Ekipa RAT تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (171)

التسلسل الزمني

اللغة

en92
de36
ja18
fr8
it6

البلد

us172

الفاعلين

Ekipa RAT4
Cobalt Strike3
RedLine Stealer3
Rhadamanthys2
Ave Maria2

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined70
Content Management System12
Operating System6
Photo Gallery Software6
Network Management Software6

المجهز

Not Defined50
Microsoft10
HP8
Fortinet4
Virtual Programming4

منتج

Microsoft Windows6
Virtual Programming VP-ASP4
Pearlinger Products4
DMXReady Blog Manager4
Coinsoft Technologies phpCOIN4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1BD Totalys MultiProcessor توثيق ضعيف8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
2Hassan Consulting Shopping Cart shop.cgi اجتياز الدليل5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.021490.00CVE-2000-0921
3Squitosoft Squito Gallery photolist.inc.php تلف الذاكرة7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.03CVE-2005-2258
4PhotoPost PhotoPost vBGallery File Upload upload.php تجاوز الصلاحيات6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.03CVE-2008-7088
5Midicart Software MidiCart PHP Shopping Cart search_list.php سكربتات مشتركة6.36.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.073380.03CVE-2005-1502
6HP Integrated Lights-Out الكشف عن المعلومات9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.022860.05CVE-2012-3271
7Dell EMC PowerScale OneFS master.passwd ثغرات غير معروفة4.14.1$5k-$25k$0-$5kNot DefinedNot Defined0.000440.00CVE-2022-22563
8Asternic Flash Operator Panel User Control Panel تجاوز الصلاحيات7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002140.04CVE-2018-5694
9Ilohamail سكربتات مشتركة4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.08
10Cybernetikz Easy Social Icons Authentication admin.php طلب تزوير مشترك6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005540.00CVE-2015-2084
11HD FLV PLayer Plugin functions.php hd_update_media حقن إس كيو إل7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001520.13CVE-2012-10011
12Franklin Fueling Systems Colibri Controller Module اجتياز الدليل8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.647720.07CVE-2021-46417
13Fortinet FortiADC سكربتات مشتركة6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000720.03CVE-2022-38374
14FacileForms facileforms.frame.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018450.00CVE-2008-2990
15htmltonuke htmltonuke.php تجاوز الصلاحيات7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.018490.06CVE-2006-0308
16SimpleBoard file_upload.php تجاوز الصلاحيات8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.128910.00CVE-2006-3528
17Skrypty Ppa Gallery functions.inc.php تلف الذاكرة7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.00CVE-2005-2199
18Mamboxchange Extended Registration registration_detailed.inc.php تجاوز الصلاحيات7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050540.04CVE-2006-5254
19EyouCMS Index.php wechat_return XML External Entity5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2021-42194
20Sennheiser HeadSetup Certificates SennComCCKey.pem Key توثيق ضعيف5.75.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.004570.05CVE-2018-17612

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
185.208.136.130Ekipa RAT27/02/2024verifiedعالي
2146.70.87.148Ekipa RAT27/02/2024verifiedعالي
3XXX.XX.XX.XXXXxxxx Xxx27/02/2024verifiedعالي
4XXX.XX.XX.XXXXxxxx Xxx27/02/2024verifiedعالي
5XXX.XXX.XXX.XXXXxxxx Xxx27/02/2024verifiedعالي
6XXX.XXX.XXX.XXXXxxxx Xxx27/02/2024verifiedعالي
7XXX.XX.XX.XXXXxxxx Xxx27/02/2024verifiedعالي

