ObliqueRAT تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (546)

اللغة

en	520
es	16
it	4
pl	2
zh	2

البلد

us	514
ru	22
cn	10

الفاعلين

ObliqueRAT	2
Conti	2
Fodcha	2
RedLine Stealer	2
Wizard Spider	1

الاهتمام

النوع

Firewall Software	26
Not Defined	16
Content Management System	6
Web Browser	4
Groupware Software	2

المجهز

Not Defined	16
Squid	6
Mozilla	4
QNAP	4
Microsoft	2

منتج

Mozilla Firefox	4
QNAP Proxy Server	4
Drupal	4
https-proxy-agent	4
Squid Proxy	4

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	Apache HTTP Server mod_proxy_balancer.c balancer_handler سكربتات مشتركة	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07	0.21782	CVE-2012-4558
2	Google Android Proxy Auto-Config ic.cc UpdateLoadElement تلف الذاكرة	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00102	CVE-2019-2047
3	Telegram Desktop Proxy تجاوز الصلاحيات	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00219	CVE-2018-17613
4	https-proxy-agent JSON تلف الذاكرة	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00659	CVE-2018-3739
5	Apache HTTP Server mod_proxy_fcgi.c handle_headers تلف الذاكرة	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04	0.00953	CVE-2014-3583
6	Apple iOS Proxy Authentication تجاوز الصلاحيات	6.6	6.4	$100k أو أكثر	$5k-$25k	Not Defined	Official Fix	0.04	0.00182	CVE-2016-4642
7	YoungZSoft CCProxy Proxy Service تلف الذاكرة	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.11487	CVE-2004-2685
8	CNCF Envoy Proxy الحرمان من الخدمة	6.4	6.4	$0-$5k	جاري الحساب	Not Defined	Not Defined	0.00	0.00341	CVE-2020-8659
9	Blue Coat ProxySG SGOS الكشف عن المعلومات	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00139	CVE-2015-4334
10	Juniper WLC Proxy ARP/No Broadcast Feature تجاوز الصلاحيات	5.3	5.1	$5k-$25k	جاري الحساب	Not Defined	Official Fix	0.00	0.00712	CVE-2014-6381
11	Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored سكربتات مشتركة	5.7	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00115	CVE-2018-18370
12	Palo Alto PAN-OS DNS Proxy تجاوز الصلاحيات	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.06716	CVE-2017-8390
13	QNAP Proxy Server Setting توثيق ضعيف	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00069	CVE-2017-7639
14	Squid Web Proxy cachemgr.cgi تجاوز الصلاحيات	6.1	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00267	CVE-2019-18860
15	Bluecoat SGOS Management Console سكربتات مشتركة	4.3	4.1	$0-$5k	جاري الحساب	Not Defined	Official Fix	0.02	0.00265	CVE-2010-5192
16	Artica Proxy fw.progrss.details.php اجتياز الدليل	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.96791	CVE-2020-13158
17	Artica Proxy settings.inc تجاوز الصلاحيات	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00130	CVE-2019-7300
18	Sarg Squid Analysis Report Generator Proxy Server useragent.c useragent تلف الذاكرة	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.44560	CVE-2008-1167
19	Google Android Proxy Configuration hydrogen-alias-analysis.h HAliasAnalyzer.Query تجاوز الصلاحيات	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04	0.00102	CVE-2019-2097
20	Check point Firewall-1/VPN-1 IKE Aggressive Mode تشفير ضعيف	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00409	CVE-2002-1623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	حملات	Identified	النوع	الثقة
1	185.117.73.222		ObliqueRAT		31/03/2022	verified	عالي
2	XXX.XXX.XX.XXX		Xxxxxxxxxx		10/08/2022	verified	عالي

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CWE-22	Path Traversal	predictive	عالي
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	عالي
3	T1059	CWE-94	Argument Injection	predictive	عالي
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	عالي
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	عالي
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
10	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	عالي
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/assets/php/upload.php	predictive	عالي
2	File	admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list	predictive	عالي
3	File	cachemgr.cgi	predictive	متوسط
4	File	cgi-bin/cmh/webcam.sh	predictive	عالي
5	File	xxxxxx.x	predictive	متوسط
6	File	xx.xxxxxxx.xxxxxxx.xxx	predictive	عالي
7	File	xxxxxxxx-xxxxx-xxxxxxxx.x	predictive	عالي
8	File	xx.xx	predictive	واطئ
9	File	xxxxxx.xxx	predictive	متوسط
10	File	xxxxx.xxx	predictive	متوسط
11	File	xxxxxx.x	predictive	متوسط
12	File	xxxxx.xxx	predictive	متوسط
13	File	xxx_xxxxx_xxxxxxxx.x	predictive	عالي
14	File	xxx_xxxxx_xxxx.x	predictive	عالي
15	File	xxxxxxxx_xxxxxx.xxx	predictive	عالي
16	File	xxxxxxxxxx/xxxxxxxx.xxx	predictive	عالي
17	File	xxxxxxxxx.x	predictive	متوسط
18	File	xxxxx/xxxxx.xx	predictive	عالي
19	File	xxxxxxxxxxxxx.xxxx	predictive	عالي
20	Library	xxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxx	predictive	عالي
21	Argument	xxxx	predictive	واطئ
22	Argument	xxxxxxxxxxxxx	predictive	عالي
23	Argument	xxxxxxxxxxxx	predictive	متوسط
24	Argument	xxxxxxxx	predictive	متوسط
25	Argument	xx_xxxxxxxx	predictive	متوسط
26	Argument	xxxxxxxxx	predictive	متوسط
27	Argument	xxxx_xxxxx/xxxx_xxxxxxxx	predictive	عالي
28	Argument	xxxxxxx.xxx_xxxxxxxxxx	predictive	عالي
29	Argument	xxxxx	predictive	واطئ
30	Argument	xxx	predictive	واطئ
31	Argument	xxxxxxxx	predictive	متوسط
32	Argument	xxxx xxxx	predictive	متوسط
33	Input Value	%xx%xx%xx	predictive	متوسط

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!