RevengeRAT Analysis

IOB - Indicator of Behavior (345)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en316
de8
es6
pl6
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us170
gb22
ru14
de2
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Apache HTTP Server8
FineCMS6
PHP6
MC Coming Soon Script4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.480.25090CVE-2017-0055
2All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00986CVE-2004-2175
3Easy Modal Plugin modals.php sql injection5.95.7$0-$5kCalculatingNot DefinedOfficial Fix0.000.00885CVE-2017-12947
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.970.00000CVE-2020-12440
5Red Hat Enterprise Linux Address Translation buffer access with incorrect length value6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2019-19339
6ffjpeg JPEG Image jfif.c jfif_decode heap-based overflow4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2020-23852
7Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.07767CVE-2018-1312
8OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.460.49183CVE-2016-6210
9Cisco IOS NTP Interface Queue input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.01136CVE-2016-1478
10PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.080.01213CVE-2004-0250
11PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2020-36326
12Microsoft Windows RPC over HTTP Reply denial of service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.20648CVE-2003-0807
13jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.110.63807CVE-2020-11023
14BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01213CVE-2020-8437
15MDaemon Webmail cross site scripting5.45.1$0-$5kCalculatingNot DefinedOfficial Fix0.050.00885CVE-2019-8983
16Iatek ASPapp links.asp sql injection7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.030.00986CVE-2008-1430
17Synology DiskStation Manager Change Password password recovery7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-8916
18Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.110.29797CVE-2014-4078
19SQLite Incomplete Fix CVE-2019-19880 select.c multiSelect null pointer dereference7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01537CVE-2019-19926
20SQLite CREATE Statement privileges management8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.01742CVE-2019-19603

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (173)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File//predictiveLow
3File/admin/edit_member.phppredictiveHigh
4File/admin/launch_time.phppredictiveHigh
5File/admin/settings.phppredictiveHigh
6File/apps/app_article/controller/editor.phppredictiveHigh
7File/editbrand.phppredictiveHigh
8File/etc/sudoerspredictiveMedium
9File/front/actions.phppredictiveHigh
10File/front/search.phppredictiveHigh
11File/gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.phppredictiveHigh
12File/gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.phppredictiveHigh
13File/qsr_server/device/rebootpredictiveHigh
14File/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072predictiveHigh
15File/timeline2.phppredictiveHigh
16File/tmppredictiveLow
17File/uncpath/predictiveMedium
18File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
19Fileadduser.phppredictiveMedium
20Fileadmin.phppredictiveMedium
21FileAdmin.phppredictiveMedium
22Filexxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxx/xxxxx.xxxxxxxxxxxxxxx_xxxx_xxxxx.xxxpredictiveHigh
24Filexxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxx_xxxxxx.xxxpredictiveHigh
26Filexxxxx.xpredictiveLow
27Filexxxx.xxxpredictiveMedium
28Filexxxxx.xpredictiveLow
29Filexxx.xxxpredictiveLow
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx\xxxxxxxxxx\xxxxx\xxxxxx.xxxpredictiveHigh
34Filexxxx_xxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxx_xxxxxxxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
36Filexx_xxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxx.xpredictiveLow
41Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
42Filexxxxxx/xxx/xxxx.xpredictiveHigh
43Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx/xxx_xxxxx.xpredictiveHigh
47Filexxxxxxxx/xxxxx.xxxpredictiveHigh
48Filexxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxx.xxxpredictiveMedium
51Filexxxxx_xxxxxxxxx_xxxxxx.xxxpredictiveHigh
52Filexxxxx_xxxxxx.xxxpredictiveHigh
53Filexxx/xxxxxxxx_xxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
54Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxx.xxxpredictiveMedium
