Rancor Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (906)

Cronología

Idioma

pl164
sv162
it154
fr154
en142

País

us874
cn14
vn8
me4

Actores

Rancor6
LokiBot1
Dridex1
FTP Info Stealer1
NjRAT1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined356
Content Management System62
Web Browser58
Operating System48
Programming Language Software24

Proveedor

Not Defined258
IBM48
Microsoft36
Oracle32
Cisco30

Producto

Mozilla Firefox18
Microsoft Internet Explorer16
Apple Mac OS X14
Google Chrome14
ownCloud12

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1TikiWiki tiki-register.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.71CVE-2006-6168
2Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
3Anti-Web write.cgi directory traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.007020.02CVE-2017-9097
4mpg123 MP3 File id3.c next_text desbordamiento de búfer4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.001770.00CVE-2017-9545
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.03
6Clash Configuration File cfw-setting.yaml escalada de privilegios8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003890.03CVE-2023-24205
7Lenovo X Server FFDC Service Log escalada de privilegios5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000600.00CVE-2017-3744
8DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.96CVE-2010-0966
9Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2016-9924
10e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
11Tiki Admin Password tiki-login.php autenticación débil8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.25CVE-2020-15906
12Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.39
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.26CVE-2018-6200
14phpPgAds adclick.php vulnerabilidad desconocida5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.92CVE-2005-3791
15Google Android SDK Platform Tools Signedness adb_client.c adb_connect desbordamiento de búfer8.88.3$100k y más$0-$5kProof-of-ConceptOfficial Fix0.000000.00
16Netgear D6300B Credential Storage nvram cifrado débil5.44.6$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.00
17OpenStack Keystone escalada de privilegios5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.011660.00CVE-2013-2014
18Sensysnetworks TrafficDOT escalada de privilegios8.37.9$0-$5k$0-$5kNot DefinedOfficial Fix0.008280.00CVE-2014-2378
19Cws sahab-alkher.com X.509 Certificate cifrado débil6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2014-7052
20Appbasedtechnologies Belaire Family Orthodontics X.509 Certificate cifrado débil6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2014-7405

Campañas (1)

These are the campaigns that can be associated with the actor:

  • PLAINTEE/DDKONG

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
145.76.176.23645.76.176.236.vultr.comRancorPLAINTEE/DDKONG2020-12-20verifiedMedio
245.121.146.26businesso.topRancorPLAINTEE/DDKONG2020-12-20verifiedAlto
3XX.XX.XXX.XXxx.xxx.xx.xx.xx-xxxx.xxxxXxxxxxXxxxxxxx/xxxxxx2020-12-20verifiedAlto
4XXX.XX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxXxxxxxxx/xxxxxx2020-12-20verifiedAlto
5XXX.XX.XXX.XXxxxxxxxxxxxxxxx.xxxxXxxxxxXxxxxxxx/xxxxxx2020-12-20verifiedAlto
6XXX.XX.XXX.XXXXxxxxxXxxxxxxx/xxxxxx2020-12-20verifiedAlto
7XXX.XXX.XX.XXXXxxxxxXxxxxxxx/xxxxxx2020-12-20verifiedAlto
8XXX.XXX.X.XXXxxx.xxx.x.xxx.xxxxx.xxxXxxxxxXxxxxxxx/xxxxxx2020-12-20verifiedMedio

