ArgumentxxxxxxxxpredictiveMedium
138ArgumentxxxxpredictiveLow
139ArgumentxxxxxxxxxxxxxpredictiveHigh
140ArgumentxxxpredictiveLow
141ArgumentxxxxxxxpredictiveLow
142ArgumentxxxxxpredictiveLow
143ArgumentxxxxxxxxxxpredictiveMedium
144ArgumentxxxxxxxxpredictiveMedium
145ArgumentxxxxxpredictiveLow
146ArgumentxxxxxxxpredictiveLow
147ArgumentxxxxxxxxxpredictiveMedium
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxxxxxxxxpredictiveMedium
150ArgumentxxpredictiveLow
151Argumentxxxxx_xxxx_xxxxxxpredictiveHigh
152ArgumentxxxxpredictiveLow
153ArgumentxxxxpredictiveLow
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxxxpredictiveLow
156Argumentxxxx/xxx_xxxxxx/xxxxpredictiveHigh
157ArgumentxxxxxxxxxxpredictiveMedium
158ArgumentxxxpredictiveLow
159ArgumentxxxxxpredictiveLow
160Argumentxxxx_xxxxxpredictiveMedium
161Argumentxxx_xxxxxxpredictiveMedium
162ArgumentxxxxpredictiveLow
163ArgumentxxxxxxxxpredictiveMedium
164Argumentxxx-xxx xxxx xxxxxxxxpredictiveHigh
165ArgumentxxxxxxxxxpredictiveMedium
166ArgumentxxxxxxxxpredictiveMedium
167ArgumentxxxxxxxxxxxpredictiveMedium
168ArgumentxxxxxxxxxpredictiveMedium
169Argumentxxx_xxxxpredictiveMedium
170ArgumentxxxxxxxxpredictiveMedium
171ArgumentxxxpredictiveLow
172ArgumentxxxxxpredictiveLow
173Argumentxxxxxxxxxxxxx xxpredictiveHigh
174ArgumentxxxxxxxxpredictiveMedium
175Argumentxxxxxxxx_xxxpredictiveMedium
176ArgumentxxxxxxxxxpredictiveMedium
177ArgumentxxxxxxxpredictiveLow
178ArgumentxxxxxxpredictiveLow
179ArgumentxxxxxxpredictiveLow
180ArgumentxxxxxxxxxxpredictiveMedium
181Argumentxxxxxx_xxpredictiveMedium
182Argumentxxxx_xxxpredictiveMedium
183ArgumentxxxxpredictiveLow
184ArgumentxxpredictiveLow
185ArgumentxxxpredictiveLow
186Argumentxx_xxpredictiveLow
187ArgumentxxxxxpredictiveLow
188ArgumentxxxxxxpredictiveLow
189Argumentxx_xxpredictiveLow
190ArgumentxxxxxxxxpredictiveMedium
191ArgumentxxxxxxxxpredictiveMedium
192ArgumentxxxxxxpredictiveLow
193Argumentxxxxxx[]predictiveMedium
194ArgumentxxxxxxxxxxxxxxxpredictiveHigh
195Argumentxxxx=xxxxxxxxpredictiveHigh
196Argumentxxxxxx_xxxpredictiveMedium
197ArgumentxxxpredictiveLow
198ArgumentxxxpredictiveLow
199ArgumentxxxxxxxxpredictiveMedium
200ArgumentxxxxxpredictiveLow
201Argumentxxx[xxxx_xx]predictiveMedium
202ArgumentxxxxxxpredictiveLow
203ArgumentxxxxxxxxxxxpredictiveMedium
204Argument_xxxxxxxpredictiveMedium
205Input Value'xx x=xpredictiveLow
206Input Value);<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh
207Input Value..%xxpredictiveLow
208Input Value../..predictiveLow
209Input Value/\xxxxxxx.xxxpredictiveHigh
210Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
211Input Valuexxxxxxx.xxx_xxx.xxxpredictiveHigh
212Input ValuexxxxxxpredictiveLow
213Input Value\xxx\xxx\xxx\xxx\xxxpredictiveHigh
214Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
215Network Portxxx/xxxxpredictiveMedium
216Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveHigh
217Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!