RevengeRAT Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en174
de12
fr4
es4
pl3

Country

us147
gb14
ru8
fr6
cn3

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.69CVE-2017-0055
2All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2004-2175
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.39CVE-2020-12440
4Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-1312
5OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.17CVE-2016-6210
6Cisco IOS NTP Interface Queue input validation7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.08CVE-2016-1478
7PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2004-0250
8jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2020-11023
9BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-8437
10MDaemon Webmail cross site scripting5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-8983
11Synology DiskStation Manager Change Password password recovery7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-8916
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix1.01CVE-2014-4078
13Apache HTTP Server ap_get_basic_auth_pw improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-3167
14HPE Helion Eucalyptus IAM User Permission permission7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2016-8520
15node-ipc backdoor8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-23812
16ACF-Frontend-Display Plugin File Upload index.php unrestricted upload8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2015-9479
17PostgreSQL Client Application downgrade5.65.3$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2020-25694
18Matomo safemode.twig Path information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2019-12215
19Todd Miller sudo sudoedit sudoers access control7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2015-5602
20SQLiteManager sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.04CVE-2019-9083

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (90)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/+CSCOE+/logon.htmlHigh
2File//Low
3File/admin/launch_time.phpHigh
4File/admin/settings.phpHigh
5File/etc/sudoersMedium
6File/qsr_server/device/rebootHigh
7File/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072High
8File/tmpLow
9File/uncpath/Medium
10File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgiHigh
11Filealbum_portal.phpHigh
12Filexxx.xxxLow
13Filexxxxxxxxx.xxxHigh
14Filexxxxxx.xxxMedium
15Filexxxxxx.xxxMedium
16Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xHigh
17Filexxxxxxxxxxx/xxxxx.xxxHigh
18Filexxxxxxxxx.xxxHigh
19Filexxxxxxx.xxxMedium
20Filexxxxx_xxxxxx.xxxHigh
21Filexxxxxxxx/xxxxxx.xxxHigh
22Filexxxxx.xxxMedium
23Filexxxx.xxxMedium
24Filexxxx.xxxMedium
25Filexxxxxxxx.xxxMedium
26Filexxxx_xxxxxxx.xxxHigh
27Filexx/xxxxxxx-xxxxxx-xxxx-xxxxxx-xxxxxxx/xxxxxx/xxx/xxxxx.xxxHigh
28Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxHigh
29Filexxxxx/xxxxxxxx.xHigh
30Filexx.xxxLow
31Filexxxxxxxxxxx.xxxHigh
32Filexxxxxxxxxxxx.xxxHigh
33Filexxxxx/_xxxxx.xxHigh
34Filexxx.xxLow
35Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxHigh
36Filexxxxx.xxxMedium
37Filexxxxxxx.xxxMedium
38Filexxxxxxxx.xxxMedium
39Filexxxxxxxx.xxxMedium
40Filexxxxx.xxxMedium
41Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxHigh
42Filexxxxxx_xxxxxxx.xxxHigh
43Filexxxx_xxxxxxxxx.xxxHigh
44Filexxxx_xxxxxxx_xxxxxxxx.xxxHigh
45Filexxxx.xxxMedium
46Filexxxxxxxxxxx.xxxHigh
47Filexxxx_xxxx.xxxHigh
48Filexxxx/xxxx_xxxxxxx_xxx.xHigh
49Filexxxxxx/xxxxx.xxxHigh
50Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxHigh
51Filexxxx/xxxxxxxx/xxxxxxxx.xxxxHigh
52Filexx-xxxxx-xxxxxx.xxxHigh
53Filexx-xxxxxxxx/xxxxxxxxx.xxxHigh
54Filexxxx/xxxx_xxx_xxxxxx.xHigh
55Filexxxxxxxxxxxx.xxxHigh
56Libraryxxxxxx.xxxMedium
57Libraryxxxxx.xxxMedium
58Libraryxxxx.xxxMedium
59Libraryxxxxxxx.xxxMedium
60Argumentxxxxx_xxxxMedium
61ArgumentxxxLow
62Argumentxxxxxxxxxx[]Medium
63ArgumentxxxxxLow
64Argumentxxx_xxLow
65ArgumentxxxLow
66ArgumentxxxLow
67ArgumentxxxxxxxLow
68ArgumentxxxxLow
69ArgumentxxxxLow
70ArgumentxxxxxxxxMedium
71ArgumentxxLow
72Argumentxxx_xxxxxxxxxxxHigh
73ArgumentxxxxLow
74ArgumentxxxxxxLow
75Argumentxxxx_xxLow
76ArgumentxxxxxxLow
77ArgumentxxxxxLow
78ArgumentxxxxxxxxMedium
79Argumentxxxxx_xxxx_xxxxHigh
80Argumentxx_xxxxLow
81ArgumentxxxxxxLow
82Argumentx_xxLow
83ArgumentxxxxLow
84ArgumentxxxLow
85ArgumentxxxLow
86ArgumentxxxxxxxxMedium
87Argumentxxxxx/xxxxxMedium
88Argumentxxxxxxxx/xxxxHigh
89Patternxxxxx-xxxxxxxxxxxxx|xx| xxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHigh
90Network Portxxx/xxx (xxx)High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!