RapperBot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (113)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en78
de32
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us66
de32
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mirai4
Cobalt Strike4
RedLine Stealer4
Nanocore RAT4
Bashlite3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Web Browser12
Content Management System6
Operating System4
Multimedia Player Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Google8
Huawei6
Mozilla4
Apple2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome8
Huawei HarmonyOS6
Mozilla Firefox4
Apple QuickTime2
PHP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1e107 CMS secure_img_render.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.03019CVE-2004-2041
2ampleShop category.cfm sql injection7.37.3$0-$5kCalculatingNot DefinedUnavailable0.020.00621CVE-2006-2038
3Veritas Backup Exec Ressource memory allocation6.25.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.02580CVE-2006-1297
4Mozilla Firefox smb/sftp Protocol access control7.56.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.01656CVE-2007-5338
5PHPOutsourcing IdeaBox include.php code injection7.36.4$0-$5k$0-$5kUnprovenUnavailable0.020.17410CVE-2008-5199
6Mambo mod_mainmenu.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00000
7Alt-N MDaemon Attachment Virus path traversal5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00000
8myPHPCalendar admin.php file inclusion7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.040.02576CVE-2006-6812
9dotProject vw_files.php file inclusion7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
10Zentrack index.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00000
11Mozilla Firefox Javascript focus resource management5.95.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.96046CVE-2006-1993
12phpforum mainfile.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00513CVE-2003-0559
13Ibrow News Desk newsdesk.cgi path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.16516CVE-2001-0231
14CCBill whereami.cgi privileges management6.35.8$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
15Apple QuickTime FPX File memory corruption8.68.2$5k-$25kCalculatingNot DefinedOfficial Fix0.040.22700CVE-2013-0988
16Apple QuickTime MVHD Atom memory corruption8.68.2$5k-$25kCalculatingNot DefinedOfficial Fix0.000.08598CVE-2013-1022
17Zentrack index.php path traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.080.00000
18WEBInsta Mailing Manager initdb.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.01194CVE-2005-0748
19SourceCodester Food Ordering System PHP File ajax.php unrestricted upload7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00307CVE-2023-24646
20Linux Kernel capsule-loader.c use after free4.64.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-40307

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.58.149.116RapperBot10/10/2022verifiedHigh
231.44.185.235RapperBot10/10/2022verifiedHigh
3XXX.XXX.XXX.XXXXxxxxxxxx02/03/2023verifiedHigh
4XXX.XXX.XX.XXXXxxxxxxxx11/21/2022verifiedHigh
5XXX.XXX.XX.XXXXxxxxxxxx10/10/2022verifiedHigh
6XXX.XX.XX.XXXXxxxxxxxx10/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?r=email/api/mark&op=delFromSendpredictiveHigh
2File/fos/admin/ajax.phppredictiveHigh
3File/include/chart_generator.phppredictiveHigh
4File/index.phppredictiveMedium
5File/modules/projects/vw_files.phppredictiveHigh
6Fileadmin.phppredictiveMedium
7Fileaffich.phppredictiveMedium
8Filealbum_portal.phppredictiveHigh
9Filecategory.cfmpredictiveMedium
10Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
11Filexxx.xxxpredictiveLow
12Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictiveHigh
13Filexxxxx_xxxxxxxx.xxxxpredictiveHigh
14Filexxxxxx.xpredictiveMedium
15Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
16Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
17Filexxxxx_xxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxx.xxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
25Filexxx_xxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxx_xxxx.xxxpredictiveHigh
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
32Filexxxxx_xxxxx.xxxpredictiveHigh
33Filexxxx_xxx.xxxpredictiveMedium
34Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
37Libraryxxx/xxxxxxxxxxx.xxxpredictiveHigh
38Libraryxx/xxx.xxx.xxxpredictiveHigh
39Libraryxxx/xxx/xxxx/xxx/xxxx.xxxpredictiveHigh
40Argumentxxxxxxxx_xxxxpredictiveHigh
41ArgumentxxxxpredictiveLow
42Argumentxxx_xxxpredictiveLow
43ArgumentxxxpredictiveLow
44ArgumentxxxxxxxxxxpredictiveMedium
45Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
46ArgumentxxxxxxxxxxxxxpredictiveHigh
47Argumentxxx_x_xxxpredictiveMedium
48Argumentxxxx_xxxxpredictiveMedium
49Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxxx/xxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
54ArgumentxxxxxpredictiveLow
55Argumentxxxx_xxxxpredictiveMedium
56Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxpredictiveLow
59Argumentxxxxx_xxxx_xxxxpredictiveHigh
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxx_xxxxpredictiveLow
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxxpredictiveLow
64ArgumentxxxpredictiveLow
65Argumentxxxxxx_xxxpredictiveMedium
66Argumentxxxxxxx_xxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68Argumentxxxxxxxx/xxxxx xxxxxxx/xxxxxxxxpredictiveHigh
69ArgumentxxpredictiveLow
70Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!