RATicate Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	36
de	8
es	4
pl	2
fr	2

Country

us	44
gb	4
fr	2
hu	2

Actors

Ave Maria	1
AsyncRAT	1
Revenge RAT	1
NjRAT	1
Remcos	1

Activities

Interest

Timeline

Type

Not Defined	8
Operating System	4
Web Server	4
Connectivity Software	2
Mail Server Software	2

Vendor

Not Defined	8
Microsoft	6
Tim Kosse	2
MDaemon	2
Itechscripts	2

Product

Tim Kosse FileZilla	2
MDaemon Webmail	2
Itechscripts iTechBids	2
Microsoft Windows	2
IBM Doors Web Access	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00501	0.00	CVE-2004-2175
2	PhotoPost PHP Pro showproduct.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00276	0.04	CVE-2004-0250
3	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.18	CVE-2016-6210
4	BitTorrent uTorrent Bencoding Parser input validation	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00867	0.04	CVE-2020-8437
5	MDaemon Webmail cross site scripting	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00072	0.02	CVE-2019-8983
6	Synology DiskStation Manager Change Password password recovery	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.03	CVE-2018-8916
7	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.15	CVE-2017-0055
8	Todd Miller sudo sudoedit sudoers access control	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00061	0.05	CVE-2015-5602
9	Tim Kosse FileZilla format string	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03339	0.04	CVE-2007-2318
10	BusyBox Terminal lineedit.c add_match code injection	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00522	0.07	CVE-2017-16544
11	Microsoft Office Equation Editor memory corruption	7.5	7.4	$5k-$25k	$0-$5k	High	Official Fix	0.91620	0.03	CVE-2018-0798
12	Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scripting	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00078	0.04	CVE-2020-8245
13	Gallarific PHP Photo Gallery script gallery.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00136	0.05	CVE-2011-0519
14	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
15	K5n WebCalendar send_reminders.php code injection	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05178	0.02	CVE-2008-2836
16	Microsoft IIS code injection	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.08875	0.04	CVE-2010-1256
17	Python urllib.request.AbstractBasicAuthHandler incorrect regex	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00837	0.07	CVE-2020-8492
18	nginx URI String access control	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.95433	0.04	CVE-2013-4547
19	Microsoft Windows Remote Desktop input validation	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04662	0.00	CVE-2019-1333
20	Mozilla Firefox/Firefox ESR IFRAME PDF.js access control	8.6	8.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01146	0.00	CVE-2013-5598

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	79.134.225.11		RATicate		05/31/2021	verified	High
2	XX.XXX.XXX.XX		Xxxxxxxx		05/31/2021	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/etc/sudoers	predictive	Medium
2	File	/uncpath/	predictive	Medium
3	File	cat.php	predictive	Low
4	File	xxxxxx.xxx	predictive	Medium
5	File	xxxxxxxxxxx/xxxxx.xxx	predictive	High
6	File	xxxxxxx.xxx	predictive	Medium
7	File	xxxxx/xxxxxxxx.x	predictive	High
8	File	xxx.xx	predictive	Low
9	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	High
10	File	xxxx_xxxxxxxxx.xxx	predictive	High
11	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	High
12	File	xxxxxxxxxxx.xxx	predictive	High
13	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	High
14	Argument	xxx	predictive	Low
15	Argument	xxxxx	predictive	Low
16	Argument	xxx_xx	predictive	Low
17	Argument	xxxxxxxx	predictive	Medium
18	Argument	xx	predictive	Low
19	Argument	xxxx_xx	predictive	Low
20	Argument	xxxxx	predictive	Low
21	Argument	xxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!