WarZoneRAT Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (83)

Cronología

Idioma

en64
zh12
de6
it2

País

us20
cn20
it6
ru2
de2

Actores

Remcos2
Ave Maria2
Nanocore RAT2
BitRAT2
AsyncRAT2

Ocupaciones

Interesar

Cronología

Escribe

Not Defined32
Operating System10
Network Attached Storage Software6
Log Management Software6
Network Management Software4

Proveedor

Not Defined20
Microsoft16
QNAP6
Cisco4
HPE4

Producto

Microsoft Windows10
QNAP QTS4
HPE Intelligent Management Center4
Google Blink2
Taokeyun2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Apache HTTP Server mod_proxy escalada de privilegios7.37.3$25k-$100k$25k-$100kNot DefinedNot Defined0.974060.00CVE-2021-40438
2Microsoft Excel desbordamiento de búfer7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.014920.07CVE-2020-0650
3VMware Spring Boot HTTP Request denegación de servicio5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-34055
4bouncycastle Self-Signed Certificate X509LDAPCertStoreSpi.java escalada de privilegios3.93.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.04CVE-2023-33201
5Nagios XI POST Request banner_message-ajaxhelper.php sql injection6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000850.04CVE-2023-40931
6Taokeyun HTTP POST Request Drs.php index sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.09CVE-2024-0480
7Apache ShardingSphere ElasticJob-UI divulgación de información3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.190700.00CVE-2022-22733
8phpMyAdmin SQL File cross site scripting4.44.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000530.02CVE-2023-25727
9ZoneMinder HostController.php daemonControl escalada de privilegios7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001190.05CVE-2023-26039
10Zoho ManageEngine Recovery Manager Plus Proxy Setting Privilege Escalation5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.005070.00CVE-2023-48646
11jeecgboot JimuReport image directory traversal7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000620.04CVE-2023-6307
12WP Shortcodes Plugin escalada de privilegios4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2023-6226
13QDocs Smart School HTTP POST Request sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.09CVE-2023-5495
14MongoDB escalada de privilegios6.66.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.02CVE-2019-2386
15MongoDB Message Decompressor denegación de servicio5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.02CVE-2019-20925
16MongoDB SysV Init Script Kill escalada de privilegios4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2019-2389
17Job Configuration History Plugin directory traversal3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-41930
18TEL-STER TelWin SCADA WebInterface divulgación de información6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2023-0956
19Tongda OA delete_seal.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000660.04CVE-2023-4165
20Autodesk AutoCAD STP File Parser denegación de servicio4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-41139

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1185.19.85.163WarZoneRAT2022-07-12verifiedAlto
2XXX.XXX.XX.XXXXxxxxxxxxx2022-07-12verifiedAlto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22, CWE-23Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/syslogpredictiveAlto
2File/course/filterRecords/predictiveAlto
3File/download/imagepredictiveAlto
4File/nagiosxi/admin/banner_message-ajaxhelper.phppredictiveAlto
5File/see_more_details.phppredictiveAlto
6File/xxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxx/xxxxx_xxxxx.xxxpredictiveAlto
8Filexxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
9Filexxxxxxxxxxx/xxxxx/xxxxxxxxxx/x/xxx.xxxpredictiveAlto
10Filexxxxx.xxxpredictiveMedio
11Filexxx.xxxpredictiveBajo
12Filexxxxxx/xxx.xpredictiveMedio
13Filexxxxxxx.xxxpredictiveMedio
14Filexxxxxxx/xxxxxx/xxxx_xxxxxx/xxxxxxxxxx/xxxxxx_xxxx.xxxpredictiveAlto
15Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
16Filexxxx_xxxxxxx.xxxpredictiveAlto
17Filexxxxx_xxx.xxxpredictiveAlto
18Filexxxxxxxx.xxxpredictiveMedio
19Filexxxx.xxxpredictiveMedio
20Filexxxx-xxxxxx.xpredictiveAlto
21Filexxxxx.xxxpredictiveMedio
22Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
23Libraryxxxxxx.xxxpredictiveMedio
24ArgumentxxxxxxpredictiveBajo
25ArgumentxxxpredictiveBajo
26ArgumentxxxpredictiveBajo
27Argumentxxxxxx_xxxpredictiveMedio
28ArgumentxxxxxpredictiveBajo
29ArgumentxxpredictiveBajo
30ArgumentxxpredictiveBajo
31ArgumentxxxxxxxxpredictiveMedio
32ArgumentxxxxpredictiveBajo
33Argumentxxxxxxxxxx[x][xxxxx]/xxxxxxxxxx[x][xxxxxxxxxxx]/xxxxxxxxxx[x][xxxxxxxxxxx]predictiveAlto
34ArgumentxxxxxxxxpredictiveMedio
35ArgumentxxxpredictiveBajo
36ArgumentxxxxpredictiveBajo
37Pattern|xx xx xx|predictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!