KHRAT Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (211)

Chronologie

Langue

en138
ru54
zh14
pl2
es2

De campagne

us114
ru56
cn20
gb18
es2

Acteurs

TrickBot11
RedLine Stealer5
DCRat4
Conti3
Cobalt Strike2

Activités

Intérêt

Chronologie

Taper

Not Defined84
Content Management System8
JavaScript Library8
Web Server6
Operating System6

Fournisseur

Not Defined72
Apache8
VMware6
Microsoft6
Atlassian6

Produit

WordPress6
Apache HTTP Server4
OpenSSL4
Jitsi Meet4
phpMyAdmin4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.530.00943CVE-2010-0966
3Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00668CVE-2022-27228
4jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01900CVE-2020-11023
5ILIAS Cloze Test Text gap Persistent cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00193CVE-2019-1010237
6Harbor authentification faible6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.030.01473CVE-2022-46463
7Jitsi Meet authentification faible8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.080.00196CVE-2020-11878
8nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00241CVE-2020-12440
9WordPress Pingback elévation de privilèges5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00120CVE-2022-3590
10Bitrix24 elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00521CVE-2020-13484
11Fortinet FortiOS/FortiProxy Administrative Interface authentification faible9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.97217CVE-2022-40684
12Apache Tomcat HTTP Digest Authentication Implementation authentification faible8.27.1$5k-$25kCalculateurUnprovenOfficial Fix0.000.00342CVE-2012-5887
13TEM FLEX-1080/FLEX-1085 Log log.cgi divulgation de l'information5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.030.00150CVE-2022-1077
14F5 BIG-IP iControl REST Authentication bash authentification faible9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.97477CVE-2022-1388
15Vmware Workspace ONE Access/Identity Manager Template elévation de privilèges9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97436CVE-2022-22954
16Apache Groovy MethodClosure.java MethodClosure elévation de privilèges8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.030.02142CVE-2015-3253
17LightCMS External Image NEditorController.php Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00675CVE-2021-27112
18phpPgAds adclick.php vulnérabilité inconnue5.35.3$0-$5k$0-$5kNot DefinedNot Defined1.320.00317CVE-2005-3791
19E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.040.00087CVE-2008-2867
20Huawei Toronto-TL10 divulgation de l'information4.44.4$5k-$25k$0-$5kNot DefinedNot Defined0.000.00066CVE-2018-7907

