Rancor Analysis

IOB - Indicator of Behavior (906)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

sv172
it166
fr162
pl144
en134

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us872
cn18
vn10
me4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome20
Microsoft Internet Explorer18
Linux Kernel16
ownCloud16
FFmpeg12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.010750.97CVE-2006-6168
2Boa Webserver GET wapopen path traversal6.46.0$1k-$2k$0-$1kProof-of-ConceptNot Defined0.735400.04CVE-2017-9833
3Anti-Web write.cgi path traversal7.27.2$1k-$2k$0-$1kNot DefinedNot Defined0.007020.00CVE-2017-9097
4mpg123 MP3 File id3.c next_text memory corruption4.44.4$0-$1k$0-$1kNot DefinedNot Defined0.001770.00CVE-2017-9545
5LogicBoard CMS away.php redirect6.36.1$2k-$5k$0-$1kNot DefinedUnavailable0.000001.70
6Clash Configuration File cfw-setting.yaml permission assignment8.08.0$1k-$2k$0-$1kNot DefinedNot Defined0.003890.04CVE-2023-24205
7Lenovo X Server FFDC Service Log command injection5.45.4$1k-$2k$0-$1kNot DefinedNot Defined0.000600.00CVE-2017-3744
8DZCP deV!L`z Clanportal config.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.009430.28CVE-2010-0966
9Synacor Zimbra Collaboration xml external entity reference8.58.2$2k-$5k$0-$1kNot DefinedOfficial Fix0.004410.00CVE-2016-9924
10e-Quick Cart shopprojectlogin.asp sql injection6.36.3$2k-$5k$0-$1kNot DefinedNot Defined0.000000.03
11Tiki Admin Password tiki-login.php improper authentication8.07.7$1k-$2k$0-$1kNot DefinedOfficial Fix0.009361.53CVE-2020-15906
12Pligg cloud.php sql injection6.36.3$2k-$5k$0-$1kNot DefinedNot Defined0.000000.22
13vBulletin redirector.php6.66.6$2k-$5k$0-$1kNot DefinedNot Defined0.001060.04CVE-2018-6200
14phpPgAds adclick.php unknown vulnerability5.35.3$2k-$5k$0-$1kNot DefinedNot Defined0.003170.06CVE-2005-3791
15Google Android SDK Platform Tools Signedness adb_client.c adb_connect memory corruption8.88.3$100k and more$0-$1kProof-of-ConceptOfficial Fix0.000000.00
16Netgear D6300B Credential Storage nvram cleartext storage5.44.6$10k-$25k$0-$1kProof-of-ConceptWorkaround0.000000.00
17OpenStack Keystone input validation5.35.1$2k-$5k$0-$1kNot DefinedOfficial Fix0.011660.00CVE-2013-2014
18Sensysnetworks TrafficDOT code injection8.37.9$2k-$5k$0-$1kNot DefinedOfficial Fix0.008280.00CVE-2014-2378
19Cws sahab-alkher.com X.509 Certificate cryptographic issues6.36.3$1k-$2k$0-$1kNot DefinedNot Defined0.000490.00CVE-2014-7052
20Appbasedtechnologies Belaire Family Orthodontics X.509 Certificate cryptographic issues6.36.3$1k-$2k$0-$1kNot DefinedNot Defined0.000490.00CVE-2014-7405