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (230)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/bin/login.phppredictiveAlto
2File/cgi-bin/wapopenpredictiveAlto
3File/cgi/cpaddons_feature.plpredictiveAlto
4File/data/nvrampredictiveMedio
5File/forum/away.phppredictiveAlto
6File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveAlto
7File/fs/cifs/file.cpredictiveAlto
8File/goform/loginpredictiveAlto
9File/horde/util/go.phppredictiveAlto
10File/mib.dbpredictiveBajo
11File/modules/profile/index.phppredictiveAlto
12File/OA_HTML/cabo/jsps/a.jsppredictiveAlto
13File/out.phppredictiveMedio
14File/system/site.phppredictiveAlto
15Fileadb/adb_client.cpredictiveAlto
16Fileadclick.phppredictiveMedio
17Fileadd_comment.phppredictiveAlto
18Fileadelogs.adobe.compredictiveAlto
19Fileadmin.phppredictiveMedio
20Fileadmin/google_search_console/class-gsc-table.phppredictiveAlto
21Fileadministrator/components/com_media/helpers/media.phppredictiveAlto
22Fileandroid/webkit/SearchBoxImpl.javapredictiveAlto
23Fileapp-layer-ssh.cpredictiveAlto
24Filearch_init.cpredictiveMedio
25Fileauthenticate.cpredictiveAlto
26Fileawstats.plpredictiveMedio
27FileBKCLogSvr.exepredictiveAlto
28Filexx.xxxpredictiveBajo
29FilexxxxxxpredictiveBajo
30Filexxx_xxxxxxxxx.xxxpredictiveAlto
31Filexxxxxxxx.xxxpredictiveMedio
32Filexxxxxxxxxxxx.xxxpredictiveAlto
33Filexxx-xxxx.xxxpredictiveMedio
34Filexxx-xxxxxxx.xxxxpredictiveAlto
35Filexxx-xxx/xxxxx.xxxpredictiveAlto
36FilexxxxxxxxpredictiveMedio
37Filexxxxx.xxxpredictiveMedio
38Filexxxxxx/xxx.xpredictiveMedio
39Filexxxxxx/xxxxx/xxxxxxx.xpredictiveAlto
40Filexxxxxxxxxxxxx.xxxpredictiveAlto
41Filexxxxxxx.xxxpredictiveMedio
42Filexxxxxxx-xxxxx-xxxxxxxx.xxxpredictiveAlto
43Filexxxxxxx/xxxxxx/xxxxxxxxxxxxxxx_xxxx.xxpredictiveAlto
44Filexxxxxxxxx.xxxpredictiveAlto
45Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
46Filexxxx_xxxxxxx.xxxpredictiveAlto
47Filexxxxxx.xxxpredictiveMedio
48Filexxxxxx-xxxxx.xpredictiveAlto
49Filexxxx_xxxxx.xxxpredictiveAlto
50Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveAlto
51Filexxxxxxxxxxxxx/predictiveAlto
52Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveAlto
53Filexxxxxxxx_xxxxxxxx.xxxpredictiveAlto
54Filexx/xxx/xxxxx.xpredictiveAlto
55Filexxxxxxx.xxxpredictiveMedio
56Filexxxx_xxxx.xxxpredictiveAlto
57Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
58Filexxxx.xxxpredictiveMedio
59Filexxxxxxxx.xxxpredictiveMedio
60Filexxxxx.xxpredictiveMedio
61Filexxxxxxxx-xxxx-xxxxxx-xx-xxxxxxx.xxxpredictiveAlto
62Filexxx/xxxxxx.xxxpredictiveAlto
63Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveAlto
64Filexxxxx.xxxpredictiveMedio
65Filexxxxxxx-xx.xpredictiveMedio
66Filexxx.xpredictiveBajo
67Filexxxxxxxxxx/xxxx.xpredictiveAlto
68Filexxxxxxxxxx/xxxx.xpredictiveAlto
69Filexxxxxxxxxx/xxxx_xxpredictiveAlto
70Filexxxxxxxxxxx/xxxxx.xpredictiveAlto
71Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveAlto
72Filexxxxx.xxxpredictiveMedio
73Filexxxxx.xxxpredictiveMedio
74Filexxxx.xxxpredictiveMedio