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictiveعالي
2T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (159)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/bl-plugins/backup/plugin.phppredictiveعالي
2File/cgi-bin/nightled.cgipredictiveعالي
3File/controller/Index.phppredictiveعالي
4File/etc/master.passwdpredictiveعالي
5File/etc/passwdpredictiveمتوسط
6File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveعالي
7File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveعالي
8File/secure/admin/RestoreDefaults.jspapredictiveعالي
9File/wmiwizard.jsppredictiveعالي
10Fileaccounts/inc/include.phppredictiveعالي
11Fileacrotxt.phppredictiveمتوسط
12Fileaddpost_newpoll.phppredictiveعالي
13Fileadmin.phppredictiveمتوسط
14Fileadmin.php/index/upload because app/common/service/UploadService.phppredictiveعالي
15Fileadmin/handlers.phppredictiveعالي
16FileadminBoards.phppredictiveعالي
17FileadminSmileys.phppredictiveعالي
18Fileakocomments.phppredictiveعالي
19Fileampie.swfpredictiveمتوسط
20Filexxxxxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveعالي
21Filexxxxxxxx.xxxxxxx.xxxpredictiveعالي
22Filexxxxxxxxx/xxxxx.xxxpredictiveعالي
23Filexx-xxxxxx/xxxx/xxxxxx-xxxx.xxxpredictiveعالي
24Filexx-xxxxxx/xxxxx/xxxxxxxxxxx/xxxx-xxxxxxxx.xxxpredictiveعالي
25Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictiveعالي
26Filexx-xxxxxx/xxxxxxxx.xxxxx.xxxpredictiveعالي
27Filexx_xxxxxxxxx_xxxx.xxxpredictiveعالي
28Filexx_xxxxxxxxxx_xxxx.xxxpredictiveعالي
29Filexxxxx.xxxpredictiveمتوسط
30Filexx_xxxx.xxxpredictiveمتوسط
31Filexxxx_xxxxxxx.xxxpredictiveعالي
32Filexxx-xxx/xxxxxxx.xxpredictiveعالي
33Filexxx-xxx/xxxxxxxx.xxxpredictiveعالي
34Filexxxx_xxxxxxxx/xx.xxxpredictiveعالي
35Filexxxxxxxx_xxxxxxx.xxxpredictiveعالي
36Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
37Filexxxxxxxxx.xxxpredictiveعالي
38Filexxxxxxxxxxx\xxxxx.xxxpredictiveعالي
39Filexxx.xxxpredictiveواطئ
40Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
41Filexxxxxx.xxxpredictiveمتوسط
42Filexxxxxxx.xxxpredictiveمتوسط
43Filexxxxxxxxxxxxxxx.xxxpredictiveعالي
44Filexxxxxxxx_xxx.xxxpredictiveعالي
45Filexxxxxxxx.xxpredictiveمتوسط
46Filexxxxxxxx.xxx.xxxpredictiveعالي
47Filexxxxxxxxxxx.xxxxx.xxxpredictiveعالي
48Filexxxxx_xxxxxx.xpredictiveعالي
49Filexxxx_xxxxxx.xxxpredictiveعالي
50Filexxxxxxxxx.xxxpredictiveعالي
51Filexxxxxxx.xxxpredictiveمتوسط
52Filexxxxxxxxxx.xxxpredictiveعالي
53Filexxxxx_xxxxxx.xxxpredictiveعالي
54Filexxxxxxxxx.xxxpredictiveعالي
55Filexxx/xxxxxxxxx.xxx.xxxpredictiveعالي
56Filexxx_xxxxxxxxxxxxxx.xxxpredictiveعالي
57Filexxxxx.xxxpredictiveمتوسط
58Filexxxx.xxx.xxxpredictiveمتوسط
59Filexxxxxxx.xxxxxxxxxx.xxxpredictiveعالي
60Filexxxxxxxxxx/xxxxx.xxpredictiveعالي
61Filexxxx_xxxx.xxxpredictiveعالي
62Filexxx_xxxxxxx.xxxpredictiveعالي
63Filexxxxx.xxxpredictiveمتوسط
64Filexxx_xxxx.xxxpredictiveمتوسط
65Filexxxx.xxxpredictiveمتوسط
66Filexxxxxxxxxxxxx.xxxxpredictiveعالي
67Filexxxxxxxxx.xxxpredictiveعالي
68Filexxx_xxxxx.xxxpredictiveعالي
69Filexxxxx.xxxxxxxxxx.xxxpredictiveعالي
70Filexxxxxxxxx.xxx.xxxpredictiveعالي
71Filexxxxxxxx.xxxpredictiveمتوسط
72Filexxxxxxxxxxxxxxxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveعالي
73Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveعالي
