RATicate Análisis

IOB - Indicator of Behavior (52)

Cronología

Idioma

en28
de14
pl4
fr4
es2

País

us48
gb2
se2

Actores

Ocupaciones

Interesar

Cronología

Escribe

Proveedor

Producto

Microsoft IIS6
PHPChain2
phpMyAdmin2
IBM DOORS Next Generation2
Mozilla Firefox2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00501CVE-2004-2175
2PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00276CVE-2004-0250
3OpenSSH Authentication Username divulgación de información5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
4BitTorrent uTorrent Bencoding Parser escalada de privilegios6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00867CVE-2020-8437
5MDaemon Webmail cross site scripting5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00070CVE-2019-8983
6Synology DiskStation Manager Change Password escalada de privilegios7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00068CVE-2018-8916
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
8Todd Miller sudo sudoedit sudoers escalada de privilegios7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00061CVE-2015-5602
9Tim Kosse FileZilla Format String7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.03339CVE-2007-2318
10BusyBox Terminal lineedit.c add_match escalada de privilegios7.57.4$5k-$25kCalculadorNot DefinedOfficial Fix0.030.00522CVE-2017-16544
11Microsoft Office Equation Editor desbordamiento de búfer7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.91620CVE-2018-0798
12Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00078CVE-2020-8245
13Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00112CVE-2011-0519
14Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00100CVE-2009-0296
15K5n WebCalendar send_reminders.php escalada de privilegios7.36.4$0-$5kCalculadorProof-of-ConceptOfficial Fix0.020.05603CVE-2008-2836
16Microsoft IIS escalada de privilegios9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.020.08875CVE-2010-1256
17Python urllib.request.AbstractBasicAuthHandler escalada de privilegios6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00837CVE-2020-8492
18nginx URI String escalada de privilegios6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.95433CVE-2013-4547
19Microsoft Windows Remote Desktop escalada de privilegios7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.04662CVE-2019-1333
20Mozilla Firefox/Firefox ESR IFRAME PDF.js escalada de privilegios8.68.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01146CVE-2013-5598

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
179.134.225.11RATicate2021-05-31verifiedAlto
2XX.XXX.XXX.XXXxxxxxxx2021-05-31verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1059CWE-94Argument InjectionpredictiveAlto
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/etc/sudoerspredictiveMedio
2File/uncpath/predictiveMedio
3Filecat.phppredictiveBajo
4Filexxxxxx.xxxpredictiveMedio
5Filexxxxxxxxxxx/xxxxx.xxxpredictiveAlto
6Filexxxxxxx.xxxpredictiveMedio
7Filexxxxx/xxxxxxxx.xpredictiveAlto
8Filexxx.xxpredictiveBajo
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveAlto
10Filexxxx_xxxxxxxxx.xxxpredictiveAlto
11Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
12Filexxxxxxxxxxx.xxxpredictiveAlto
13Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
14ArgumentxxxpredictiveBajo
15ArgumentxxxxxpredictiveBajo
16Argumentxxx_xxpredictiveBajo
17ArgumentxxxxxxxxpredictiveMedio
18ArgumentxxpredictiveBajo
19Argumentxxxx_xxpredictiveBajo
20ArgumentxxxxxpredictiveBajo
21ArgumentxxxxxxxxpredictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!