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • PLAINTEE/DDKONG

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (230)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bin/login.phppredictiveHigh
2File/cgi-bin/wapopenpredictiveHigh
3File/cgi/cpaddons_feature.plpredictiveHigh
4File/data/nvrampredictiveMedium
5File/forum/away.phppredictiveHigh
6File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveHigh
7File/fs/cifs/file.cpredictiveHigh
8File/goform/loginpredictiveHigh
9File/horde/util/go.phppredictiveHigh
10File/mib.dbpredictiveLow
11File/modules/profile/index.phppredictiveHigh
12File/OA_HTML/cabo/jsps/a.jsppredictiveHigh
13File/out.phppredictiveMedium
14File/system/site.phppredictiveHigh
15Fileadb/adb_client.cpredictiveHigh
16Fileadclick.phppredictiveMedium
17Fileadd_comment.phppredictiveHigh
18Fileadelogs.adobe.compredictiveHigh
19Fileadmin.phppredictiveMedium
20Fileadmin/google_search_console/class-gsc-table.phppredictiveHigh
21Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
22Fileandroid/webkit/SearchBoxImpl.javapredictiveHigh
23Fileapp-layer-ssh.cpredictiveHigh
24Filearch_init.cpredictiveMedium
25Fileauthenticate.cpredictiveHigh
26Fileawstats.plpredictiveMedium
27FileBKCLogSvr.exepredictiveHigh
28Filexx.xxxpredictiveLow
29FilexxxxxxpredictiveLow
30Filexxx_xxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxxxxx.xxxpredictiveHigh
33Filexxx-xxxx.xxxpredictiveMedium
34Filexxx-xxxxxxx.xxxxpredictiveHigh
35Filexxx-xxx/xxxxx.xxxpredictiveHigh
36FilexxxxxxxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxx/xxx.xpredictiveMedium
39Filexxxxxx/xxxxx/xxxxxxx.xpredictiveHigh
40Filexxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxx-xxxxx-xxxxxxxx.xxxpredictiveHigh
43Filexxxxxxx/xxxxxx/xxxxxxxxxxxxxxx_xxxx.xxpredictiveHigh
44Filexxxxxxxxx.xxxpredictiveHigh
45Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxx_xxxxxxx.xxxpredictiveHigh
47Filexxxxxx.xxxpredictiveMedium
48Filexxxxxx-xxxxx.xpredictiveHigh
49Filexxxx_xxxxx.xxxpredictiveHigh
50Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveHigh
51Filexxxxxxxxxxxxx/predictiveHigh
52Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveHigh
53Filexxxxxxxx_xxxxxxxx.xxxpredictiveHigh
54Filexx/xxx/xxxxx.xpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxx_xxxx.xxxpredictiveHigh
57Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxxx.xxpredictiveMedium
61Filexxxxxxxx-xxxx-xxxxxx-xx-xxxxxxx.xxxpredictiveHigh
62Filexxx/xxxxxx.xxxpredictiveHigh
63Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxxx-xx.xpredictiveMedium
66Filexxx.xpredictiveLow
67Filexxxxxxxxxx/xxxx.xpredictiveHigh
68Filexxxxxxxxxx/xxxx.xpredictiveHigh
69Filexxxxxxxxxx/xxxx_xxpredictiveHigh
70Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
71Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveHigh
72Filexxxxx.xxxpredictiveMedium
73Filexxxxx.xxxpredictiveMedium
74Filexxxx.xxxpredictiveMedium
75Filexxxxxxxxxx.xpredictiveMedium
76Filexxxxx/xxxxxxx/xxxxxx_xxxxx_xxxxxxx.xxpredictiveHigh
77Filexxxx_xxxxx.xxxxxxxx-xxx.xxxpredictiveHigh
78Filexxxxxxxx.xpredictiveMedium
79Filexxxx.xxxpredictiveMedium
80Filexxx-xxxxxxxx.xpredictiveHigh
81Filexxxxxxx.xxxpredictiveMedium
82Filexxxxxxx.xxxpredictiveMedium
83Filexxxxxxx/xxxxxxxxxxxx.xpredictiveHigh
84Filexxx_xxx_xxx/xxxxx.xpredictiveHigh
85Filexxxxxxxxx.xpredictiveMedium
86Filexxx/xxxx/xxx_xxxxxx.xpredictiveHigh
87Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
88Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
89Filexxxx/xxxxxxxxx.xxxpredictiveHigh
90Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
91Filexx_xxxx.xxxpredictiveMedium
92Filexxx.xxxxpredictiveMedium
93Filexxxxxxx.xxxpredictiveMedium
94Filexxxxx.xxxpredictiveMedium
95Filexxxxxxxx.xxxpredictiveMedium
96Filexxxxxxxxxx.xxxpredictiveHigh
97Filexxxxxxxxx/xxx/xxxxxxxxxxxxx.xxxpredictiveHigh
98Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
99Filexxxxxx.xxxpredictiveMedium
100Filexxxxxxxxxx.xxxpredictiveHigh
101Filexxxxxxxx.xxxpredictiveMedium
102Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveHigh
103Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
104Filexxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
105Filexxxxxxxxx.xpredictiveMedium
106Filexxxxx/xxxx/xxxxx.xpredictiveHigh
107Filexxxxxxxxx.xxxpredictiveHigh
108Filexx_xxxxxxx.xxxpredictiveHigh
109Filexxxxxxxxxxx.xxxpredictiveHigh
110Filexxxxxxxx.xxxpredictiveMedium
111Filexxxx-xxxxx.xxxpredictiveHigh