74Filexxxxxxx_xxxxxx_xxxxx.xxxpredictiveعالي
75Filexxxxxxx_xxxxxx_xxxxxx.xxxpredictiveعالي
76Filexxxxxx_xxxx.xxxpredictiveعالي
77Filexxxxxxxxxxxx.xxxpredictiveعالي
78Filexxxx$xx.xxxpredictiveمتوسط
79Filexxxx.xxxpredictiveمتوسط
80Filexxxx.xxxpredictiveمتوسط
81Filexxxxxxx.xxxpredictiveمتوسط
82Filexxxxxxxxxxxxxxxx.xxxpredictiveعالي
83Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
84Filexxxx_xxxxxxx.xxxxx.xxxpredictiveعالي
85Filexxxxx_xxxxx.xxxpredictiveعالي
86Filexxx-xxxxxxxxx.xxxpredictiveعالي
87Filexxxxxx.xxxpredictiveمتوسط
88Filexxxxxxxxx.xxxpredictiveعالي
89Filexx-xxxxx/xxxxx.xxxpredictiveعالي
90Filexxxxxx.xxxpredictiveمتوسط
91File_xxxxxxxxx.xxxpredictiveعالي
92File~/xxx/xxxxx.xxxpredictiveعالي
93Libraryxxxxxx[xxxxxx_xxxxpredictiveعالي
94Libraryxxxxxx.xxxxxxx('xxxxx_xxxx:/xxx/xxxxxx')predictiveعالي
95Argumentxxxxxxpredictiveواطئ
96Argumentxxxx_xxxxpredictiveمتوسط
97Argumentxxxxxxxxpredictiveمتوسط
98Argumentxxxxxpredictiveواطئ
99Argumentxxxxxxpredictiveواطئ
100Argumentxxxx_xxx_xxxxpredictiveعالي
101Argumentxxxpredictiveواطئ
102Argumentxxxpredictiveواطئ
103Argumentxxxxxxxxxxpredictiveمتوسط
104Argumentxxxxxxxxxxpredictiveمتوسط
105Argumentxxxx_xxpredictiveواطئ
106Argumentxxxxxxxpredictiveواطئ
107Argumentxxxxxxpredictiveواطئ
108Argumentxxxxxx[xxxxxx_xxxx]predictiveعالي
109Argumentxxxxxx[xxx_xxxx_xxxx]predictiveعالي
110Argumentxxx_x_xxxpredictiveمتوسط
111Argumentxxxx_xxxxpredictiveمتوسط
112Argumentxxxpredictiveواطئ
113Argumentxxx[xxx]predictiveمتوسط
114Argumentxx_xxxxxxxpredictiveمتوسط
115Argumentxxxxxxxpredictiveواطئ
116Argumentxxxxxxxpredictiveواطئ
117Argumentxxxxxxx_xxxxxxxpredictiveعالي
118Argumentxxxx_xxpredictiveواطئ
119Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveعالي
120Argumentxxpredictiveواطئ
121Argumentxxxxx_xxxxpredictiveمتوسط
122Argumentxxxxpredictiveواطئ
123Argumentxxxxxxpredictiveواطئ
124Argumentxxxxxxpredictiveواطئ
125Argumentxxxxxxxpredictiveواطئ
126Argumentxxx_xxxx_xxxxpredictiveعالي
127Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveعالي
128Argumentxxxxxxx_xxxxpredictiveمتوسط
129Argumentxxxxpredictiveواطئ
130Argumentxxxx_xxxxpredictiveمتوسط
131Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveعالي
132Argumentxxxxxx xxxxxxpredictiveعالي
133Argumentxxxxpredictiveواطئ
134Argumentxxxxxxxxxpredictiveمتوسط
135Argumentxxxx_xxxx/xxxxx_xxxxpredictiveعالي
136Argumentxxxxxxxxxx[x]predictiveعالي
137Argumentxxxxxxpredictiveواطئ
138Argumentxxxxxpredictiveواطئ
139Argumentxxxxxxxxxxxpredictiveمتوسط
140Argumentxxxpredictiveواطئ
141Argumentxxxxxxxxxxxxxxxxxxxpredictiveعالي
142Argumentxxxxxxxxxxxxpredictiveمتوسط
143Argumentxxxx$xx.xxxpredictiveمتوسط
144Argumentxxxxpredictiveواطئ
145Argumentxxxx_xxxxx_xxpredictiveعالي
146Argumentxxxx_xxxxpredictiveمتوسط
147Argumentxxxxx_xxxxpredictiveمتوسط
148Argumentxxxxxxpredictiveواطئ
149Argumentxxxxxxpredictiveواطئ
150Argumentxxxxxxxxxxpredictiveمتوسط
151Argumentxxxxxxxxpredictiveمتوسط
152Argumentxxxxpredictiveواطئ
153Argumentxxxxxxxxxxxxx.xxxxxxxxxxpredictiveعالي
154Argumentxxxxxxxxpredictiveمتوسط
155Argumentxxxx_xxpredictiveواطئ
156Argumentx-xxxxxxxxx-xxxpredictiveعالي
157Argument_xxxx[_xxx_xxxx_xxxxpredictiveعالي
158Argument_xxxx[_xxx_xxxx_xxxx]predictiveعالي
159Network Portxxx/xxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!