Rakos Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (397)

Chronologie

Langue

en324
ru30
ja12
fr6
de6

De campagne

us216
ru80
pl18
me8
cn8

Acteurs

Rakos7
Locky5
Cobalt Strike5
TrickBot3
NjRAT3

Activités

Intérêt

Chronologie

Taper

Not Defined160
Programming Language Software18
Web Server16
Content Management System14
WordPress Plugin10

Fournisseur

Not Defined116
Apache20
Microsoft10
HP8
Cisco6

Produit

Apache Tomcat8
phpMyAdmin8
Apache HTTP Server8
Laravel6
PHP4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.68CVE-2010-0966
3Zyxel NAS326/NAS542 Web Server elévation de privilèges9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000680.04CVE-2023-4473
4nginx elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.07CVE-2020-12440
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.26CVE-2017-0055
6DZCP deV!L`z Clanportal browser.php divulgation de l'information5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.38CVE-2007-1167
7MikroTik RouterOS Winbox/HTTP Interface elévation de privilèges7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.13CVE-2023-30799
8Laravel Framework Token Encrypter.php decrypt elévation de privilèges6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.624180.03CVE-2018-15133
9Linux Kernel fbcon vt.c KD_FONT_OP_COPY divulgation de l'information5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-28974
10Devilz Clanportal File Upload vulnérabilité inconnue5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.04CVE-2006-6338
11Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.00CVE-2006-3347
12Microsoft IIS IP/Domain Restriction elévation de privilèges6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.51CVE-2014-4078
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
14SourceCodester Petrol Pump Management Software product.php elévation de privilèges4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2058
15CKFinder File Name elévation de privilèges7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
16Elementor Plugin elévation de privilèges5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2024-24934
17guzzlehttp psr7 Header Parser elévation de privilèges6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.01CVE-2022-24775
18DrayTek Vigor 2960 Web Management Interface mainfunction.cgi elévation de privilèges7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.08CVE-2023-1162
19BeCustom Plugin cross site request forgery6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001220.04CVE-2022-3747
20Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.894280.04CVE-2023-20198