112Filexxxx-xxxxxxxx.xxxpredictiveHigh
113Filexxx.xxxpredictiveLow
114Filexxxxxxxxxxx_xxxxx.xxxpredictiveHigh
115Filexxxx/xxxx_xxxx.xpredictiveHigh
116Filexxxxxxxxx_xxxx.xpredictiveHigh
117Filexxxxxxx.xpredictiveMedium
118Filexxxxxxx.xxxpredictiveMedium
119Filexxx.xxxpredictiveLow
120Filexx-xxxxx/xx/xxxx-xxx.xxpredictiveHigh
121Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
122Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
123Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
124Filexx-xxxxxxxxxxx.xxxpredictiveHigh
125Filexx-xxxxxxxxx.xxxpredictiveHigh
126Libraryxxxxxxx\xxx\xxxxxxxx-xxx-x.xxxpredictiveHigh
127Libraryxxx/xxxxxx_xxxx.xx)predictiveHigh
128Libraryxxx/xxxxxx/xxxxxx_.xpredictiveHigh
129Libraryxxx/xxxxxx/xxxxxxxx/xxx.xxxpredictiveHigh
130Libraryxxx/xxx.xxpredictiveMedium
131Libraryxxx/xxxxxxxx/xxxx.xxpredictiveHigh
132LibraryxxxxxxpredictiveLow
133Libraryxxxxxxx/xxxxx/xxx/xxxxxx.xpredictiveHigh
134Libraryxxx/xxxxxxxxx/xxx.xpredictiveHigh
135Argument$_xxxxxxx['xxxx']predictiveHigh
136Argument-xpredictiveLow
137Argument/../predictiveLow
138ArgumentxxxxxxxxxxpredictiveMedium
139ArgumentxxxxxxxxxxxpredictiveMedium
140ArgumentxxxxxxxxpredictiveMedium
141ArgumentxxxpredictiveLow
142ArgumentxxxxxxxxxxpredictiveMedium
143ArgumentxxxpredictiveLow
144ArgumentxxxxxxxpredictiveLow
145ArgumentxxxxxxpredictiveLow
146ArgumentxxxxpredictiveLow
147ArgumentxxxpredictiveLow
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxpredictiveLow
150ArgumentxxxxxxxxxxxxxpredictiveHigh
151ArgumentxxxpredictiveLow
152ArgumentxxxxxxxpredictiveLow
153ArgumentxxxxxpredictiveLow
154ArgumentxxxxxxxxxxpredictiveMedium
155ArgumentxxxxxxxxpredictiveMedium
156ArgumentxxxxxpredictiveLow
157ArgumentxxxxxxxpredictiveLow
158ArgumentxxxxxxxxxpredictiveMedium
159ArgumentxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxxxxxpredictiveMedium
161ArgumentxxpredictiveLow
162Argumentxxxxx_xxxx_xxxxxxpredictiveHigh
163ArgumentxxxxpredictiveLow
164ArgumentxxxxpredictiveLow
165ArgumentxxxxxxpredictiveLow
166ArgumentxxxxxxpredictiveLow
167Argumentxxxx/xxx_xxxxxx/xxxxpredictiveHigh
168ArgumentxxxxxxxxxxpredictiveMedium
169ArgumentxxxpredictiveLow
170ArgumentxxxxxpredictiveLow
171Argumentxxxx_xxxxxpredictiveMedium
172Argumentxxx_xxxxxxpredictiveMedium
173ArgumentxxxxpredictiveLow
174ArgumentxxxxxxxxpredictiveMedium
175Argumentxxx-xxx xxxx xxxxxxxxpredictiveHigh
176ArgumentxxxxxxxxxpredictiveMedium
177ArgumentxxxxxxxxpredictiveMedium
178ArgumentxxxxxxxxxxxpredictiveMedium
179ArgumentxxxxxxxxxpredictiveMedium
180Argumentxxx_xxxxpredictiveMedium
181ArgumentxxxxxxxxpredictiveMedium
182ArgumentxxxpredictiveLow
183ArgumentxxxxxpredictiveLow
184Argumentxxxxxxxxxxxxx xxpredictiveHigh
185ArgumentxxxxxxxxpredictiveMedium
186Argumentxxxxxxxx_xxxpredictiveMedium
187ArgumentxxxxxxxxxpredictiveMedium
188ArgumentxxxxxxxpredictiveLow
189ArgumentxxxxxxpredictiveLow
190ArgumentxxxxxxpredictiveLow
191ArgumentxxxxxxxxxxpredictiveMedium
192Argumentxxxxxx_xxpredictiveMedium
193Argumentxxxx_xxxpredictiveMedium
194ArgumentxxxxpredictiveLow
195ArgumentxxpredictiveLow
196ArgumentxxxpredictiveLow
197Argumentxx_xxpredictiveLow
198ArgumentxxxxxpredictiveLow
199ArgumentxxxxxxpredictiveLow
200ArgumentxxxxxxxxxpredictiveMedium
201ArgumentxxxxxxpredictiveLow
202Argumentxx_xxpredictiveLow
203ArgumentxxxxxxxxpredictiveMedium
204ArgumentxxxxxxxxpredictiveMedium
205ArgumentxxxxxxpredictiveLow
206Argumentxxxxxx[]predictiveMedium
207ArgumentxxxxxxxxxxxxxxxpredictiveHigh
208Argumentxxxx=xxxxxxxxpredictiveHigh
209Argumentxxxxxx_xxxpredictiveMedium
210ArgumentxxxpredictiveLow
211ArgumentxxxpredictiveLow
212ArgumentxxxxxxxxpredictiveMedium
213ArgumentxxxxxpredictiveLow
214Argumentxxx[xxxx_xx]predictiveMedium
215ArgumentxxxxxxpredictiveLow
216ArgumentxxxxxxxxxxxpredictiveMedium
217Argument_xxxxxxxpredictiveMedium
218Input Value'xx x=xpredictiveLow
219Input Value);<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh
220Input Value..%xxpredictiveLow
221Input Value../..predictiveLow
222Input Value/\xxxxxxx.xxxpredictiveHigh
223Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
224Input Valuexxxxxxx.xxx_xxx.xxxpredictiveHigh
225Input ValuexxxxxxpredictiveLow
226Input Value\xxx\xxx\xxx\xxx\xxxpredictiveHigh
227Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
228Network Portxxx/xxxxpredictiveMedium
229Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveHigh
230Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!