Rancor تحليل

IOB - Indicator of Behavior (906)

التسلسل الزمني

اللغة

it166
pl162
sv154
fr150
en132

البلد

us878
cn16
vn10
dk2

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Mozilla Firefox16
ownCloud16
IBM Algo One14
Linux Kernel12
Drupal12

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1TikiWiki tiki-register.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.790.01009CVE-2006-6168
2Boa Webserver GET wapopen اجتياز الدليل6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.73540CVE-2017-9833
3Anti-Web write.cgi اجتياز الدليل7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.020.00702CVE-2017-9097
4mpg123 MP3 File id3.c next_text تلف الذاكرة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00177CVE-2017-9545
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.630.00000
6Clash Configuration File cfw-setting.yaml تجاوز الصلاحيات8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.040.00261CVE-2023-24205
7Lenovo X Server FFDC Service Log تجاوز الصلاحيات5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00060CVE-2017-3744
8DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.690.00954CVE-2010-0966
9Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00441CVE-2016-9924
10e-Quick Cart shopprojectlogin.asp حقن إس كيو إل6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00000
11Tiki Admin Password tiki-login.php توثيق ضعيف8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix3.900.00878CVE-2020-15906
12Pligg cloud.php حقن إس كيو إل6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.430.00000
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.080.00120CVE-2018-6200
14phpPgAds adclick.php ثغرات غير معروفة5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.080.00317CVE-2005-3791
15Google Android SDK Platform Tools Signedness adb_client.c adb_connect تلف الذاكرة8.88.3$100k أو أكثر$0-$5kProof-of-ConceptOfficial Fix0.000.00000
16Netgear D6300B Credential Storage nvram تشفير ضعيف5.44.6$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000.00000
17OpenStack Keystone تجاوز الصلاحيات5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01166CVE-2013-2014
18Sensysnetworks TrafficDOT تجاوز الصلاحيات8.37.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00828CVE-2014-2378
19Cws sahab-alkher.com X.509 Certificate تشفير ضعيف6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2014-7052
20Appbasedtechnologies Belaire Family Orthodontics X.509 Certificate تشفير ضعيف6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00049CVE-2014-7405

حملات (1)

These are the campaigns that can be associated with the actor:

