Rig Exploit Kit Analysis
IOB - Indicator of Behavior (521)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (1)
These are the campaigns that can be associated with the actor:
- Slots
IOC - Indicator of Compromise (77)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (25)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (246)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | .htaccess | predictive | Medium |
2 | File | /admin/login.php | predictive | High |
3 | File | /app/Http/Controllers/Admin/NEditorController.php | predictive | High |
4 | File | /apply.cgi | predictive | Medium |
5 | File | /cms/category/list | predictive | High |
6 | File | /forum/away.php | predictive | High |
7 | File | /mgmt/tm/util/bash | predictive | High |
8 | File | /mifs/c/i/reg/reg.html | predictive | High |
9 | File | /objects/getImageMP4.php | predictive | High |
10 | File | /payu/icpcheckout/ | predictive | High |
11 | File | /proc/kcore/ | predictive | Medium |
12 | File | /secure/ViewCollectors | predictive | High |
13 | File | /self.key | predictive | Medium |
14 | File | /Session | predictive | Medium |
15 | File | /uncpath/ | predictive | Medium |
16 | File | /usr/bin/pkexec | predictive | High |
17 | File | /xAdmin/html/cm_doclist_view_uc.jsp | predictive | High |
18 | File | adclick.php | predictive | Medium |
19 | File | add_comment.php | predictive | High |
20 | File | admin.jcomments.php | predictive | High |
21 | File | admin.php | predictive | Medium |
22 | File | admin/conf_users_edit.php | predictive | High |
23 | File | admin/content.php | predictive | High |
24 | File | admin/index.php | predictive | High |
25 | File | ajax_represent.php | predictive | High |
26 | File | AppCompatCache.exe | predictive | High |
27 | File | asn1fix_retrieve.c | predictive | High |
28 | File | bigsam_guestbook.php | predictive | High |
29 | File | xxxxx.xxx | predictive | Medium |
30 | File | xxxx/xxx/.../xxxxxx | predictive | High |
31 | File | xxxxxxxx.xxx | predictive | Medium |
32 | File | xxxxxx.x | predictive | Medium |
33 | File | xxx-xxx/xxxxxxx.xx | predictive | High |
34 | File | xxx.x | predictive | Low |
35 | File | xxxxxxxx.xxx | predictive | Medium |
36 | File | xxxxx.xxx | predictive | Medium |
37 | File | xxxxxxx_xxx.xxx | predictive | High |
38 | File | xxxxxx.xxx | predictive | Medium |
39 | File | xxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx | predictive | High |
40 | File | xxxxxxxx.xxx | predictive | Medium |
41 | File | x_xxxxxx | predictive | Medium |
42 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
43 | File | xxxxxxx_xxxxx.xxx | predictive | High |
44 | File | xxxxxx.xxx | predictive | Medium |
45 | File | xxxxxx.xxx | predictive | Medium |
46 | File | xx/xx_xxxxxxx.xxx | predictive | High |
47 | File | xxxxxxxx.xxx | predictive | Medium |
48 | File | xxxxxxx/xxxx/xxxxxx/xxxxxxx.x | predictive | High |
49 | File | xxxxx.xxx | predictive | Medium |
50 | File | xxxxxxx.xxx | predictive | Medium |
51 | File | xxxxxxxx.xxx | predictive | Medium |
52 | File | xxxx_xxxxxxxx.xxx | predictive | High |
53 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | High |
54 | File | xxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxx | predictive | High |
55 | File | xx/xxxx/xxxxxxx.x | predictive | High |
56 | File | xxx_xxxxxx.x | predictive | Medium |
57 | File | xxxxxxx.xxx | predictive | Medium |
58 | File | xxxxxxxxxxx.x | predictive | High |
59 | File | xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
60 | File | xxxxxxxxx.xxx | predictive | High |
