Rock Phish Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en6
de6
pl4
it4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rock Phish1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Document Reader Software2
Multimedia Player Software2
Anti-Malware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined2
SourceCodester2
Adobe2
DZCP2
Apple2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tiki2
SourceCodester Kortex Lite Advocate Office Managem ...2
Adobe Acrobat Reader2
DZCP deV!L`z Clanportal2
Apple QuickTime2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
2Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.59
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.89CVE-2020-15906
4Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.04CVE-2022-28507
5SourceCodester Kortex Lite Advocate Office Management System register_case.php sql injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.18CVE-2024-3621
6Adobe Acrobat Reader use after free6.35.5$25k-$100k$0-$5kUnprovenOfficial Fix0.295030.02CVE-2014-9159
7Apple QuickTime memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.061130.02CVE-2011-3249
8zephyrproject-rtos RNDIS USB Device heap-based overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000810.03CVE-2021-3861
9Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification missing critical step in authentication9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003360.04CVE-2022-2302
10SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
11Magic Photo Storage Website register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
12Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.006770.02CVE-2006-2160
13Linux Kernel FXSAVE x87 Register cryptographic issues4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001010.05CVE-2006-1056
14WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.003220.00CVE-2007-5105

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
181.16.131.40Rock Phish06/19/2022verifiedHigh
2XXX.XX.XXX.XXXxxx Xxxxx06/19/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/control/register_case.phppredictiveHigh
2Filecloud.phppredictiveMedium
3Fileinc/config.phppredictiveHigh
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
6Filexxxx-xxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxx.xxxpredictiveHigh
8Filexx-xxxxxxxx.xxxpredictiveHigh
9ArgumentxxxxxxxxpredictiveMedium
10ArgumentxxxxxxxxxxpredictiveMedium
11ArgumentxxxxxxxxpredictiveMedium
12Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictiveHigh
13ArgumentxxxxxpredictiveLow
14Argumentxxxx_xxxxxpredictiveMedium
15Argument_xxxxxx[xxxx_xxxx]predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!