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
15.34.180.64vds-merkyl-88517.itldc-customer.netRakos31/05/2021verifiedÉlevé
25.34.183.231vds-454576.hosted-by-itldc.comRakos31/05/2021verifiedÉlevé
346.8.44.55Rakos31/05/2021verifiedÉlevé
4XXX.XX.XX.XXxxx.xxxxxxx.xxxXxxxx31/05/2021verifiedÉlevé
5XXX.XX.XX.XXxxxxxxx-xxxxxx.xxxxxx-xx.xxxxx.xxxXxxxx31/05/2021verifiedÉlevé
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxx-xxxXxxxx31/05/2021verifiedÉlevé
7XXX.XX.XXX.XXXxxxxx-xxxxxxxxxxxxxxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx31/05/2021verifiedÉlevé
8XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxx31/05/2021verifiedÉlevé
9XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxx31/05/2021verifiedÉlevé
10XXX.XX.XXX.XXxxxxxxx.xxxXxxxx31/05/2021verifiedÉlevé
11XXX.XX.XXX.XXxx.xxxxx-xxxxxxxx.xxxXxxxx31/05/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22, CWE-23Path TraversalpredictiveÉlevé
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-94Argument InjectionpredictiveÉlevé
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveÉlevé
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveÉlevé
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveÉlevé
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
19TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (208)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File//proc/kcorepredictiveMoyen
2File/addWhiteListDomain.imsspredictiveÉlevé
3File/admin/app/product.phppredictiveÉlevé
4File/anony/mjpg.cgipredictiveÉlevé
5File/cgi-bin/wlogin.cgipredictiveÉlevé
6File/cobbler-apipredictiveMoyen
7File/customer_support/index.phppredictiveÉlevé
8File/forum/away.phppredictiveÉlevé
9File/inc/parser/xhtml.phppredictiveÉlevé
10File/include/makecvs.phppredictiveÉlevé
11File/index.phppredictiveMoyen
12File/login/index.phppredictiveÉlevé
13File/preview.phppredictiveMoyen
14File/protocol/index.phppredictiveÉlevé
15File/requests.phppredictiveÉlevé
16File/search-result.phppredictiveÉlevé
17File/secret_coder.sqlpredictiveÉlevé
18File/shop.phppredictiveMoyen
19File/uncpath/predictiveMoyen
20File/view_order.phppredictiveÉlevé
21File/wp-admin/admin.php?page=wp_file_manager_propertiespredictiveÉlevé
22Fileadd.phppredictiveFaible
23Fileadminer.phppredictiveMoyen
24Fileadm_config_report.phppredictiveÉlevé
25Filexxxxx.xxxpredictiveMoyen
26Filexxx/xx-xxxxx-xxxxxxx/xxx-xx-xxxxx-xxxxxxx.xxxpredictiveÉlevé
27Filexxxx-xxxx.xpredictiveMoyen
28Filexxx.xxxpredictiveFaible
29Filexxxxx.xxxxxxxxx.xxxpredictiveÉlevé
30Filexxxxxxxxxx.xxxpredictiveÉlevé
31Filexxxxxxxxx.xxxpredictiveÉlevé
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveÉlevé
33Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveÉlevé
34Filexxxxxx/xx/xx_xxxxx.xpredictiveÉlevé
35Filexxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:xpredictiveÉlevé
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
37Filexxxxxxx.xxxpredictiveMoyen
38Filexxxxxx.xxxpredictiveMoyen
39Filexxxx_xxxx.xxxpredictiveÉlevé
40Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictiveÉlevé
41Filexxxxxxx/xxx/xx/xx.xpredictiveÉlevé
42Filexxxxxxxxxxxx.xxxpredictiveÉlevé
43Filexxxx.xxxpredictiveMoyen
44Filexxxxx.xxxpredictiveMoyen
45Filexxxxxxxx_xxx_xxx_xxxx.xxxpredictiveÉlevé
46Filexxxxxx.xxxpredictiveMoyen
47Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
48Filexxxxxxxxxxxx.xxxpredictiveÉlevé
49Filexxxxxxxxxx.xxxpredictiveÉlevé
50Filexxxxxxxxx.xxxpredictiveÉlevé
51Filexxxx.xxxpredictiveMoyen
52Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveÉlevé
53Filexx_xxxxxxx.xpredictiveMoyen
54Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
55Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
56Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveÉlevé
57Filexxxxxxxxxx.xx/xxx-xxxxx.xxxpredictiveÉlevé
58Filexxx/xxxxxx.xxxpredictiveÉlevé
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
60Filexxxxx.xxxpredictiveMoyen
61Filexx.xxxpredictiveFaible
62Filexxxxxx.xpredictiveMoyen
63Filexxxx.xxxpredictiveMoyen
64Filexx.xxxpredictiveFaible
65Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
66Filexxxxx_xx.xxxxpredictiveÉlevé
67Filexxxxxx.xxxpredictiveMoyen
68Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
69Filexxxxxxxxxxxx.xxxpredictiveÉlevé
70Filexxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
71Filexxxx.xxxpredictiveMoyen
72Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveÉlevé
73Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxxx.xxxpredictiveÉlevé
74Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictiveÉlevé
75Filexxxxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
76Filexxxxxxx-xxxxx.xxpredictiveÉlevé
77Filexxxxx_xxxxxxxx.xxxpredictiveÉlevé
78Filexxxx/xxxxxxx/xxxxx.xxxpredictiveÉlevé
79Filexxxxx.xxxpredictiveMoyen
80Filexxxxxxx.xxxpredictiveMoyen
81Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveÉlevé
82Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveÉlevé
83Filexxxx.xxxpredictiveMoyen
84Filexxxxxxx/xxxxxx.xxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveÉlevé
85Filexxxxx.xxxpredictiveMoyen
86Filexxxxx-xxxx.xxxpredictiveÉlevé
87Filexxxxxxx.xxxpredictiveMoyen
88Filexxxxxxxx.xxxpredictiveMoyen
89Filexxxxxxx_xxxx.xxxpredictiveÉlevé
90Filexxxxxxx.xxxpredictiveMoyen
91Filexxxxx.xxxpredictiveMoyen
92Filexxxxxxxx.xxxpredictiveMoyen
93Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveÉlevé
94Filexxxx.xxpredictiveFaible
95Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveÉlevé
96Filexxxxxxxxxxxxxxxx.xxpredictiveÉlevé
97Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
98Filexxx/xxxxxx_xxx.xxxpredictiveÉlevé
99Filexxxxxxxxxxxx.xxxpredictiveÉlevé
100Filexxxxx.xpredictiveFaible
101Filexxxxxxxxxxx.xxxpredictiveÉlevé
102Filexxxxxxxx/xxxxxxxxpredictiveÉlevé
103Filexxxxxxxx.xxxpredictiveMoyen
104Filexxxxxxxxxx.xxxpredictiveÉlevé
105Filexxxxxxx.xxxpredictiveMoyen
106Filexx_xxxxxxxx.xxxpredictiveÉlevé
107Filexxxxx.xxxpredictiveMoyen
108Filexxxxxxxx.xxxpredictiveMoyen
109Filexx-xxxxx/xxxxxxx.xxxpredictiveÉlevé
110Filexx-xxxxxx.xxxpredictiveÉlevé
111Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
112Filexx-xxxxxxxx/xxxx.xxxpredictiveÉlevé
113Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
114Filexx-xxxxxxxx.xxxpredictiveÉlevé
115File~/xxxxxxxxx/predictiveMoyen
116Libraryxxxxxxx.xxxpredictiveMoyen
117Libraryxxxxxxxxxxxx.xxxpredictiveÉlevé
118Libraryxxxx.xxx.xxxpredictiveMoyen
119Libraryxxxxxx.xxxpredictiveMoyen
120Libraryxxxxxxxxxxx.xxxpredictiveÉlevé
121Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictiveÉlevé
122Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveÉlevé
123Libraryxxx/xx_xxx.xpredictiveMoyen
124Libraryxxxxxxxx.xpredictiveMoyen
125Argumentxx/xxpredictiveFaible
126Argumentxx_xxxxx_xxx_xxxxpredictiveÉlevé
127ArgumentxxxxxxpredictiveFaible
128ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveÉlevé
129ArgumentxxxxxxxxpredictiveMoyen
130ArgumentxxxpredictiveFaible
131Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveÉlevé
132Argumentxxxxxx[xxxx]predictiveMoyen
133Argumentxxxxxxxxxxx(xxxxxx)predictiveÉlevé
134Argumentxxxx/xxxxxx/xxxpredictiveÉlevé
135ArgumentxxxxxxpredictiveFaible
136Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictiveÉlevé
137Argumentxxxxx xxxxxpredictiveMoyen
138ArgumentxxxxxpredictiveFaible
139ArgumentxxxxpredictiveFaible
140ArgumentxxxxxxxxpredictiveMoyen
141Argumentxxxxxx_xxxxxx_xxpredictiveÉlevé
142Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxx/xxxxxxxpredictiveÉlevé
143Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxpredictiveÉlevé
144ArgumentxxxxxxxxxxxxpredictiveMoyen
145Argumentxxxxxxxxxxxxxx($xxx)predictiveÉlevé
146Argumentxxxxx_xxpredictiveMoyen
147Argumentxxx_xxxxpredictiveMoyen
148ArgumentxxxxpredictiveFaible
149Argumentxxxx xxxxxxxpredictiveMoyen
150Argumentxxxx_xxxxpredictiveMoyen
151ArgumentxxxxpredictiveFaible
152ArgumentxxxxpredictiveFaible
153ArgumentxxpredictiveFaible
154ArgumentxxpredictiveFaible
155ArgumentxxxxxpredictiveFaible
156ArgumentxxxxxpredictiveFaible
157ArgumentxxxxxxpredictiveFaible
158ArgumentxxxxpredictiveFaible
159ArgumentxxxxxxpredictiveFaible
160ArgumentxxxxpredictiveFaible
161ArgumentxxxxxxpredictiveFaible
162Argumentxxxxx[xxxxx][xx]predictiveÉlevé
163ArgumentxxxxxpredictiveFaible
164Argumentxx/xx/xx/xx/xpredictiveÉlevé
165ArgumentxxxxpredictiveFaible
166ArgumentxxxxxxxxpredictiveMoyen
167Argumentxxxx_xxxxpredictiveMoyen
168ArgumentxxxxxxpredictiveFaible
169ArgumentxxxxpredictiveFaible
170Argumentxxxx_xxxxpredictiveMoyen
171ArgumentxxxxxxxxpredictiveMoyen
172ArgumentxxxxxxpredictiveFaible
173ArgumentxxxxpredictiveFaible
174ArgumentxxxxxxxxpredictiveMoyen
175ArgumentxxxxxpredictiveFaible
176Argumentxxxxxxx_xxpredictiveMoyen
177Argumentxxxxxxx_xxxxxpredictiveÉlevé
178ArgumentxxxpredictiveFaible
179Argumentxxx=xxxxpredictiveMoyen
180ArgumentxxxxxxxxpredictiveMoyen
181Argumentxxxxxx_xxxxpredictiveMoyen
182ArgumentxxxxxxxxxxpredictiveMoyen
183ArgumentxxxxxxpredictiveFaible
184Argumentxxxxxxxx/xxxxxxxxxpredictiveÉlevé
185ArgumentxxxxxxpredictiveFaible
186Argumentxxxxxxxx_xxxxpredictiveÉlevé
187Argumentxxxxxxxxxx_xxxxpredictiveÉlevé
188ArgumentxxxpredictiveFaible
189ArgumentxxxpredictiveFaible
190Argumentxxxx-xxxxxpredictiveMoyen
191ArgumentxxxxxxxxxpredictiveMoyen
192Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
193Argumentxxxxxxxx:xxxxxxxxpredictiveÉlevé
194Argumentxxxx_xxxxxpredictiveMoyen
195ArgumentxxxxpredictiveFaible
196Argumentx-xxxx-xxxxxpredictiveMoyen
197Argumentxxxxx_xxxxxxxxxx_xxxxxpredictiveÉlevé
198Input Value../predictiveFaible
199Input Value>><xxx/xxx/xxxxxxx=xxxxx(x)>predictiveÉlevé
200Input Valuexxxx.xxx"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx);</xxxxxx>)predictiveÉlevé
201Input ValuexxxxxxxpredictiveFaible
202Input Valuexxxxxxxxx:xxxxxxxxpredictiveÉlevé
203Pattern|xx xx xx|predictiveMoyen
204Network PortxxxpredictiveFaible
205Network Portxxx/xx (xxxxxx)predictiveÉlevé
206Network Portxxx/xxxxxpredictiveMoyen
207Network Portxxx/xxxxxpredictiveMoyen
208Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!