  • PLAINTEE/DDKONG

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Pathname Traversalpredictiveعالي
2T1055CWE-74Injectionpredictiveعالي
3T1059CWE-94Cross Site Scriptingpredictiveعالي
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
11TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictiveعالي
12TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxxpredictiveعالي
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (230)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/bin/login.phppredictiveعالي
2File/cgi-bin/wapopenpredictiveعالي
3File/cgi/cpaddons_feature.plpredictiveعالي
4File/data/nvrampredictiveمتوسط
5File/forum/away.phppredictiveعالي
6File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveعالي
7File/fs/cifs/file.cpredictiveعالي
8File/goform/loginpredictiveعالي
9File/horde/util/go.phppredictiveعالي
10File/mib.dbpredictiveواطئ
11File/modules/profile/index.phppredictiveعالي
12File/OA_HTML/cabo/jsps/a.jsppredictiveعالي
13File/out.phppredictiveمتوسط
14File/system/site.phppredictiveعالي
15Fileadb/adb_client.cpredictiveعالي
16Fileadclick.phppredictiveمتوسط
17Fileadd_comment.phppredictiveعالي
18Fileadelogs.adobe.compredictiveعالي
19Fileadmin.phppredictiveمتوسط
20Fileadmin/google_search_console/class-gsc-table.phppredictiveعالي
21Fileadministrator/components/com_media/helpers/media.phppredictiveعالي
22Fileandroid/webkit/SearchBoxImpl.javapredictiveعالي
23Fileapp-layer-ssh.cpredictiveعالي
24Filearch_init.cpredictiveمتوسط
25Fileauthenticate.cpredictiveعالي
26Fileawstats.plpredictiveمتوسط
27FileBKCLogSvr.exepredictiveعالي
28Filexx.xxxpredictiveواطئ
29Filexxxxxxpredictiveواطئ
30Filexxx_xxxxxxxxx.xxxpredictiveعالي
31Filexxxxxxxx.xxxpredictiveمتوسط
32Filexxxxxxxxxxxx.xxxpredictiveعالي
33Filexxx-xxxx.xxxpredictiveمتوسط
34Filexxx-xxxxxxx.xxxxpredictiveعالي
35Filexxx-xxx/xxxxx.xxxpredictiveعالي
36Filexxxxxxxxpredictiveمتوسط
37Filexxxxx.xxxpredictiveمتوسط
38Filexxxxxx/xxx.xpredictiveمتوسط
39Filexxxxxx/xxxxx/xxxxxxx.xpredictiveعالي
40Filexxxxxxxxxxxxx.xxxpredictiveعالي
41Filexxxxxxx.xxxpredictiveمتوسط
42Filexxxxxxx-xxxxx-xxxxxxxx.xxxpredictiveعالي
43Filexxxxxxx/xxxxxx/xxxxxxxxxxxxxxx_xxxx.xxpredictiveعالي
44Filexxxxxxxxx.xxxpredictiveعالي
45Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
46Filexxxx_xxxxxxx.xxxpredictiveعالي
47Filexxxxxx.xxxpredictiveمتوسط
48Filexxxxxx-xxxxx.xpredictiveعالي
49Filexxxx_xxxxx.xxxpredictiveعالي
50Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveعالي
51Filexxxxxxxxxxxxx/predictiveعالي
52Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveعالي
53Filexxxxxxxx_xxxxxxxx.xxxpredictiveعالي
54Filexx/xxx/xxxxx.xpredictiveعالي
55Filexxxxxxx.xxxpredictiveمتوسط
56Filexxxx_xxxx.xxxpredictiveعالي
57Filexxxxxxxxxxxxxxx.xxxpredictiveعالي
58Filexxxx.xxxpredictiveمتوسط
59Filexxxxxxxx.xxxpredictiveمتوسط
60Filexxxxx.xxpredictiveمتوسط
61Filexxxxxxxx-xxxx-xxxxxx-xx-xxxxxxx.xxxpredictiveعالي
62Filexxx/xxxxxx.xxxpredictiveعالي
63Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveعالي
64Filexxxxx.xxxpredictiveمتوسط
65Filexxxxxxx-xx.xpredictiveمتوسط
66Filexxx.xpredictiveواطئ
67Filexxxxxxxxxx/xxxx.xpredictiveعالي
