RATicate تحليل

IOB - Indicator of Behavior (52)

التسلسل الزمني

اللغة

en26
de14
fr6
pl4
es2

البلد

us46
fr4
gb2

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

SonicWALL AntiSpam 2
SonicWALL EMail Security Appliance2
PhotoPost PHP Pro2
phpMyAdmin2
nginx2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php حقن إس كيو إل7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00501CVE-2004-2175
2PhotoPost PHP Pro showproduct.php حقن إس كيو إل9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00276CVE-2004-0250
3OpenSSH Authentication Username الكشف عن المعلومات5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
4BitTorrent uTorrent Bencoding Parser تجاوز الصلاحيات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00867CVE-2020-8437
5MDaemon Webmail سكربتات مشتركة5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00070CVE-2019-8983
6Synology DiskStation Manager Change Password تجاوز الصلاحيات7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00068CVE-2018-8916
7Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
8Todd Miller sudo sudoedit sudoers تجاوز الصلاحيات7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00061CVE-2015-5602
9Tim Kosse FileZilla Format String7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.03339CVE-2007-2318
10BusyBox Terminal lineedit.c add_match تجاوز الصلاحيات7.57.4$5k-$25kجاري الحسابNot DefinedOfficial Fix0.030.00522CVE-2017-16544
11Microsoft Office Equation Editor تلف الذاكرة7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.91620CVE-2018-0798
12Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal سكربتات مشتركة3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00078CVE-2020-8245
13Gallarific PHP Photo Gallery script gallery.php حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00112CVE-2011-0519
14Gempar Script Toko Online shop_display_products.php حقن إس كيو إل7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00100CVE-2009-0296
15K5n WebCalendar send_reminders.php تجاوز الصلاحيات7.36.4$0-$5kجاري الحسابProof-of-ConceptOfficial Fix0.020.05603CVE-2008-2836
16Microsoft IIS تجاوز الصلاحيات9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.020.08875CVE-2010-1256
17Python urllib.request.AbstractBasicAuthHandler تجاوز الصلاحيات6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.340.00837CVE-2020-8492
18nginx URI String تجاوز الصلاحيات6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.95433CVE-2013-4547
19Microsoft Windows Remote Desktop تجاوز الصلاحيات7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.04662CVE-2019-1333
20Mozilla Firefox/Firefox ESR IFRAME PDF.js تجاوز الصلاحيات8.68.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01146CVE-2013-5598

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
179.134.225.11RATicate31/05/2021verifiedعالي
2XX.XXX.XXX.XXXxxxxxxx31/05/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/etc/sudoerspredictiveمتوسط
2File/uncpath/predictiveمتوسط
3Filecat.phppredictiveواطئ
4Filexxxxxx.xxxpredictiveمتوسط
5Filexxxxxxxxxxx/xxxxx.xxxpredictiveعالي
6Filexxxxxxx.xxxpredictiveمتوسط
7Filexxxxx/xxxxxxxx.xpredictiveعالي
8Filexxx.xxpredictiveواطئ
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveعالي
10Filexxxx_xxxxxxxxx.xxxpredictiveعالي
11Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveعالي
12Filexxxxxxxxxxx.xxxpredictiveعالي
13Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveعالي
14Argumentxxxpredictiveواطئ
15Argumentxxxxxpredictiveواطئ
16Argumentxxx_xxpredictiveواطئ
17Argumentxxxxxxxxpredictiveمتوسط
18Argumentxxpredictiveواطئ
19Argumentxxxx_xxpredictiveواطئ
20Argumentxxxxxpredictiveواطئ
21Argumentxxxxxxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!