Rancor Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (906)

Chronologie

Langue

sv184
pl158
it148
fr142
es136

De campagne

us888
cn8
vn8
me2

Acteurs

Rancor5
LokiBot1
Dridex1
NjRAT1
FTP Info Stealer1

Activités

Intérêt

Chronologie

Taper

Not Defined366
Content Management System72
Web Browser52
Operating System52
Cloud Software18

Fournisseur

Not Defined242
IBM42
Oracle34
Apple30
Microsoft24

Produit

Apple Mac OS X16
Google Chrome14
IBM Algo One14
Microsoft Internet Explorer14
Mozilla Firefox14

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1TikiWiki tiki-register.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.25CVE-2006-6168
2Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
3Anti-Web write.cgi directory traversal7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.007020.02CVE-2017-9097
4mpg123 MP3 File id3.c next_text buffer overflow4.44.4$0-$5kCalculateurNot DefinedNot Defined0.001770.00CVE-2017-9545
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.72
6Clash Configuration File cfw-setting.yaml elévation de privilèges8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003890.04CVE-2023-24205
7Lenovo X Server FFDC Service Log elévation de privilèges5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000600.00CVE-2017-3744
8DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.05CVE-2010-0966
9Synacor Zimbra Collaboration XML External Entity8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004410.02CVE-2016-9924
10e-Quick Cart shopprojectlogin.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
11Tiki Admin Password tiki-login.php authentification faible8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.20CVE-2020-15906
12Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.32
13vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.20CVE-2018-6200
14phpPgAds adclick.php vulnérabilité inconnue5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.93CVE-2005-3791
15Google Android SDK Platform Tools Signedness adb_client.c adb_connect buffer overflow8.88.3$100k et plus$0-$5kProof-of-ConceptOfficial Fix0.000000.00
16Netgear D6300B Credential Storage nvram chiffrement faible5.44.6$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.00
17OpenStack Keystone elévation de privilèges5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.011660.00CVE-2013-2014
18Sensysnetworks TrafficDOT elévation de privilèges8.37.9$0-$5k$0-$5kNot DefinedOfficial Fix0.008280.00CVE-2014-2378
19Cws sahab-alkher.com X.509 Certificate chiffrement faible6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2014-7052
20Appbasedtechnologies Belaire Family Orthodontics X.509 Certificate chiffrement faible6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.00CVE-2014-7405

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • PLAINTEE/DDKONG

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.76.176.23645.76.176.236.vultr.comRancorPLAINTEE/DDKONG20/12/2020verifiedMoyen
245.121.146.26businesso.topRancorPLAINTEE/DDKONG20/12/2020verifiedÉlevé
3XX.XX.XXX.XXxx.xxx.xx.xx.xx-xxxx.xxxxXxxxxxXxxxxxxx/xxxxxx20/12/2020verifiedÉlevé
4XXX.XX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxXxxxxxxx/xxxxxx20/12/2020verifiedÉlevé
5XXX.XX.XXX.XXxxxxxxxxxxxxxxx.xxxxXxxxxxXxxxxxxx/xxxxxx20/12/2020verifiedÉlevé
6XXX.XX.XXX.XXXXxxxxxXxxxxxxx/xxxxxx20/12/2020verifiedÉlevé
7XXX.XXX.XX.XXXXxxxxxXxxxxxxx/xxxxxx20/12/2020verifiedÉlevé
8XXX.XXX.X.XXXxxx.xxx.x.xxx.xxxxx.xxxXxxxxxXxxxxxxx/xxxxxx20/12/2020verifiedMoyen