68Filexxxxxxxxxx/xxxx.xpredictiveعالي
69Filexxxxxxxxxx/xxxx_xxpredictiveعالي
70Filexxxxxxxxxxx/xxxxx.xpredictiveعالي
71Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveعالي
72Filexxxxx.xxxpredictiveمتوسط
73Filexxxxx.xxxpredictiveمتوسط
74Filexxxx.xxxpredictiveمتوسط
75Filexxxxxxxxxx.xpredictiveمتوسط
76Filexxxxx/xxxxxxx/xxxxxx_xxxxx_xxxxxxx.xxpredictiveعالي
77Filexxxx_xxxxx.xxxxxxxx-xxx.xxxpredictiveعالي
78Filexxxxxxxx.xpredictiveمتوسط
79Filexxxx.xxxpredictiveمتوسط
80Filexxx-xxxxxxxx.xpredictiveعالي
81Filexxxxxxx.xxxpredictiveمتوسط
82Filexxxxxxx.xxxpredictiveمتوسط
83Filexxxxxxx/xxxxxxxxxxxx.xpredictiveعالي
84Filexxx_xxx_xxx/xxxxx.xpredictiveعالي
85Filexxxxxxxxx.xpredictiveمتوسط
86Filexxx/xxxx/xxx_xxxxxx.xpredictiveعالي
87Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveعالي
88Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveعالي
89Filexxxx/xxxxxxxxx.xxxpredictiveعالي
90Filexxxxxxxxxx_xxxx.xxxpredictiveعالي
91Filexx_xxxx.xxxpredictiveمتوسط
92Filexxx.xxxxpredictiveمتوسط
93Filexxxxxxx.xxxpredictiveمتوسط
94Filexxxxx.xxxpredictiveمتوسط
95Filexxxxxxxx.xxxpredictiveمتوسط
96Filexxxxxxxxxx.xxxpredictiveعالي
97Filexxxxxxxxx/xxx/xxxxxxxxxxxxx.xxxpredictiveعالي
98Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveعالي
99Filexxxxxx.xxxpredictiveمتوسط
100Filexxxxxxxxxx.xxxpredictiveعالي
101Filexxxxxxxx.xxxpredictiveمتوسط
102Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveعالي
103Filexxxxxxxxxxxxxxxx.xxxpredictiveعالي
104Filexxxxx_xxxxxx_xxxxxxx.xxxpredictiveعالي
105Filexxxxxxxxx.xpredictiveمتوسط
106Filexxxxx/xxxx/xxxxx.xpredictiveعالي
107Filexxxxxxxxx.xxxpredictiveعالي
108Filexx_xxxxxxx.xxxpredictiveعالي
109Filexxxxxxxxxxx.xxxpredictiveعالي
110Filexxxxxxxx.xxxpredictiveمتوسط
111Filexxxx-xxxxx.xxxpredictiveعالي
112Filexxxx-xxxxxxxx.xxxpredictiveعالي
113Filexxx.xxxpredictiveواطئ
114Filexxxxxxxxxxx_xxxxx.xxxpredictiveعالي
115Filexxxx/xxxx_xxxx.xpredictiveعالي
116Filexxxxxxxxx_xxxx.xpredictiveعالي
117Filexxxxxxx.xpredictiveمتوسط
118Filexxxxxxx.xxxpredictiveمتوسط
119Filexxx.xxxpredictiveواطئ
120Filexx-xxxxx/xx/xxxx-xxx.xxpredictiveعالي
121Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxpredictiveعالي
122Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
123Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveعالي
124Filexx-xxxxxxxxxxx.xxxpredictiveعالي
125Filexx-xxxxxxxxx.xxxpredictiveعالي
126Libraryxxxxxxx\xxx\xxxxxxxx-xxx-x.xxxpredictiveعالي
127Libraryxxx/xxxxxx_xxxx.xx)predictiveعالي
128Libraryxxx/xxxxxx/xxxxxx_.xpredictiveعالي
129Libraryxxx/xxxxxx/xxxxxxxx/xxx.xxxpredictiveعالي
130Libraryxxx/xxx.xxpredictiveمتوسط
131Libraryxxx/xxxxxxxx/xxxx.xxpredictiveعالي
132Libraryxxxxxxpredictiveواطئ
133Libraryxxxxxxx/xxxxx/xxx/xxxxxx.xpredictiveعالي
134Libraryxxx/xxxxxxxxx/xxx.xpredictiveعالي
135Argument$_xxxxxxx['xxxx']predictiveعالي
136Argument-xpredictiveواطئ
137Argument/../predictiveواطئ
138Argumentxxxxxxxxxxpredictiveمتوسط
139Argumentxxxxxxxxxxxpredictiveمتوسط
140Argumentxxxxxxxxpredictiveمتوسط
141Argumentxxxpredictiveواطئ
142Argumentxxxxxxxxxxpredictiveمتوسط
143Argumentxxxpredictiveواطئ
144Argumentxxxxxxxpredictiveواطئ