61 | File | xxxxxxx.xxxxxx.xxx | predictive | High |
62 | File | xxx/xxxxxx.xxx | predictive | High |
63 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | High |
64 | File | xxxxx.xxx | predictive | Medium |
65 | File | xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx | predictive | High |
66 | File | xxxxx.xxx/xxxxxxx/xxxxx | predictive | High |
67 | File | xxxxx.xx | predictive | Medium |
68 | File | xxxxxxx.xxx | predictive | Medium |
69 | File | xxxxxxx/xxxxxxxxxxxxx.xxxx | predictive | High |
70 | File | xxxxxxxxx.xxx | predictive | High |
71 | File | xxxx.xxx | predictive | Medium |
72 | File | xxxx_xxxx.xxx | predictive | High |
73 | File | xxxxxx/xxx.x | predictive | Medium |
74 | File | xxxxxxxxx/xxxxxx.xxx.xxx | predictive | High |
75 | File | xxx.xxx | predictive | Low |
76 | File | xxxxx-xxxx-xxxx.xxx | predictive | High |
77 | File | xxxx/xxxx/xxx/xxxx/xxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
78 | File | xxxxxxxx.xxx | predictive | Medium |
79 | File | xxx_xxxxx_xxxx.x | predictive | High |
80 | File | xxxxxxxx.xxx | predictive | Medium |
81 | File | xxx/xxx_xxxxxx/xxx_xxxxxx_xxxx.x | predictive | High |
82 | File | xxx/xxxx/xxxx_xxxx.x | predictive | High |
83 | File | xxxx.xxxxxx.xx | predictive | High |
84 | File | xxxxx.xxx | predictive | Medium |
85 | File | xxxxxxxxx/xxxxxx-xxx-xx.x:x.x.x | predictive | High |
86 | File | xxxxxxxxx/xxxxxxxxxxxxxx:x.x.x | predictive | High |
87 | File | xxx/xxxxx.xxxx | predictive | High |
88 | File | xxxxxxx.xxx | predictive | Medium |
89 | File | xxxxxx_xxxxxxxxxx_xxxxx.xxx | predictive | High |
90 | File | xxxxx.xxx | predictive | Medium |
91 | File | xxxx.xxx | predictive | Medium |
92 | File | xxxxxxx_xxxxxxx_xxxx.xxx | predictive | High |
93 | File | xxxxxxx.xxx | predictive | Medium |
94 | File | xxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxx | predictive | High |
95 | File | xxx_xxxxxx.xxxx | predictive | High |
96 | File | xxxxxxxx.xxx | predictive | Medium |
97 | File | xxxxxxxxxx.xxx | predictive | High |
98 | File | xxxxxxxx.xxx | predictive | Medium |
99 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | High |
100 | File | xxxxxxx.xxx | predictive | Medium |
101 | File | xxxxxxx/xxxxxxxxxxxxx.xxxx | predictive | High |
102 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
103 | File | xxxxxx_xxxxxx.xxx | predictive | High |
104 | File | xxxxxx.xx | predictive | Medium |
105 | File | xxxxxx_xxxxxxx.xxx | predictive | High |
106 | File | xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx | predictive | High |
107 | File | xxxxxxxx_xxxx.xxx | predictive | High |
108 | File | xxxxx.xxx | predictive | Medium |
109 | File | xxx_xxxxx.xxx | predictive | High |
110 | File | xxxx.xxx | predictive | Medium |
111 | File | xxxx.xx | predictive | Low |
112 | File | xxxxxxxxxxxx.xxx | predictive | High |
113 | File | xxxxxxxx_xxxx.xxx | predictive | High |
114 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | High |
115 | File | xxxxxxx.xxx | predictive | Medium |
116 | File | xxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxx | predictive | High |
117 | File | xxxxx.xxx | predictive | Medium |
118 | File | xxxxx_xxxxx.xxx | predictive | High |
119 | File | xxxxxxx-xxxxxxx.xxx | predictive | High |
120 | File | xxxxxx_xxxxxxxxxxx.xxx | predictive | High |
121 | File | xxxxxx_xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx | predictive | High |
122 | File | xxxxxxxx.xxxxx.xxx | predictive | High |
123 | File | xxxx-xxxxxxxxx.xxx | predictive | High |
124 | File | xx/xx/xxxxxxxxx_xxxxxxxxxxx.xxx | predictive | High |