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • Cambodia Attacks

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1194.87.94.61ptr.ruvds.comKHRATCambodia Attacks31/08/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (102)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/login.phppredictiveÉlevé
2File/app/Http/Controllers/Admin/NEditorController.phppredictiveÉlevé
3File/mgmt/tm/util/bashpredictiveÉlevé
4File/mifs/c/i/reg/reg.htmlpredictiveÉlevé
5File/secure/ViewCollectorspredictiveÉlevé
6File/SessionpredictiveMoyen
7File/usr/bin/pkexecpredictiveÉlevé
8File/xAdmin/html/cm_doclist_view_uc.jsppredictiveÉlevé
9Fileadclick.phppredictiveMoyen
10Fileadd_comment.phppredictiveÉlevé
11Fileadmin/content.phppredictiveÉlevé
12Filecgi-bin/awstats.plpredictiveÉlevé
13Filexxxxxxxx.xxxpredictiveMoyen
14Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
15Filex_xxxxxxpredictiveMoyen
16Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
17Filexxxxxxx_xxxxx.xxxpredictiveÉlevé
18Filexxxxx.xxxpredictiveMoyen
19Filexxxx_xxxxxxxx.xxxpredictiveÉlevé
20Filexxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
21Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
22Filexxxxxxxxxxx.xpredictiveÉlevé
23Filexxxxxxxxx.xxxpredictiveÉlevé
24Filexxx/xxxxxx.xxxpredictiveÉlevé
25Filexxxxx.xxxpredictiveMoyen
26Filexxxxx.xxx/xxxxxxx/xxxxxpredictiveÉlevé
27Filexxxxx.xxpredictiveMoyen
28Filexxxxxxx.xxxpredictiveMoyen
29Filexxxx.xxxpredictiveMoyen
30Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveÉlevé
31Filexxx.xxxpredictiveFaible
32Filexxxxx-xxxx-xxxx.xxxpredictiveÉlevé
33Filexxx_xxxxx_xxxx.xpredictiveÉlevé
34Filexxxxxxx.xxxpredictiveMoyen
35Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveÉlevé
36Filexxx_xxxxxx.xxxxpredictiveÉlevé
37Filexxxxxxxx.xxxpredictiveMoyen
38Filexxxxxxxx.xxxpredictiveMoyen
39Filexxxxxxx.xxxpredictiveMoyen
40Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveÉlevé
41Filexxxxxxxxxxxxxxx.xxxpredictiveÉlevé
42Filexxxxxx.xxpredictiveMoyen
43Filexxxxxx_xxxxxxx.xxxpredictiveÉlevé
44Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveÉlevé
45Filexxxx.xxxpredictiveMoyen
46Filexxxx.xxpredictiveFaible
47Filexxxxxxxx_xxxx.xxxpredictiveÉlevé
48Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveÉlevé
49Filexxxxx.xxxpredictiveMoyen
50Filexxxxxxxx.xxxxx.xxxpredictiveÉlevé
51Filexxxxx.xpredictiveFaible
52Filexxx-xxx/predictiveMoyen
53Filexxxxxxx/xxx/xxxxxxxpredictiveÉlevé
54Filexx-xxxx.xxxpredictiveMoyen
55Filexx-xxxxxxxxx.xxxpredictiveÉlevé
56Argument*xxxxpredictiveFaible
57ArgumentxxpredictiveFaible
58ArgumentxxxxxxxxxxxxpredictiveMoyen
59ArgumentxxxxxxpredictiveFaible
60ArgumentxxxxxxxxpredictiveMoyen
61ArgumentxxxxxxxxpredictiveMoyen
62ArgumentxxxxxxxxpredictiveMoyen
63Argumentxxx_xxpredictiveFaible
64Argumentxxxxxx_xxpredictiveMoyen
65ArgumentxxxxxxpredictiveFaible
66Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveÉlevé
67ArgumentxxxxpredictiveFaible
68ArgumentxxxpredictiveFaible
69ArgumentxxxxxxxxxxpredictiveMoyen
70ArgumentxxxxxxxpredictiveFaible
71Argumentxx_xxxx/xxxxx/xxxpredictiveÉlevé
72Argumentxxxxxxxxx->xxxxxxxxxpredictiveÉlevé
73ArgumentxxxxpredictiveFaible
74ArgumentxxxxxxxxpredictiveMoyen
75Argumentxxxxxx_xxxxx_xxxpredictiveÉlevé
76ArgumentxxxxpredictiveFaible
77Argumentxxxx_xxxxxpredictiveMoyen
78ArgumentxxpredictiveFaible
79ArgumentxxxxxxpredictiveFaible
80ArgumentxxxxxxxpredictiveFaible
81Argumentxxxxxxx/xxxxxxxxxpredictiveÉlevé
82ArgumentxxxxpredictiveFaible
83ArgumentxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
84ArgumentxxxxxxxxxpredictiveMoyen
85Argumentxxxxxxxx_xxpredictiveMoyen
86Argumentxxxxxxx xxxxxpredictiveÉlevé
87ArgumentxxxxxxxxxxxxxxxxpredictiveÉlevé
88ArgumentxxxxxxpredictiveFaible
89ArgumentxxxxxxpredictiveFaible
90Argumentxxxxxx_xxxpredictiveMoyen
91ArgumentxxxxxxpredictiveFaible
92Argumentxx_xxpredictiveFaible
93Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveÉlevé
94ArgumentxxxxxpredictiveFaible
95ArgumentxxpredictiveFaible
96ArgumentxxxxxxpredictiveFaible
97Argument_xxxxxx[xxxxxxxx_xxxx]predictiveÉlevé
98Input Value/xxxxxx/..%xxpredictiveÉlevé
99Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveÉlevé
100Pattern__xxxxxxxxx=predictiveMoyen
101Network PortxxxxpredictiveFaible
102Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!