75Filexxxxxxxxxx.xpredictiveMedio
76Filexxxxx/xxxxxxx/xxxxxx_xxxxx_xxxxxxx.xxpredictiveAlto
77Filexxxx_xxxxx.xxxxxxxx-xxx.xxxpredictiveAlto
78Filexxxxxxxx.xpredictiveMedio
79Filexxxx.xxxpredictiveMedio
80Filexxx-xxxxxxxx.xpredictiveAlto
81Filexxxxxxx.xxxpredictiveMedio
82Filexxxxxxx.xxxpredictiveMedio
83Filexxxxxxx/xxxxxxxxxxxx.xpredictiveAlto
84Filexxx_xxx_xxx/xxxxx.xpredictiveAlto
85Filexxxxxxxxx.xpredictiveMedio
86Filexxx/xxxx/xxx_xxxxxx.xpredictiveAlto
87Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveAlto
88Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveAlto
89Filexxxx/xxxxxxxxx.xxxpredictiveAlto
90Filexxxxxxxxxx_xxxx.xxxpredictiveAlto
91Filexx_xxxx.xxxpredictiveMedio
92Filexxx.xxxxpredictiveMedio
93Filexxxxxxx.xxxpredictiveMedio
94Filexxxxx.xxxpredictiveMedio
95Filexxxxxxxx.xxxpredictiveMedio
96Filexxxxxxxxxx.xxxpredictiveAlto
97Filexxxxxxxxx/xxx/xxxxxxxxxxxxx.xxxpredictiveAlto
98Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveAlto
99Filexxxxxx.xxxpredictiveMedio
100Filexxxxxxxxxx.xxxpredictiveAlto
101Filexxxxxxxx.xxxpredictiveMedio
102Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveAlto
103Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
104Filexxxxx_xxxxxx_xxxxxxx.xxxpredictiveAlto
105Filexxxxxxxxx.xpredictiveMedio
106Filexxxxx/xxxx/xxxxx.xpredictiveAlto
107Filexxxxxxxxx.xxxpredictiveAlto
108Filexx_xxxxxxx.xxxpredictiveAlto
109Filexxxxxxxxxxx.xxxpredictiveAlto
110Filexxxxxxxx.xxxpredictiveMedio
111Filexxxx-xxxxx.xxxpredictiveAlto
112Filexxxx-xxxxxxxx.xxxpredictiveAlto
113Filexxx.xxxpredictiveBajo
114Filexxxxxxxxxxx_xxxxx.xxxpredictiveAlto
115Filexxxx/xxxx_xxxx.xpredictiveAlto
116Filexxxxxxxxx_xxxx.xpredictiveAlto
117Filexxxxxxx.xpredictiveMedio
118Filexxxxxxx.xxxpredictiveMedio
119Filexxx.xxxpredictiveBajo
120Filexx-xxxxx/xx/xxxx-xxx.xxpredictiveAlto
121Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
122Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
123Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveAlto
124Filexx-xxxxxxxxxxx.xxxpredictiveAlto
125Filexx-xxxxxxxxx.xxxpredictiveAlto
126Libraryxxxxxxx\xxx\xxxxxxxx-xxx-x.xxxpredictiveAlto
127Libraryxxx/xxxxxx_xxxx.xx)predictiveAlto
128Libraryxxx/xxxxxx/xxxxxx_.xpredictiveAlto
129Libraryxxx/xxxxxx/xxxxxxxx/xxx.xxxpredictiveAlto
130Libraryxxx/xxx.xxpredictiveMedio
131Libraryxxx/xxxxxxxx/xxxx.xxpredictiveAlto
132LibraryxxxxxxpredictiveBajo
133Libraryxxxxxxx/xxxxx/xxx/xxxxxx.xpredictiveAlto
134Libraryxxx/xxxxxxxxx/xxx.xpredictiveAlto
135Argument$_xxxxxxx['xxxx']predictiveAlto
136Argument-xpredictiveBajo
137Argument/../predictiveBajo
138ArgumentxxxxxxxxxxpredictiveMedio
139ArgumentxxxxxxxxxxxpredictiveMedio
140ArgumentxxxxxxxxpredictiveMedio
141ArgumentxxxpredictiveBajo
142ArgumentxxxxxxxxxxpredictiveMedio
143ArgumentxxxpredictiveBajo
144ArgumentxxxxxxxpredictiveBajo
145ArgumentxxxxxxpredictiveBajo
146ArgumentxxxxpredictiveBajo
147ArgumentxxxpredictiveBajo
148ArgumentxxxxxxxxpredictiveMedio
149ArgumentxxxxpredictiveBajo