125 | File | xxxxx/xxxxxxxx.xxx | predictive | High |
126 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | High |
127 | File | xxxxx.x | predictive | Low |
128 | File | xxxx.xxx | predictive | Medium |
129 | File | xxxx/xxxxxxxxxxxx.xxx | predictive | High |
130 | File | xxx.xxxxxxxx.xxx | predictive | High |
131 | File | xxx-xxx/ | predictive | Medium |
132 | File | xxxxxxxx.xxx | predictive | Medium |
133 | File | xxxxxxx/xxx/xxxxxxx | predictive | High |
134 | File | xxxxxxxx.xxx | predictive | Medium |
135 | File | xx-xxxxx/xxxxx-xxxx.xxx | predictive | High |
136 | File | xx-xxxx.xxx | predictive | Medium |
137 | File | xx-xxxxxxxxx.xxx | predictive | High |
138 | File | xxxx.xx | predictive | Low |
139 | Library | xxxxxx[xxxxxx_xxxx | predictive | High |
140 | Library | xxxxxx.xxx | predictive | Medium |
141 | Library | xxxxxxxx.xxx | predictive | Medium |
142 | Library | xxxx-xxxxxxxxxx/xxx/xxxx/xxxxxxxxxx/xxxx_xxxxxxxxx.xx | predictive | High |
143 | Library | xxxxxxxx.xxx.xxx | predictive | High |
144 | Argument | $_xxxx['xxx_xxxx_xxxxxx'] | predictive | High |
145 | Argument | *xxxx | predictive | Low |
146 | Argument | xx | predictive | Low |
147 | Argument | xxxxxxxxxxxx | predictive | Medium |
148 | Argument | xxxxxx | predictive | Low |
149 | Argument | xxxxxxxx | predictive | Medium |
150 | Argument | xxxxxxxxx | predictive | Medium |
151 | Argument | xxxxxxxx | predictive | Medium |
152 | Argument | xxxx_xxx | predictive | Medium |
153 | Argument | xxxx_xxxxxxxx | predictive | High |
154 | Argument | xxxxx | predictive | Low |
155 | Argument | xxxxxx | predictive | Low |
156 | Argument | xxxxxxxx | predictive | Medium |
157 | Argument | xxx_xxx | predictive | Low |
158 | Argument | xxx | predictive | Low |
159 | Argument | xxx_xx | predictive | Low |
160 | Argument | xxx | predictive | Low |
161 | Argument | xxxxxx_xx | predictive | Medium |
162 | Argument | xxxx_xx | predictive | Low |
163 | Argument | xxxxxx | predictive | Low |
164 | Argument | xxxxxx[xxxxxx_xxxx] | predictive | High |
165 | Argument | xxxxxxx | predictive | Low |
166 | Argument | xxxxxxx | predictive | Low |
167 | Argument | xxxxxxxx_xx | predictive | Medium |
168 | Argument | xxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxx | predictive | High |
169 | Argument | xxxxxxxxxx | predictive | Medium |
170 | Argument | xxxxx | predictive | Low |
171 | Argument | xxxx | predictive | Low |
172 | Argument | xxx | predictive | Low |
173 | Argument | xxxxxxxxxx | predictive | Medium |
174 | Argument | xxxxxxxx | predictive | Medium |
175 | Argument | xxxxxxxxxxxxxxx | predictive | High |
176 | Argument | xxxxxxx | predictive | Low |
177 | Argument | xx_xxxxx_xx | predictive | Medium |
178 | Argument | xx_xxxx/xxxxx/xxx | predictive | High |
179 | Argument | xxxxx | predictive | Low |
180 | Argument | xxxxxxxxx->xxxxxxxxx | predictive | High |
181 | Argument | xxxx | predictive | Low |
182 | Argument | xxxxxxxx | predictive | Medium |
183 | Argument | xxxxxx_xxxxx_xxx | predictive | High |
184 | Argument | xxxx | predictive | Low |
185 | Argument | xxxx/xxxx | predictive | Medium |
186 | Argument | xxxxxx_xxxx_xxx | predictive | High |
187 | Argument | xxxx_xxxxx | predictive | Medium |
188 | Argument | xx | predictive | Low |
189 | Argument | xxxxxxx_xxxxxx | predictive | High |
190 | Argument | xxxxxx | predictive | Low |
191 | Argument | xxxx_xx | predictive | Low |
192 | Argument | xxxxx | predictive | Low |
193 | Argument | xxxxxxx | predictive | Low |
194 | Argument | xxxx | predictive | Low |
