OrcaRAT Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

Cronología

Idioma

es8

País

za4
es4

Actores

OrcaRAT1

Ocupaciones

Interesar

Cronología

Escribe

Web Server2
WordPress Plugin2
Router Operating System2
Not Defined2

Proveedor

Apache2
ThemePunch2
MikroTik2
Juniper2

Producto

Apache HTTP Server2
ThemePunch Slider Revolution Plugin2
MikroTik RouterOS2
Juniper Web Device Manager2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1ProFTPD mod_copy escalada de privilegios8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.944620.04CVE-2019-12815
2nginx ngx_http_mp4_module divulgación de información5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845
3Apache HTTP Server mod_reqtimeout denegación de servicio5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.04CVE-2007-6750
4Juniper Web Device Manager Authentication autenticación débil9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.04
5ThemePunch Slider Revolution Plugin escalada de privilegios7.37.3$0-$5k$0-$5kHighNot Defined0.954920.00CVE-2014-9735
6MikroTik RouterOS Winbox autenticación débil8.27.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.974960.02CVE-2018-14847
7Linux Directory Penguin Traceroute Script traceroute.pl escalada de privilegios9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.018910.00CVE-2002-0488

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
111.38.64.251OrcaRAT2021-01-01verifiedAlto
223.19.39.19OrcaRAT2021-01-01verifiedAlto
358.71.158.21OrcaRAT2021-01-01verifiedAlto
4XX.XX.XXX.XXXxxxxxxxxxx-xxx.xxx.xxx.xxXxxxxxx2021-01-01verifiedAlto
5XX.XXX.XX.XXXxxxxxx-xx-xxx-xx-xxx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxx2021-01-01verifiedAlto
6XX.XXX.XXX.XXXxxxxxx2021-01-01verifiedAlto
7XX.XXX.XX.XXXxxxxxx2021-01-01verifiedAlto
8XXX.XXX.XX.XXXXxxxxxx2021-01-01verifiedAlto
9XXX.XXX.XXX.XXXxxxxxx2021-01-01verifiedAlto
10XXX.X.XXX.XXxxxxxxx.xxxxxxxxx.xxxXxxxxxx2021-01-01verifiedAlto
11XXX.XX.XX.XXXXxxxxxx2021-01-01verifiedAlto
12XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxXxxxxxx2021-01-01verifiedAlto
13XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxXxxxxxx2021-01-01verifiedAlto
14XXX.XXX.XXX.XXXxxxx-xxx.xxxxxxxxx.xxxXxxxxxx2021-01-01verifiedAlto
15XXX.XXX.XX.XXXXxxxxxx2021-01-01verifiedAlto

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
2TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
3TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1Filetraceroute.plpredictiveAlto
2ArgumentxxxxpredictiveBajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!