RATLoader Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (154)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en118
fr22
de6
es4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA132
DE: Germany6
CH: Switzerland2
PL: Poland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AsyncRAT1
Quasar RAT1
RATLoader1
NjRAT1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Operating System8
Programming Language Software6
Content Management System6
Document Reader Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Microsoft10
Adobe4
Itechscripts4
Apple4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Accellion FTA2
Adobe ColdFusion2
D-Link IP Cameras2
Tamlyncreative Com Bfsurvey Profree2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001490.00CVE-2009-0296
2FiberHome HG2201T telnet.cgi input validation8.08.0$0-$5k$0-$5kNot definedNot defined 0.003010.00CVE-2019-17186
3Google Chrome Utility Process race condition9.89.4$25k-$100k$0-$5kNot definedOfficial fix 0.039490.08CVE-2011-3961
4DataLynx suGuard privileges management5.95.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.001280.00CVE-1999-0388
5Ecommerce Online Store Kit shop.php sql injection9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.028070.02CVE-2004-0300
6Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround 0.041940.00CVE-2001-0821
7Linksys WVC11B main.cgi cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.005300.03CVE-2004-2508
8Asternic Flash Operator Panel User Control Panel command injection7.57.5$0-$5k$0-$5kNot definedNot defined 0.013960.00CVE-2018-5694
9Contenido Contendio allow_url_fopen file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.005660.09CVE-2005-4132
10MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.02
11Microsoft Windows Remote Desktop/Terminal Services Web Connection improper authentication6.36.2$25k-$100k$0-$5kNot definedWorkaround 0.000000.05
12Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.000000.08
13Microsoft IIS Error Message cross site scripting6.36.0$5k-$25k$0-$5kNot definedOfficial fix 0.128300.00CVE-2000-1104
14Microsoft IIS Error Message cross site scripting4.24.0$25k-$100k$0-$5kNot definedOfficial fix 0.083420.00CVE-2003-0223
15Adobe ColdFusion cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.048530.00CVE-2007-0817
16SourceCodester Garage Management System createUser.php access control6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000740.09CVE-2022-2578
17D-Link IP Cameras rtpd.cgi insecure inherited permissions9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.922590.06CVE-2013-1599
18Microsoft IIS viewcode.asp privileges management5.35.1$25k-$100k$0-$5kHighOfficial fixpossible0.528910.02CVE-1999-0737
19UnrealIRCd input validation7.37.3$0-$5k$0-$5kHighNot definedpossible0.721590.03CVE-2010-2075
20Stoverud PHPhotoalbum File Upload upload.php unrestricted upload7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.025580.05CVE-2009-4819

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.81.157.59RATLoader04/06/2023verifiedMedium
2XXX.XX.XXX.XXXXxxxxxxxx04/06/2023verifiedMedium
3XXX.XX.XXX.XXXXxxxxxxxx04/06/2023verifiedMedium
4XXX.XX.XXX.XXXXxxxxxxxx04/06/2023verifiedMedium
5XXX.XX.XXX.XXXXxxxxxxxx06/28/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/admin/categories.php?cPath=&action=new_productpredictiveHigh
2File/inc/HTTPClient.phppredictiveHigh
3File/php_action/createUser.phppredictiveHigh
4File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveHigh
5Fileadmin.phppredictiveMedium
6Fileadmin/admin.shtmlpredictiveHigh
7FileAdmin/ADM_Pagina.phppredictiveHigh
8Fileadmin/editcatalogue.phppredictiveHigh
9Fileadmin/menus/edit.phppredictiveHigh
10Fileapage.cgipredictiveMedium
11Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictiveHigh
12Filexxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxxxxx_xxxx.xxxpredictiveHigh
15Filexxx_xxxx.xpredictiveMedium
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx-xxxxxpredictiveMedium
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
21Filexxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxxpredictiveHigh
22Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxx_xxxxxxxx.xxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxxxxx.xxxpredictiveHigh
27Filexxxx_xxxx.xxxpredictiveHigh
28Filexxxxx_xx.xxxxpredictiveHigh
29Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxx_xxxx.xxx.xxxpredictiveHigh
34Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
35Filexxxxxxxxxx.xxxpredictiveHigh
36Filexxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxxpredictiveHigh
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
43Filexxxxx_xxxxx.xxxpredictiveHigh
44Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
45Filexxxxxx.xxxpredictiveMedium
46Filexxxx_xxxxx.xxxpredictiveHigh
47Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxx.xxxpredictiveMedium
51Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
52Libraryxxxxxx.xxxpredictiveMedium
53Libraryxxx/xx_xxx.xpredictiveMedium
54Argument(xxxxxx)predictiveMedium
55Argumentxxx_xxpredictiveLow
56Argumentxx_xxxx_xxxxpredictiveMedium
57ArgumentxxxpredictiveLow
58ArgumentxxxxxpredictiveLow
59Argumentxxx_xxpredictiveLow
60ArgumentxxxpredictiveLow
61Argumentxxxx_xxpredictiveLow
62ArgumentxxxxxxxpredictiveLow
63Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
64Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
65Argumentxxxxxx_xxxxpredictiveMedium
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxpredictiveLow
68ArgumentxxpredictiveLow
69Argumentxxxx_xxpredictiveLow
70Argumentxxxxx_xxxxpredictiveMedium
71ArgumentxxxxxxpredictiveLow
72Argumentxxxx_xxxxpredictiveMedium
73Argumentxxx[xxxx][xx_xxxx_xxxx]predictiveHigh
74Argumentxxxx_xxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxxxx_xxxxpredictiveMedium
77ArgumentxxxxxxxxpredictiveMedium
78Argumentxxxxxx_xxxx[]predictiveHigh
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxpredictiveLow
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxxpredictiveMedium
83Argumentx-xxxx-xxxxxpredictiveMedium
84Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
85Input Value//xxx.xxxxxxx.xxxpredictiveHigh
86Pattern|xx xx xx|predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!