195 | Argument | xx | predictive | Low |
196 | Argument | xxxxxxx/xxxxxxxxx | predictive | High |
197 | Argument | xxxx | predictive | Low |
198 | Argument | xxxxxxxxxxxxxxxxxxx | predictive | High |
199 | Argument | xxxxxxxxx | predictive | Medium |
200 | Argument | xxxxxxxx_xx | predictive | Medium |
201 | Argument | xxxxxxx xxxxx | predictive | High |
202 | Argument | xxxxxxxxxxxxxxxx | predictive | High |
203 | Argument | xxxxxxxxxxxxxxxx | predictive | High |
204 | Argument | xxxxxxxx | predictive | Medium |
205 | Argument | xxxxxx | predictive | Low |
206 | Argument | xxxxxx | predictive | Low |
207 | Argument | xxxxxx | predictive | Low |
208 | Argument | xxxxxx/xxxxxx_xxxxxx | predictive | High |
209 | Argument | xxxxxx_xxx | predictive | Medium |
210 | Argument | xxxxxx | predictive | Low |
211 | Argument | xxxxxx[] | predictive | Medium |
212 | Argument | xxxxxx | predictive | Low |
213 | Argument | xxx | predictive | Low |
214 | Argument | xxxx | predictive | Low |
215 | Argument | xxxxxxxx | predictive | Medium |
216 | Argument | xxx:xxx | predictive | Low |
217 | Argument | xxxxxxx | predictive | Low |
218 | Argument | xx_xx | predictive | Low |
219 | Argument | xxxx | predictive | Low |
220 | Argument | xxx | predictive | Low |
221 | Argument | xxxxx | predictive | Low |
222 | Argument | xxxxxxxxxxx/xxxxxxxxxxx | predictive | High |
223 | Argument | xxxxx | predictive | Low |
224 | Argument | xxx | predictive | Low |
225 | Argument | xxx | predictive | Low |
226 | Argument | xxxxxx | predictive | Low |
227 | Argument | xxxxxxxx | predictive | Medium |
228 | Argument | xxxxxxxx:xxxxxxxx | predictive | High |
229 | Argument | xx | predictive | Low |
230 | Argument | xxxx->xxxxxxx | predictive | High |
231 | Argument | xxxxxx | predictive | Low |
232 | Argument | _xxxxxx[xxxxxxxx_xxxx] | predictive | High |
233 | Input Value | .. | predictive | Low |
234 | Input Value | ../ | predictive | Low |
235 | Input Value | /xxxxxx/..%xx | predictive | High |
236 | Input Value | xxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx] | predictive | High |
237 | Input Value | xxx[…] | predictive | Medium |
238 | Input Value | xxxxxxxxx:xxxxxxxx | predictive | High |
239 | Pattern | __xxxxxxxxx= | predictive | Medium |
240 | Network Port | xxxx | predictive | Low |
241 | Network Port | xxx | predictive | Low |
242 | Network Port | xxx/xx (xxxxxx) | predictive | High |
243 | Network Port | xxx/xxx | predictive | Low |
244 | Network Port | xxx/xxxx | predictive | Medium |
245 | Network Port | xxx/xxxx | predictive | Medium |
246 | Network Port | xxx xxxxxx xxxx | predictive | High |
References (11)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2016/01/rigging-compromise.html
- https://blog.talosintelligence.com/2019/07/malvertising-deepdive.html
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxx%xxxxxxxxx%xxxxx
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/x+xxxxxxxxxxx+xxxx+x+xxxxxxxxx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xx+xxxxxxxxx+xxxx+xxx+xxxxxxx+xxx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxxxxxxxxx+xxxxxxxxxx+xxxx+xxx+xx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxxxxxxxxxxxx+xxx+xx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxx+xxxxxxx+xxx+xxxxx+xxxxxx+xxxxxx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxxxxx+xxxxxxxx+xxxxx+xxx+xxxxxxx+xxx+xx+xxxx+xxxxxx+xxxxxx/xxxxx/
- xxxxx://xxx.xxxx.xxx/xxxxxx/xxxxx/xxxxxxxxx+xxxxxx+xx+xxxxxxx+xx+xxx+xxxxxxx+xxx/xxxxx/
- xxxxx://xxxxxxxx.xxxxxxxxxx.xxx/xxxx/xxx-xxx-xxxxxxx-xxx-xxxxxxxx-xxxxxxxx-xxxxx-xxxxx/