150ArgumentxxxxxxxxxxxxxpredictiveAlto
151ArgumentxxxpredictiveBajo
152ArgumentxxxxxxxpredictiveBajo
153ArgumentxxxxxpredictiveBajo
154ArgumentxxxxxxxxxxpredictiveMedio
155ArgumentxxxxxxxxpredictiveMedio
156ArgumentxxxxxpredictiveBajo
157ArgumentxxxxxxxpredictiveBajo
158ArgumentxxxxxxxxxpredictiveMedio
159ArgumentxxxxxxxxpredictiveMedio
160ArgumentxxxxxxxxxxxxpredictiveMedio
161ArgumentxxpredictiveBajo
162Argumentxxxxx_xxxx_xxxxxxpredictiveAlto
163ArgumentxxxxpredictiveBajo
164ArgumentxxxxpredictiveBajo
165ArgumentxxxxxxpredictiveBajo
166ArgumentxxxxxxpredictiveBajo
167Argumentxxxx/xxx_xxxxxx/xxxxpredictiveAlto
168ArgumentxxxxxxxxxxpredictiveMedio
169ArgumentxxxpredictiveBajo
170ArgumentxxxxxpredictiveBajo
171Argumentxxxx_xxxxxpredictiveMedio
172Argumentxxx_xxxxxxpredictiveMedio
173ArgumentxxxxpredictiveBajo
174ArgumentxxxxxxxxpredictiveMedio
175Argumentxxx-xxx xxxx xxxxxxxxpredictiveAlto
176ArgumentxxxxxxxxxpredictiveMedio
177ArgumentxxxxxxxxpredictiveMedio
178ArgumentxxxxxxxxxxxpredictiveMedio
179ArgumentxxxxxxxxxpredictiveMedio
180Argumentxxx_xxxxpredictiveMedio
181ArgumentxxxxxxxxpredictiveMedio
182ArgumentxxxpredictiveBajo
183ArgumentxxxxxpredictiveBajo
184Argumentxxxxxxxxxxxxx xxpredictiveAlto
185ArgumentxxxxxxxxpredictiveMedio
186Argumentxxxxxxxx_xxxpredictiveMedio
187ArgumentxxxxxxxxxpredictiveMedio
188ArgumentxxxxxxxpredictiveBajo
189ArgumentxxxxxxpredictiveBajo
190ArgumentxxxxxxpredictiveBajo
191ArgumentxxxxxxxxxxpredictiveMedio
192Argumentxxxxxx_xxpredictiveMedio
193Argumentxxxx_xxxpredictiveMedio
194ArgumentxxxxpredictiveBajo
195ArgumentxxpredictiveBajo
196ArgumentxxxpredictiveBajo
197Argumentxx_xxpredictiveBajo
198ArgumentxxxxxpredictiveBajo
199ArgumentxxxxxxpredictiveBajo
200ArgumentxxxxxxxxxpredictiveMedio
201ArgumentxxxxxxpredictiveBajo
202Argumentxx_xxpredictiveBajo
203ArgumentxxxxxxxxpredictiveMedio
204ArgumentxxxxxxxxpredictiveMedio
205ArgumentxxxxxxpredictiveBajo
206Argumentxxxxxx[]predictiveMedio
207ArgumentxxxxxxxxxxxxxxxpredictiveAlto
208Argumentxxxx=xxxxxxxxpredictiveAlto
209Argumentxxxxxx_xxxpredictiveMedio
210ArgumentxxxpredictiveBajo
211ArgumentxxxpredictiveBajo
212ArgumentxxxxxxxxpredictiveMedio
213ArgumentxxxxxpredictiveBajo
214Argumentxxx[xxxx_xx]predictiveMedio
215ArgumentxxxxxxpredictiveBajo
216ArgumentxxxxxxxxxxxpredictiveMedio
217Argument_xxxxxxxpredictiveMedio
218Input Value'xx x=xpredictiveBajo
219Input Value);<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveAlto
220Input Value..%xxpredictiveBajo
221Input Value../..predictiveBajo
222Input Value/\xxxxxxx.xxxpredictiveAlto
223Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveAlto
224Input Valuexxxxxxx.xxx_xxx.xxxpredictiveAlto
225Input ValuexxxxxxpredictiveBajo
226Input Value\xxx\xxx\xxx\xxx\xxxpredictiveAlto
227Network Portxxxxxxxxxxxxxx xxxxxxpredictiveAlto
228Network Portxxx/xxxxpredictiveMedio
229Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveAlto
230Network Portxxx xxxxxx xxxxpredictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!