RATicate Analysis

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en34
de10
pl4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
Microsoft Office2
phpMyAdmin2
BitTorrent uTorrent2
K5n WebCalendar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00986CVE-2004-2175
2PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01213CVE-2004-0250
3OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.460.49183CVE-2016-6210
4BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01213CVE-2020-8437
5MDaemon Webmail cross site scripting5.45.1$0-$5kCalculatingNot DefinedOfficial Fix0.050.00885CVE-2019-8983
6Synology DiskStation Manager Change Password password recovery7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-8916
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.480.25090CVE-2017-0055
8Todd Miller sudo sudoedit sudoers access control7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.03821CVE-2015-5602
9Tim Kosse FileZilla format string7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.06309CVE-2007-2318
10BusyBox Terminal lineedit.c add_match code injection7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.23661CVE-2017-16544
11Microsoft Office Equation Editor memory corruption7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.65859CVE-2018-0798
12Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2020-8245
13Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00986CVE-2011-0519
14Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00986CVE-2009-0296
15K5n WebCalendar send_reminders.php code injection7.36.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.04482CVE-2008-2836
16Microsoft IIS code injection9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.050.53588CVE-2010-1256
17Python urllib.request.AbstractBasicAuthHandler incorrect regex6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.02686CVE-2020-8492
18nginx URI String access control6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.40746CVE-2013-4547
19Microsoft Windows Remote Desktop input validation7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.02217CVE-2019-1333
20Mozilla Firefox/Firefox ESR IFRAME PDF.js access control8.68.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.010.01319CVE-2013-5598

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
179.134.225.11RATicateverifiedHigh
2XX.XXX.XXX.XXXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/uncpath/predictiveMedium
3Filecat.phppredictiveLow
4Filexxxxxx.xxxpredictiveMedium
5Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxx/xxxxxxxx.xpredictiveHigh
8Filexxx.xxpredictiveLow
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
10Filexxxx_xxxxxxxxx.xxxpredictiveHigh
11Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
14ArgumentxxxpredictiveLow
15ArgumentxxxxxpredictiveLow
16Argumentxxx_xxpredictiveLow
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxpredictiveLow
19Argumentxxxx_xxpredictiveLow
20ArgumentxxxxxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!