ActionRAT Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (76)

Chronologie

Langue

en56
de16
ru2
it2

De campagne

us30
de14
ca4

Acteurs

Cobalt Strike2
ActionRAT1
Venom RAT1
njRAT1

Activités

Intérêt

Chronologie

Taper

Not Defined22
Learning Management Software6
Virtualization Software4
Content Management System4
Packet Analyzer Software4

Fournisseur

Not Defined32
IBM4
Linux Foundation4
MIT2
Omron2

Produit

Moodle6
Play Framework6
Linux Foundation Xen4
tcpdump4
Joplin2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25kCalculateurHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.59CVE-2010-0966
3Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.14CVE-2020-15906
4Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.20
5Michael Salzer Guestbox gbshow.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.042830.02CVE-2006-0860
6DolphinPHP User Management Page cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000530.08CVE-2022-1086
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.04
8vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
9Mozilla Firefox/Thunderbird SetOffsets dénie de service7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.090520.00CVE-2013-1677
10IBM InfoSphere Master Data Management cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2015-1968
11IBM Rational Collaborative Lifecycle Management Jazz Foundation cross site scripting3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2015-0130
12McAfee ePolicy Orchestrator cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001920.02CVE-2015-4559
13Moodle configonlylib.php min_get_slash_argument directory traversal6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001770.02CVE-2015-1493
14WordPress Shortcodes/Post Content elévation de privilèges6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.141630.00CVE-2013-0235
15Moodle Contacts/Messages divulgation de l'information5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001240.00CVE-2015-2266
16Moodle mdeploy.php elévation de privilèges6.35.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001120.05CVE-2015-2267
17Moodle Regular Expression dénie de service5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.002820.00CVE-2015-2268
18Adobe Flash Player buffer overflow10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030410.00CVE-2015-0342
19WhatsApp Messenger Profile Image divulgation de l'information5.35.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.02
20Linux Foundation Xen GIC Logging Rate Limit dénie de service4.03.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2015-1563

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1144.91.65.100vmi652772.contaboserver.netActionRAT07/09/2021verifiedÉlevé
2XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxx07/09/2021verifiedÉlevé
3XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxxxxxx07/09/2021verifiedMoyen
4XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxx07/09/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-22Path TraversalpredictiveÉlevé
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveÉlevé
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
8TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
10TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/forum/away.phppredictiveÉlevé
2File/wordpress/wp-admin/admin.phppredictiveÉlevé
3Fileadmin/index.phppredictiveÉlevé
4Filebooks.phppredictiveMoyen
5Filedata/gbconfiguration.datpredictiveÉlevé
6Filexxxxxx.xxxpredictiveMoyen
7Filexxxxxx.xxxpredictiveMoyen
8Filexxxxxxxxx.xxxpredictiveÉlevé
9Filexxx/xxxxxx.xxxpredictiveÉlevé
10Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveÉlevé
11Filexxxxx.xxxpredictiveMoyen
12Filexxxxxxx.xxxpredictiveMoyen
13Filexxxxxxxxx/xxxx-xxxxpredictiveÉlevé
14Filexxxx.xxxpredictiveMoyen
15Filexxxxx/xxxxxxx/predictiveÉlevé
16Filexxxxxx.xxxpredictiveMoyen
17Filexxxxx.xxxpredictiveMoyen
18Filexxxxxxxx.xxxpredictiveMoyen
19Filexxxxxxxx_xxxx.xxxpredictiveÉlevé
20Filexxxxxxxxxxxxxx.xxxpredictiveÉlevé
21Filexxxxx.xxxpredictiveMoyen
22Filexxxx-xxxxx.xxxpredictiveÉlevé
23Libraryxxx/xxxxxxxxxxxxx.xxxpredictiveÉlevé
24ArgumentxxxxxxxxpredictiveMoyen
25ArgumentxxxxxxpredictiveFaible
26ArgumentxxxxxxxpredictiveFaible
27ArgumentxxxxpredictiveFaible
28ArgumentxxxxxxxxpredictiveMoyen
29ArgumentxxpredictiveFaible
30ArgumentxxxxxxxxxxpredictiveMoyen
31ArgumentxxxxxxxxpredictiveMoyen
32ArgumentxxxxxxpredictiveFaible
33ArgumentxxxxxxxxpredictiveMoyen
34Argumentxxxxxxx_xxpredictiveMoyen
35ArgumentxxxxxxxpredictiveFaible
36ArgumentxxxxpredictiveFaible
37ArgumentxxxxxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!