145Argumentxxxxxxpredictiveواطئ
146Argumentxxxxpredictiveواطئ
147Argumentxxxpredictiveواطئ
148Argumentxxxxxxxxpredictiveمتوسط
149Argumentxxxxpredictiveواطئ
150Argumentxxxxxxxxxxxxxpredictiveعالي
151Argumentxxxpredictiveواطئ
152Argumentxxxxxxxpredictiveواطئ
153Argumentxxxxxpredictiveواطئ
154Argumentxxxxxxxxxxpredictiveمتوسط
155Argumentxxxxxxxxpredictiveمتوسط
156Argumentxxxxxpredictiveواطئ
157Argumentxxxxxxxpredictiveواطئ
158Argumentxxxxxxxxxpredictiveمتوسط
159Argumentxxxxxxxxpredictiveمتوسط
160Argumentxxxxxxxxxxxxpredictiveمتوسط
161Argumentxxpredictiveواطئ
162Argumentxxxxx_xxxx_xxxxxxpredictiveعالي
163Argumentxxxxpredictiveواطئ
164Argumentxxxxpredictiveواطئ
165Argumentxxxxxxpredictiveواطئ
166Argumentxxxxxxpredictiveواطئ
167Argumentxxxx/xxx_xxxxxx/xxxxpredictiveعالي
168Argumentxxxxxxxxxxpredictiveمتوسط
169Argumentxxxpredictiveواطئ
170Argumentxxxxxpredictiveواطئ
171Argumentxxxx_xxxxxpredictiveمتوسط
172Argumentxxx_xxxxxxpredictiveمتوسط
173Argumentxxxxpredictiveواطئ
174Argumentxxxxxxxxpredictiveمتوسط
175Argumentxxx-xxx xxxx xxxxxxxxpredictiveعالي
176Argumentxxxxxxxxxpredictiveمتوسط
177Argumentxxxxxxxxpredictiveمتوسط
178Argumentxxxxxxxxxxxpredictiveمتوسط
179Argumentxxxxxxxxxpredictiveمتوسط
180Argumentxxx_xxxxpredictiveمتوسط
181Argumentxxxxxxxxpredictiveمتوسط
182Argumentxxxpredictiveواطئ
183Argumentxxxxxpredictiveواطئ
184Argumentxxxxxxxxxxxxx xxpredictiveعالي
185Argumentxxxxxxxxpredictiveمتوسط
186Argumentxxxxxxxx_xxxpredictiveمتوسط
187Argumentxxxxxxxxxpredictiveمتوسط
188Argumentxxxxxxxpredictiveواطئ
189Argumentxxxxxxpredictiveواطئ
190Argumentxxxxxxpredictiveواطئ
191Argumentxxxxxxxxxxpredictiveمتوسط
192Argumentxxxxxx_xxpredictiveمتوسط
193Argumentxxxx_xxxpredictiveمتوسط
194Argumentxxxxpredictiveواطئ
195Argumentxxpredictiveواطئ
196Argumentxxxpredictiveواطئ
197Argumentxx_xxpredictiveواطئ
198Argumentxxxxxpredictiveواطئ
199Argumentxxxxxxpredictiveواطئ
200Argumentxxxxxxxxxpredictiveمتوسط
201Argumentxxxxxxpredictiveواطئ
202Argumentxx_xxpredictiveواطئ
203Argumentxxxxxxxxpredictiveمتوسط
204Argumentxxxxxxxxpredictiveمتوسط
205Argumentxxxxxxpredictiveواطئ
206Argumentxxxxxx[]predictiveمتوسط
207Argumentxxxxxxxxxxxxxxxpredictiveعالي
208Argumentxxxx=xxxxxxxxpredictiveعالي
209Argumentxxxxxx_xxxpredictiveمتوسط
210Argumentxxxpredictiveواطئ
211Argumentxxxpredictiveواطئ
212Argumentxxxxxxxxpredictiveمتوسط
213Argumentxxxxxpredictiveواطئ
214Argumentxxx[xxxx_xx]predictiveمتوسط
215Argumentxxxxxxpredictiveواطئ
216Argumentxxxxxxxxxxxpredictiveمتوسط
217Argument_xxxxxxxpredictiveمتوسط
218Input Value'xx x=xpredictiveواطئ
219Input Value);<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveعالي
220Input Value..%xxpredictiveواطئ
221Input Value../..predictiveواطئ
222Input Value/\xxxxxxx.xxxpredictiveعالي
223Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveعالي
224Input Valuexxxxxxx.xxx_xxx.xxxpredictiveعالي
225Input Valuexxxxxxpredictiveواطئ
226Input Value\xxx\xxx\xxx\xxx\xxxpredictiveعالي
227Network Portxxxxxxxxxxxxxx xxxxxxpredictiveعالي
228Network Portxxx/xxxxpredictiveمتوسط
229Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveعالي
230Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!