58Filexxxx.xxxpredictiveMedium
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxx_xxxxxxx.xxxpredictiveHigh
61Filexx/xxxxxxx-xxxxxx-xxxx-xxxxxx-xxxxxxx/xxxxxx/xxx/xxxxx.xxxpredictiveHigh
62Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
63Filexxxxx/xxxxxxxx.xpredictiveHigh
64Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
65Filexxxxx.xxxpredictiveMedium
66Filexx.xxxpredictiveLow
67Filexxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxx/xxxxx/xxxx.xxxpredictiveHigh
69Filexxxxxxx_xxxx.xxxpredictiveHigh
70Filexxxxxxxxxxxx.xxxpredictiveHigh
71Filexxxxx/_xxxxx.xxpredictiveHigh
72Filexxx.xxpredictiveLow
73Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
74Filexxxxxx.xpredictiveMedium
75Filexxxxx.xxxpredictiveMedium
76Filexxxxxxxx.xxxpredictiveMedium
77Filexxxxxxx.xxxpredictiveMedium
78Filexxxxxxxx.xxxpredictiveMedium
79Filexxxxxxxx.xxxpredictiveMedium
80Filexxxxx.xxxpredictiveMedium
81Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
82Filexxxxxxx.xpredictiveMedium
83Filexxxxxx_xxxxxxx.xxxpredictiveHigh
84Filexxxxxx.xpredictiveMedium
85Filexxxx_xxxxxxxxx.xxxpredictiveHigh
86Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
87Filexxxx.xxxpredictiveMedium
88Filexxxxxxxxxxx.xxxpredictiveHigh
89Filexxxxxxxxxx.xxxpredictiveHigh
90Filexxxx_xxxx.xxxpredictiveHigh
91Filexxxxxx.xxxxx.xxxpredictiveHigh
92Filexxxx_xxxxx.xxxxpredictiveHigh
93Filexxxx/xxxx_xxxxxxx_xxx.xpredictiveHigh
94Filexxxxxx/xxxxx.xxxpredictiveHigh
95Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
96Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
97Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
98Filexxxxxx.xpredictiveMedium
99Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
100Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
101Filexx/xx/xxxxxpredictiveMedium
102Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHigh
103Filexxxxxxxxxxxx.xxxpredictiveHigh
104File\xxxxx\xxxxxxxxxx_xxxxxx.xxxpredictiveHigh
105Libraryxxxxxx.xxxpredictiveMedium
106Libraryxxxxx.xxxpredictiveMedium
107Libraryxxxx.xxxpredictiveMedium
108Libraryxxxxxxx.xxxpredictiveMedium
109Argument$_xxxpredictiveLow
110Argument$_xxxxpredictiveLow
111Argument$_xxxx['xx']predictiveMedium
112ArgumentxxxxxpredictiveLow
113Argumentxxxxx_xxxxpredictiveMedium
114ArgumentxxxpredictiveLow
115Argumentxxxxxxxxxx[]predictiveMedium
116ArgumentxxxxxpredictiveLow
117ArgumentxxxxxpredictiveLow
118Argumentxxx_xxpredictiveLow
119ArgumentxxxpredictiveLow
120ArgumentxxxpredictiveLow
121ArgumentxxxxxxxpredictiveLow
122Argumentxx_xxxxxxxxxxxxx_xxpredictiveHigh
123ArgumentxxxxpredictiveLow
124ArgumentxxxxxxxxxxpredictiveMedium
125ArgumentxxxxxxxpredictiveLow
126ArgumentxxxxxpredictiveLow
127Argumentxxxxxx_xxxxxxxxpredictiveHigh
128ArgumentxxxxxpredictiveLow
129ArgumentxxxxxpredictiveLow
130ArgumentxxxxpredictiveLow
131ArgumentxxxxxxpredictiveLow
132Argumentxxxx/xxpredictiveLow
133Argumentxxxxx_xxxxxxxx_xxxxx_xx/xxxxx_xxxxxxxx_xxpredictiveHigh
134ArgumentxxxxpredictiveLow
135ArgumentxxxxxxxxpredictiveMedium
136ArgumentxxpredictiveLow
137Argumentxx/xxx/xxxxxpredictiveMedium
138Argumentxxx_xxxxxxxxxxxpredictiveHigh
139ArgumentxxxxpredictiveLow
140ArgumentxxxxxxpredictiveLow
141Argumentxxxx_xxpredictiveLow
142Argumentxxxxx_xxxpredictiveMedium
143Argumentxxxx[]predictiveLow
144ArgumentxxxxxxpredictiveLow
145ArgumentxxxxxpredictiveLow
146ArgumentxxxpredictiveLow
147ArgumentxxxxxpredictiveLow
148Argumentxxxxx/xxpredictiveMedium
149ArgumentxxxxxxxxpredictiveMedium
150Argumentxxxxx_xxxx_xxxxpredictiveHigh
151Argumentxxxxxxx_xxpredictiveMedium
152ArgumentxxxxxxxxxxxpredictiveMedium
153Argumentxx_xxxxpredictiveLow
154ArgumentxxxxxxxxxpredictiveMedium
155ArgumentxxxxxxpredictiveLow
156Argumentx_xxpredictiveLow
157ArgumentxxxxpredictiveLow
158ArgumentxxxpredictiveLow
159ArgumentxxxpredictiveLow
160Argumentxxxx xxxxxx/xxxxxxxxxpredictiveHigh
161ArgumentxxxxxxxxpredictiveMedium
162ArgumentxxxxpredictiveLow
163Argumentxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
164Argumentxxxxx/xxxxxpredictiveMedium
165ArgumentxxxpredictiveLow
166ArgumentxxxxpredictiveLow
167ArgumentxxxxxxxxpredictiveMedium
168Argumentxxxxxxxx/xxxxpredictiveHigh
169Argumentx-xxxxxxxxx-xxxpredictiveHigh
170Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
171Input Valuexxxxxxx(xxxxxxxxxx)predictiveHigh
172Patternxxxxx-xxxxxxxxxxxxx|xx| xxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
173Network Portxxx/xxx (xxx)predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!