RapperBot Analysis

IOB - Indicator of Behavior (51)

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

de35
en14
ru2

Country

de35
us7
ru2

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.11157CVE-2022-21661
2AlienVault Open Source Security Information Management radar-iso27001-potential.php sql injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00986CVE-2013-5967
3Wedding Planner package_edit.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.01086CVE-2022-42229
4CMS Made Simple index.php Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2018-10082
5microweber access control6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.070.08382CVE-2022-1631
6PHPGurukul Dairy Farm Shop Management System index.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01564CVE-2020-5307
7MacCMS index.php command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.070.01382CVE-2017-17733
8Joomla CMS default.php access control6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2016-9837
9BloofoxCMS Edit Action index.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2021-44608
10DotNetNuke DnnImageHandler server-side request forgery7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.73020CVE-2017-0929
11PHP link_win32.c linkinfo information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01108CVE-2018-15132
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.620.29797CVE-2014-4078
13vTiger CRM Activity.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2016-10754
14WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01034CVE-2022-21664
15UniFi Controller credentials management7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.000.01018CVE-2019-5456
16Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.10855CVE-2021-27182
17PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00954CVE-2020-36326
18Huawei HarmonyOS NFC Module heap-based overflow5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2021-39996
19Apache log4j JNDI LDAP Server Lookup Log4Shell/LogJam deserialization8.68.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.95466CVE-2021-44228
20Huawei HarmonyOS API HwConnectivityExService denial of service5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2021-39998

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/include/chart_generator.phppredictiveHigh
2File/index.phppredictiveMedium
3Fileexport.cpredictiveMedium
4Fileext/standard/link_win32.cpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
7Filexxxxxxx_xxxx.xxxpredictiveHigh
8Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
11Libraryxxx/xxxxxxxxxxx.xxxpredictiveHigh
12Libraryxxx/xxx/xxxx/xxx/xxxx.xxxpredictiveHigh
13ArgumentxxxxxxxxxxxxxpredictiveHigh
14Argumentxxxx_xxxxpredictiveMedium
15Argumentxxxx/xxxxpredictiveMedium
16Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20Argumentxxxxxxx_xxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxxx/xxxxx xxxxxxx/xxxxxxxxpredictiveHigh
23ArgumentxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!