ObliqueRAT Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (546)

Sprache

en	522
es	10
it	6
fr	4
ru	2

Land

us	504
ru	30
cn	12

Akteure

ObliqueRAT	2
Conti	2
Fodcha	2
RedLine Stealer	2
Wizard Spider	1

Interesse

Typ

Firewall Software	18
Not Defined	14
Content Management System	8
Web Browser	4
Smartphone Operating System	4

Hersteller

Not Defined	24
Blue Coat	4
Mozilla	4
Artica	4
WMSL	2

Produkt

Blue Coat ProxySG	4
https-proxy-agent	4
Mozilla Firefox	4
Drupal	4
Artica Proxy	4

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Apache HTTP Server mod_proxy_balancer.c balancer_handler Cross Site Scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.21782	CVE-2012-4558
2	Google Android Proxy Auto-Config ic.cc UpdateLoadElement Pufferüberlauf	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00102	CVE-2019-2047
3	Telegram Desktop Proxy erweiterte Rechte	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00219	CVE-2018-17613
4	https-proxy-agent JSON Pufferüberlauf	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00659	CVE-2018-3739
5	Apache HTTP Server mod_proxy_fcgi.c handle_headers Pufferüberlauf	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04	0.00953	CVE-2014-3583
6	Apple iOS Proxy Authentication erweiterte Rechte	6.6	6.4	$100k und mehr	$5k-$25k	Not Defined	Official Fix	0.04	0.00182	CVE-2016-4642
7	YoungZSoft CCProxy Proxy Service Pufferüberlauf	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.11487	CVE-2004-2685
8	CNCF Envoy Proxy Denial of Service	6.4	6.4	$0-$5k	Wird berechnet	Not Defined	Not Defined	0.00	0.00341	CVE-2020-8659
9	Blue Coat ProxySG SGOS Information Disclosure	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00139	CVE-2015-4334
10	Juniper WLC Proxy ARP/No Broadcast Feature erweiterte Rechte	5.3	5.1	$5k-$25k	Wird berechnet	Not Defined	Official Fix	0.00	0.00712	CVE-2014-6381
11	Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored Cross Site Scripting	5.7	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00115	CVE-2018-18370
12	Palo Alto PAN-OS DNS Proxy erweiterte Rechte	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.06716	CVE-2017-8390
13	QNAP Proxy Server Setting schwache Authentisierung	6.3	6.2	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.02	0.00069	CVE-2017-7639
14	Squid Web Proxy cachemgr.cgi erweiterte Rechte	6.1	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00267	CVE-2019-18860
15	Bluecoat SGOS Management Console Cross Site Scripting	4.3	4.1	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.02	0.00265	CVE-2010-5192
16	Artica Proxy fw.progrss.details.php Directory Traversal	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.96791	CVE-2020-13158
17	Artica Proxy settings.inc erweiterte Rechte	4.9	4.9	$0-$5k	Wird berechnet	Not Defined	Not Defined	0.00	0.00130	CVE-2019-7300
18	Sarg Squid Analysis Report Generator Proxy Server useragent.c useragent Pufferüberlauf	10.0	9.0	$0-$5k	Wird berechnet	Proof-of-Concept	Official Fix	0.00	0.44560	CVE-2008-1167
19	Google Android Proxy Configuration hydrogen-alias-analysis.h HAliasAnalyzer.Query erweiterte Rechte	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04	0.00102	CVE-2019-2097
20	Check point Firewall-1/VPN-1 IKE Aggressive Mode schwache Verschlüsselung	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00409	CVE-2002-1623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	185.117.73.222		ObliqueRAT		31.03.2022	verifiziert	High
2	XXX.XXX.XX.XXX		Xxxxxxxxxx		10.08.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/assets/php/upload.php	prädiktiv	High
2	File	admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list	prädiktiv	High
3	File	cachemgr.cgi	prädiktiv	Medium
4	File	cgi-bin/cmh/webcam.sh	prädiktiv	High
5	File	xxxxxx.x	prädiktiv	Medium
6	File	xx.xxxxxxx.xxxxxxx.xxx	prädiktiv	High
7	File	xxxxxxxx-xxxxx-xxxxxxxx.x	prädiktiv	High
8	File	xx.xx	prädiktiv	Low
9	File	xxxxxx.xxx	prädiktiv	Medium
10	File	xxxxx.xxx	prädiktiv	Medium
11	File	xxxxxx.x	prädiktiv	Medium
12	File	xxxxx.xxx	prädiktiv	Medium
13	File	xxx_xxxxx_xxxxxxxx.x	prädiktiv	High
14	File	xxx_xxxxx_xxxx.x	prädiktiv	High
15	File	xxxxxxxx_xxxxxx.xxx	prädiktiv	High
16	File	xxxxxxxxxx/xxxxxxxx.xxx	prädiktiv	High
17	File	xxxxxxxxx.x	prädiktiv	Medium
18	File	xxxxx/xxxxx.xx	prädiktiv	High
19	File	xxxxxxxxxxxxx.xxxx	prädiktiv	High
20	Library	xxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxx	prädiktiv	High
21	Argument	xxxx	prädiktiv	Low
22	Argument	xxxxxxxxxxxxx	prädiktiv	High
23	Argument	xxxxxxxxxxxx	prädiktiv	Medium
24	Argument	xxxxxxxx	prädiktiv	Medium
25	Argument	xx_xxxxxxxx	prädiktiv	Medium
26	Argument	xxxxxxxxx	prädiktiv	Medium
27	Argument	xxxx_xxxxx/xxxx_xxxxxxxx	prädiktiv	High
28	Argument	xxxxxxx.xxx_xxxxxxxxxx	prädiktiv	High
29	Argument	xxxxx	prädiktiv	Low
30	Argument	xxx	prädiktiv	Low
31	Argument	xxxxxxxx	prädiktiv	Medium
32	Argument	xxxx xxxx	prädiktiv	Medium
33	Input Value	%xx%xx%xx	prädiktiv	Medium

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!