Ruskill Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Idioma

en	16
fr	6
pt	2

País

us	8
ru	6
jp	2
fr	2
cn	2

Actores

Ruskill	3
Phorpiex	1
Emotet	1
Locky	1
Qakbot	1

Interesar

Escribe

Not Defined	8
Content Management System	2
Solution Stack Software	2
Operating System	2
Connectivity Software	2

Proveedor

Not Defined	12
E-topbiz	2
Trend Micro	2
SAP	2
Microsoft	2

Producto

E-topbiz Online Store	2
Trend Micro Threat Discovery Appliance	2
Django	2
SAP NetWeaver	2
SAP ABAP Platform	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Sophos Anti-Virus RAR Archive rarvm.hpp desbordamiento de búfer	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02
2	Donglify IOCTL desbordamiento de búfer	8.3	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-42994
3	Donglify IOCTL desbordamiento de búfer	7.8	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2021-42996
4	Microsoft Windows Desired State Configuration divulgación de información	5.1	4.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00044	0.00	CVE-2022-30148
5	Microsoft Windows Access Restriction escalada de privilegios	4.4	4.4	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00057	0.00	CVE-2011-4434
6	BeyondTrust Secure Remote Access Base Software cross site request forgery	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00286	0.02	CVE-2021-31589
7	Craft EXIF Data Location divulgación de información	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02064	0.02	CVE-2019-14280
8	MetInfo sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00220	0.03	CVE-2019-17553
9	SAP NetWeaver/ABAP Platform ABAP Server escalada de privilegios	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00104	0.00	CVE-2020-6296
10	E-topbiz Online Store index.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00137	0.02	CVE-2008-5802
11	Alibabaclone Alibaba Clone B2B countrydetails.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00112	0.02	CVE-2010-4849
12	OpenSSH X11 Authentication Credential xauth escalada de privilegios	6.3	6.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.02329	0.00	CVE-2016-3115
13	PHP Session Name session.c escalada de privilegios	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00577	0.00	CVE-2016-7125
14	Trend Micro Threat Discovery Appliance log_query_dlp.cgi escalada de privilegios	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00334	0.00	CVE-2016-8590
15	CakePHP security.php unserialize escalada de privilegios	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
16	osTicket file.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00205	0.00	CVE-2017-14396
17	CS-Cart Administration files escalada de privilegios	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00099	0.03	CVE-2017-15673
18	phpMyAdmin db_central_columns.php cross site scripting	4.4	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00208	0.00	CVE-2018-7260
19	cmsimple index.php directory traversal	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06344	0.08	CVE-2008-2650
20	Django Media directory traversal	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00626	0.05	CVE-2009-2659

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	13.107.21.200		Ruskill	2021-07-24	verified	Alto
2	13.107.22.200		Ruskill	2021-07-24	verified	Alto
3	35.205.61.67	67.61.205.35.bc.googleusercontent.com	Ruskill	2022-05-06	verified	Medio
4	66.171.248.178	api1.whatismyipaddress.com	Ruskill	2022-05-06	verified	Alto
5	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxxx.xxx-xxxx.xx.xxx.xxx.xx.xx-xxxx.xxxx	Xxxxxxx	2022-05-06	verified	Alto
6	XXX.XXX.XX.XXX	xxxxxxxxxx.xx.xx	Xxxxxxx	2022-05-06	verified	Alto
7	XXX.XX.XXX.XXX		Xxxxxxx	2022-05-06	verified	Alto
8	XXX.XXX.XXX.XX		Xxxxxxx	2022-05-06	verified	Alto
9	XXX.XX.XX.XXX		Xxxxxxx	2022-05-06	verified	Alto
10	XXX.XXX.X.XXX		Xxxxxxx	2022-05-06	verified	Alto
11	XXX.XXX.XX.XXX	x-xxxx.xx-xxxxxx.xxx	Xxxxxxx	2021-07-24	verified	Alto
12	XXX.XXX.XX.XXX		Xxxxxxx	2021-07-22	verified	Alto
13	XXX.X.XXX.XXX	xxxx.xxx	Xxxxxxx	2022-05-06	verified	Alto
14	XXX.XX.XX.XXX		Xxxxxxx	2021-07-22	verified	Alto
15	XXX.XX.XX.XXX		Xxxxxxx	2022-05-06	verified	Alto
16	XXX.XX.XX.XXX		Xxxxxxx	2021-07-22	verified	Alto
17	XXX.XXX.XX.XXX	xxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	2022-05-06	verified	Alto
18	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xx	Xxxxxxx	2021-07-22	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/appliance/users?action=edit	predictive	Alto
2	File	admin/?n=tags&c=index&a=doSaveTags	predictive	Alto
3	File	countrydetails.php	predictive	Alto
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
5	File	xx_xxxxxxx_xxxxxxx.xxx	predictive	Alto
6	File	xxx/xxxxxxx/xxxxxxx.x	predictive	Alto
7	File	xxxx.xxx	predictive	Medio
8	File	xxxxx.xxx	predictive	Medio
9	File	xxx_xxxxx_xxx.xxx	predictive	Alto
10	File	xxxxx.xxx	predictive	Medio
11	Library	xxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx.xxx	predictive	Alto
12	Argument	xxxxx_xx	predictive	Medio
13	Argument	xxx_xx	predictive	Bajo
14	Argument	xx_xx	predictive	Bajo
15	Argument	xxx	predictive	Bajo
16	Argument	xx	predictive	Bajo

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!