Yellow Cockatoo RAT تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (92)

اللغة

en	90
es	2

البلد

us	86
cn	2
fr	2
gb	2

الفاعلين

Yellow Cockatoo RAT	3
Cobalt Strike	1
BumbleBee	1
Raccoon	1
solarmarker	1

الاهتمام

النوع

Not Defined	34
Multimedia Player Software	6
Content Management System	6
Router Operating System	4
Firewall Software	4

المجهز

Not Defined	24
Apple	6
Craig Patchett	4
Cisco	4
e107	2

منتج

Apple QuickTime	4
Craig Patchett Fileseek	4
Cisco ASA	4
phpMyAdmin	4
jQuery	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	EPSS	CTI	CVE
1	Lars Ellingsen Guestserver guestbook.cgi سكربتات مشتركة	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00169	0.03	CVE-2005-4222
2	TikiWiki tiki-register.php تجاوز الصلاحيات	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	8.01	CVE-2006-6168
3	Youxun AC Centralized Management Platform HTML File upfile.cgi HTML injection	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.04	CVE-2023-34855
4	Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track طلب تزوير مشترك	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.00	CVE-2022-47166
5	Traefik Request Header تجاوز الصلاحيات	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.05	CVE-2024-28869
6	Sun Cobalt Raq HTTP Request اجتياز الدليل	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00642	0.04	CVE-2002-0347
7	DUware DUclassmate default.asp حقن إس كيو إل	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00219	0.07	CVE-2005-2049
8	s0nic Paranews news.php سكربتات مشتركة	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00195	0.08	CVE-2008-4349
9	xz m4 File Remote Code Execution	9.9	9.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.13337	0.04	CVE-2024-3094
10	Apache Solr Privilege Escalation	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.87086	0.04	CVE-2023-50386
11	Juniper Junos XNM Command Processor الحرمان من الخدمة	7.5	6.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00728	0.00	CVE-2014-0613
12	Plesk Obsidian Login Page تجاوز الصلاحيات	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00175	0.03	CVE-2023-24044
13	RiteCMS Admin Panel اجتياز الدليل	4.6	4.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00336	0.03	CVE-2022-24248
14	Netgear ProSAFE Network Management System Java Debug Wire Protocol توثيق ضعيف	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00214	0.04	CVE-2023-49693
15	Joomla CMS LDAP Authentication توثيق ضعيف	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00999	0.03	CVE-2014-6632
16	FCKeditor Connector Module اجتياز الدليل	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.97236	0.04	CVE-2009-2265
17	Adobe Commerce File System تجاوز الصلاحيات	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00140	0.00	CVE-2023-22247
18	Konga Login API تشفير ضعيف	4.0	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00228	0.07	CVE-2023-2418
19	Cisco ASA Clientless SSL VPN Portal تلف الذاكرة	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00109	0.03	CVE-2022-20737
20	phpMyAdmin Configuration File setup.php تجاوز الصلاحيات	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.79939	0.00	CVE-2009-1151

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	ممثل	Identified	النوع	الثقة
1	67.43.234.48	Yellow Cockatoo RAT	18/12/2023	verified	عالي
2	XXX.XX.XXX.XX	Xxxxxx Xxxxxxxx Xxx	05/11/2022	verified	عالي
3	XXX.XXX.XXX.XX	Xxxxxx Xxxxxxxx Xxx	18/12/2023	verified	عالي

