WinRAR Zero-day Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en64
it4
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us72

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

WinRAR Zero-day2
FIN71
Silence1
XMRIG1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Content Management System6
Log Management Software4
Operating System2
Mail Client Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Ubuntu2
WordPress2
GNU2
Thomas R. Pasawicz2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Ubuntu Linux2
WordPress AdServe2
Devilz Clanportal2
GNU Mailman2
phpPgAds2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.07CVE-2010-0966
2DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.50CVE-2007-1167
3Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.00CVE-2006-3347
4Plupload plupload.flash.swf cross site scripting6.15.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010190.03CVE-2016-4566
5PHP FormMail Generator form.lib.php unrestricted upload8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003340.00CVE-2016-9492
6OpenCart password.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2018-13067
7Zen Cart record_company.php improper authentication7.37.3$0-$5k$0-$5kHighNot Defined0.307050.00CVE-2009-2255
8AWStats awstats.pl Path information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001830.32CVE-2018-10245
9AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.27CVE-2020-35176
10University of Washington IMAP Toolkit rsh Command imap4r1.c imap_open os command injection6.26.1$0-$5k$0-$5kHighOfficial Fix0.968700.06CVE-2018-19518
11Ubuntu Linux overlayfs privileges management8.47.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
12OpenWRT radio0.network1 cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.05CVE-2019-17367
13GNU Mailman Alias path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030560.05CVE-2015-2775
14GetSimple CMS index.php Reflected cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002660.00CVE-2017-1000057
15phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.86CVE-2005-3791
16YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.05CVE-2004-2402
17Nagios XI Web Interface command injection8.88.6$0-$5k$0-$5kHighOfficial Fix0.411240.00CVE-2019-15949
18Craft CMS Upload File injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.003270.00CVE-2018-3814
19vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.11CVE-2007-6138
20WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.148.220.53WinRAR Zero-day03/27/2019verifiedHigh
247.91.56.21WinRAR Zero-day03/27/2019verifiedHigh
3XX.XX.XXX.XXXXxxxxx Xxxx-xxx03/27/2019verifiedHigh
4XXX.XXX.XXX.XXXxx-xxxxxxxxxx.xxxXxxxxx Xxxx-xxx03/27/2019verifiedHigh
5XXX.XX.XX.XXXxxxxxxxxxxxxxxxx.xxxXxxxxx Xxxx-xxx03/27/2019verifiedHigh
6XXX.XXX.XXX.XXxxxxxxxxxxxxxx.xxxxxXxxxxx Xxxx-xxx03/27/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/upload/catalog/controller/account/password.phppredictiveHigh
3Fileadclick.phppredictiveMedium
4Fileadmin/record_company.phppredictiveHigh
5Filexxxxxxx.xxpredictiveMedium
6Filex-xxxxxx/xxxxxxx.xpredictiveHigh
7Filexxx-xxx/xxxxxxx.xxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxxxx.xxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxx?xxx=xxxxxxxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxx/xxxxxx.xxxxxxxxpredictiveHigh
16Filexxxx.xxpredictiveLow
17Libraryxxxx.xxx.xxxpredictiveMedium
18Argument-xxxxxxxxxxxxxpredictiveHigh
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveLow
21ArgumentxxxxxxpredictiveLow
22ArgumentxxxxpredictiveLow
23Argumentxxxxxxxxx/xxxxxxpredictiveHigh
24ArgumentxxpredictiveLow
25ArgumentxxxxxxxxpredictiveMedium
26Argumentxxxxxx_xxxxxxx_xxxxxpredictiveHigh
27ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!