ObliqueRAT Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (546)

Langue

en	508
es	16
it	12
fr	6
pl	2

De campagne

us	518
ru	24
cn	2
tk	2

Acteurs

ObliqueRAT	2
Conti	2
Fodcha	2
RedLine Stealer	2
Wizard Spider	1

Intérêt

Taper

Not Defined	20
Firewall Software	20
Content Management System	4
Web Server	4
Database Administration Software	4

Fournisseur

Not Defined	24
Apache	6
Cisco	4
Squid	4
Palo Alto	2

Produit

Drupal	4
Apache HTTP Server	4
phpMyAdmin	4
Apache Any23	2
Cisco Small Business RV160	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	Apache HTTP Server mod_proxy_balancer.c balancer_handler cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07	0.21782	CVE-2012-4558
2	Google Android Proxy Auto-Config ic.cc UpdateLoadElement buffer overflow	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00102	CVE-2019-2047
3	Telegram Desktop Proxy elévation de privilèges	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00219	CVE-2018-17613
4	https-proxy-agent JSON buffer overflow	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00659	CVE-2018-3739
5	Apache HTTP Server mod_proxy_fcgi.c handle_headers buffer overflow	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04	0.00953	CVE-2014-3583
6	Apple iOS Proxy Authentication elévation de privilèges	6.6	6.4	$100k et plus	$5k-$25k	Not Defined	Official Fix	0.04	0.00182	CVE-2016-4642
7	YoungZSoft CCProxy Proxy Service buffer overflow	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.11487	CVE-2004-2685
8	CNCF Envoy Proxy dénie de service	6.4	6.4	$0-$5k	Calculateur	Not Defined	Not Defined	0.00	0.00341	CVE-2020-8659
9	Blue Coat ProxySG SGOS divulgation de l'information	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00139	CVE-2015-4334
10	Juniper WLC Proxy ARP/No Broadcast Feature elévation de privilèges	5.3	5.1	$5k-$25k	Calculateur	Not Defined	Official Fix	0.00	0.00712	CVE-2014-6381
11	Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored cross site scripting	5.7	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00115	CVE-2018-18370
12	Palo Alto PAN-OS DNS Proxy elévation de privilèges	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.06716	CVE-2017-8390
13	QNAP Proxy Server Setting authentification faible	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00069	CVE-2017-7639
14	Squid Web Proxy cachemgr.cgi elévation de privilèges	6.1	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00267	CVE-2019-18860
15	Bluecoat SGOS Management Console cross site scripting	4.3	4.1	$0-$5k	Calculateur	Not Defined	Official Fix	0.02	0.00265	CVE-2010-5192
16	Artica Proxy fw.progrss.details.php directory traversal	7.4	7.1	$0-$5k	Calculateur	Not Defined	Official Fix	0.00	0.96791	CVE-2020-13158
17	Artica Proxy settings.inc elévation de privilèges	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00130	CVE-2019-7300
18	Sarg Squid Analysis Report Generator Proxy Server useragent.c useragent buffer overflow	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.44560	CVE-2008-1167
19	Google Android Proxy Configuration hydrogen-alias-analysis.h HAliasAnalyzer.Query elévation de privilèges	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04	0.00102	CVE-2019-2097
20	Check point Firewall-1/VPN-1 IKE Aggressive Mode chiffrement faible	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00409	CVE-2002-1623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	185.117.73.222		ObliqueRAT		31/03/2022	verified	Élevé
2	XXX.XXX.XX.XXX		Xxxxxxxxxx		10/08/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	T1059	CWE-94	Argument Injection	predictive	Élevé
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
11	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
13	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/assets/php/upload.php	predictive	Élevé
2	File	admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list	predictive	Élevé
3	File	cachemgr.cgi	predictive	Moyen
4	File	cgi-bin/cmh/webcam.sh	predictive	Élevé
5	File	xxxxxx.x	predictive	Moyen
6	File	xx.xxxxxxx.xxxxxxx.xxx	predictive	Élevé
7	File	xxxxxxxx-xxxxx-xxxxxxxx.x	predictive	Élevé
8	File	xx.xx	predictive	Faible
9	File	xxxxxx.xxx	predictive	Moyen
10	File	xxxxx.xxx	predictive	Moyen
11	File	xxxxxx.x	predictive	Moyen
12	File	xxxxx.xxx	predictive	Moyen
13	File	xxx_xxxxx_xxxxxxxx.x	predictive	Élevé
14	File	xxx_xxxxx_xxxx.x	predictive	Élevé
15	File	xxxxxxxx_xxxxxx.xxx	predictive	Élevé
16	File	xxxxxxxxxx/xxxxxxxx.xxx	predictive	Élevé
17	File	xxxxxxxxx.x	predictive	Moyen
18	File	xxxxx/xxxxx.xx	predictive	Élevé
19	File	xxxxxxxxxxxxx.xxxx	predictive	Élevé
20	Library	xxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxx	predictive	Élevé
21	Argument	xxxx	predictive	Faible
22	Argument	xxxxxxxxxxxxx	predictive	Élevé
23	Argument	xxxxxxxxxxxx	predictive	Moyen
24	Argument	xxxxxxxx	predictive	Moyen
25	Argument	xx_xxxxxxxx	predictive	Moyen
26	Argument	xxxxxxxxx	predictive	Moyen
27	Argument	xxxx_xxxxx/xxxx_xxxxxxxx	predictive	Élevé
28	Argument	xxxxxxx.xxx_xxxxxxxxxx	predictive	Élevé
29	Argument	xxxxx	predictive	Faible
30	Argument	xxx	predictive	Faible
31	Argument	xxxxxxxx	predictive	Moyen
32	Argument	xxxx xxxx	predictive	Moyen
33	Input Value	%xx%xx%xx	predictive	Moyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!