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الفئة	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	عالي
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	عالي
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	عالي
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	عالي
7	TXXXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	عالي
8	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
9	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	عالي
12	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	عالي
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/api/baskets/{name}	predictive	عالي
2	File	/debug/pprof	predictive	متوسط
3	File	/forum/away.php	predictive	عالي
4	File	/mhds/clinic/view_details.php	predictive	عالي
5	File	/preview.php	predictive	متوسط
6	File	/student/bookdetails.php	predictive	عالي
7	File	/upfile.cgi	predictive	متوسط
8	File	adclick.php	predictive	متوسط
9	File	xxxxxxxxx.xxx	predictive	عالي
10	File	xxxxxx.xxx	predictive	متوسط
11	File	xxxxx_xxxxxx.xxx	predictive	عالي
12	File	xxxxxxxx.xxx	predictive	متوسط
13	File	xx_xxxx_xx_xxxx_xxxx.xxx	predictive	عالي
14	File	xxxxxxx.xxx	predictive	متوسط
15	File	xxxxxxxx.xxx	predictive	متوسط
16	File	xxxxxxxx.xxx	predictive	متوسط
17	File	xxxxxx_xxx.xxx	predictive	عالي
18	File	xxxxxxxxxxxx_xxxx.xxx	predictive	عالي
19	File	xxxxxxxxxxxxxx.xxx	predictive	عالي
20	File	xxxx.xxx	predictive	متوسط
21	File	xxxxxxxxx.xxx	predictive	عالي
22	File	xxxxxxx.xxx	predictive	متوسط
23	File	xxxxx.xxx	predictive	متوسط
24	File	xxxxx.xxx/xxxxxxxxx_xxxx/xxx_xxxxxxx_xxxxxxxxxx/	predictive	عالي
25	File	xxxxxxxx.xxx	predictive	متوسط
26	File	xxxxxxx/xxx_xxxxxxxx.xxx	predictive	عالي
27	File	xxx_xxxxxxxx.xxx	predictive	عالي
28	File	xxxxxxxxx.xxx	predictive	عالي
29	File	xxxx.xxx	predictive	متوسط
30	File	xxxxxxxx.xxx	predictive	متوسط
31	File	xxxx.xxx	predictive	متوسط
32	File	xxxxx/xxxxxxx.xxx	predictive	عالي
33	File	xxxxxx_xxx_xxxxxx.xxx	predictive	عالي
34	File	xxxxx.xxx	predictive	متوسط
35	File	xxxx.xxx	predictive	متوسط
36	File	xxxx-xxxxxxxx.xxx	predictive	عالي
37	File	xx.xxx	predictive	واطئ
38	File	xxxxxx.xxx	predictive	متوسط
39	File	xx/xx_xxxxxx.xxx	predictive	عالي
40	File	xxxx_xxxx.xxx	predictive	عالي
41	Library	xxxxxxxxxx/xxxxxxxxx.x	predictive	عالي
42	Library	xx/xxx.xxx.xxx	predictive	عالي
43	Argument	$xxxxxxxx	predictive	متوسط
44	Argument	xxxx	predictive	واطئ
45	Argument	xxxx_xxx	predictive	متوسط
46	Argument	xxxxxxxxxx	predictive	متوسط
47	Argument	xxxxxxx-xxxxxx	predictive	عالي
48	Argument	xxxx	predictive	واطئ
49	Argument	xxxxx	predictive	واطئ
50	Argument	xxxxxxxx	predictive	متوسط
51	Argument	xxxx/xxxx	predictive	متوسط
52	Argument	xxxx	predictive	واطئ
53	Argument	xx	predictive	واطئ
54	Argument	xx	predictive	واطئ
55	Argument	xxxxxxxxxxxxxxxx	predictive	عالي
56	Argument	xxxx	predictive	واطئ
57	Argument	xxxxxxx	predictive	واطئ
58	Argument	xxxx_xxxx	predictive	متوسط
59	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	عالي
60	Argument	xxxx_xx	predictive	واطئ
61	Argument	xxxx	predictive	واطئ
62	Argument	xxx_xxx[]	predictive	متوسط
63	Argument	xxxxx_xxxx_xxxx	predictive	عالي
64	Argument	xx_xxxx	predictive	واطئ
65	Argument	xxxxxxx_xx	predictive	متوسط
66	Argument	xxxxxx	predictive	واطئ
67	Input Value	\xxx../../../../xxx/xxxxxx	predictive	عالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you know our Splunk app?

Download it now for free!