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (230)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/bin/login.phppredictiveÉlevé
2File/cgi-bin/wapopenpredictiveÉlevé
3File/cgi/cpaddons_feature.plpredictiveÉlevé
4File/data/nvrampredictiveMoyen
5File/forum/away.phppredictiveÉlevé
6File/frontend/x3/cpanelpro/filelist-thumbs.htmlpredictiveÉlevé
7File/fs/cifs/file.cpredictiveÉlevé
8File/goform/loginpredictiveÉlevé
9File/horde/util/go.phppredictiveÉlevé
10File/mib.dbpredictiveFaible
11File/modules/profile/index.phppredictiveÉlevé
12File/OA_HTML/cabo/jsps/a.jsppredictiveÉlevé
13File/out.phppredictiveMoyen
14File/system/site.phppredictiveÉlevé
15Fileadb/adb_client.cpredictiveÉlevé
16Fileadclick.phppredictiveMoyen
17Fileadd_comment.phppredictiveÉlevé
18Fileadelogs.adobe.compredictiveÉlevé
19Fileadmin.phppredictiveMoyen
20Fileadmin/google_search_console/class-gsc-table.phppredictiveÉlevé
21Fileadministrator/components/com_media/helpers/media.phppredictiveÉlevé
22Fileandroid/webkit/SearchBoxImpl.javapredictiveÉlevé
23Fileapp-layer-ssh.cpredictiveÉlevé
24Filearch_init.cpredictiveMoyen
25Fileauthenticate.cpredictiveÉlevé
26Fileawstats.plpredictiveMoyen
27FileBKCLogSvr.exepredictiveÉlevé
28Filexx.xxxpredictiveFaible
29FilexxxxxxpredictiveFaible
30Filexxx_xxxxxxxxx.xxxpredictiveÉlevé
31Filexxxxxxxx.xxxpredictiveMoyen
32Filexxxxxxxxxxxx.xxxpredictiveÉlevé
33Filexxx-xxxx.xxxpredictiveMoyen
34Filexxx-xxxxxxx.xxxxpredictiveÉlevé
35Filexxx-xxx/xxxxx.xxxpredictiveÉlevé
36FilexxxxxxxxpredictiveMoyen
37Filexxxxx.xxxpredictiveMoyen
38Filexxxxxx/xxx.xpredictiveMoyen
39Filexxxxxx/xxxxx/xxxxxxx.xpredictiveÉlevé
40Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
41Filexxxxxxx.xxxpredictiveMoyen
42Filexxxxxxx-xxxxx-xxxxxxxx.xxxpredictiveÉlevé
43Filexxxxxxx/xxxxxx/xxxxxxxxxxxxxxx_xxxx.xxpredictiveÉlevé
44Filexxxxxxxxx.xxxpredictiveÉlevé
45Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
46Filexxxx_xxxxxxx.xxxpredictiveÉlevé
47Filexxxxxx.xxxpredictiveMoyen
48Filexxxxxx-xxxxx.xpredictiveÉlevé
49Filexxxx_xxxxx.xxxpredictiveÉlevé
50Filexxxx/xxxxxxxxxx/xxxxxx-xxxxx.xpredictiveÉlevé
51Filexxxxxxxxxxxxx/predictiveÉlevé
52Filexxxxxxx/xxxxxxxxxxx/xxxxxxxxxpredictiveÉlevé
53Filexxxxxxxx_xxxxxxxx.xxxpredictiveÉlevé
54Filexx/xxx/xxxxx.xpredictiveÉlevé
55Filexxxxxxx.xxxpredictiveMoyen
56Filexxxx_xxxx.xxxpredictiveÉlevé
57Filexxxxxxxxxxxxxxx.xxxpredictiveÉlevé
58Filexxxx.xxxpredictiveMoyen
59Filexxxxxxxx.xxxpredictiveMoyen
60Filexxxxx.xxpredictiveMoyen
61Filexxxxxxxx-xxxx-xxxxxx-xx-xxxxxxx.xxxpredictiveÉlevé
62Filexxx/xxxxxx.xxxpredictiveÉlevé
63Filexxx/xxxxx/xxxx-xxxxxxxx.xxxpredictiveÉlevé
64Filexxxxx.xxxpredictiveMoyen
65Filexxxxxxx-xx.xpredictiveMoyen
66Filexxx.xpredictiveFaible
67Filexxxxxxxxxx/xxxx.xpredictiveÉlevé
68Filexxxxxxxxxx/xxxx.xpredictiveÉlevé
69Filexxxxxxxxxx/xxxx_xxpredictiveÉlevé
70Filexxxxxxxxxxx/xxxxx.xpredictiveÉlevé
71Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveÉlevé
72Filexxxxx.xxxpredictiveMoyen
73Filexxxxx.xxxpredictiveMoyen
74Filexxxx.xxxpredictiveMoyen
75Filexxxxxxxxxx.xpredictiveMoyen
76Filexxxxx/xxxxxxx/xxxxxx_xxxxx_xxxxxxx.xxpredictiveÉlevé
77Filexxxx_xxxxx.xxxxxxxx-xxx.xxxpredictiveÉlevé
78Filexxxxxxxx.xpredictiveMoyen
79Filexxxx.xxxpredictiveMoyen
80Filexxx-xxxxxxxx.xpredictiveÉlevé
81Filexxxxxxx.xxxpredictiveMoyen
82Filexxxxxxx.xxxpredictiveMoyen
83Filexxxxxxx/xxxxxxxxxxxx.xpredictiveÉlevé
84Filexxx_xxx_xxx/xxxxx.xpredictiveÉlevé
85Filexxxxxxxxx.xpredictiveMoyen
86Filexxx/xxxx/xxx_xxxxxx.xpredictiveÉlevé
87Filexxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveÉlevé
88Filexxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveÉlevé
89Filexxxx/xxxxxxxxx.xxxpredictiveÉlevé
90Filexxxxxxxxxx_xxxx.xxxpredictiveÉlevé
91Filexx_xxxx.xxxpredictiveMoyen
92Filexxx.xxxxpredictiveMoyen
93Filexxxxxxx.xxxpredictiveMoyen
94Filexxxxx.xxxpredictiveMoyen
95Filexxxxxxxx.xxxpredictiveMoyen
96Filexxxxxxxxxx.xxxpredictiveÉlevé
97Filexxxxxxxxx/xxx/xxxxxxxxxxxxx.xxxpredictiveÉlevé
98Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveÉlevé
99Filexxxxxx.xxxpredictiveMoyen
100Filexxxxxxxxxx.xxxpredictiveÉlevé
101Filexxxxxxxx.xxxpredictiveMoyen
102Filexxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxxpredictiveÉlevé
103Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
104Filexxxxx_xxxxxx_xxxxxxx.xxxpredictiveÉlevé
105Filexxxxxxxxx.xpredictiveMoyen
106Filexxxxx/xxxx/xxxxx.xpredictiveÉlevé
107Filexxxxxxxxx.xxxpredictiveÉlevé
108Filexx_xxxxxxx.xxxpredictiveÉlevé
109Filexxxxxxxxxxx.xxxpredictiveÉlevé
110Filexxxxxxxx.xxxpredictiveMoyen
111Filexxxx-xxxxx.xxxpredictiveÉlevé
112Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
113Filexxx.xxxpredictiveFaible
114Filexxxxxxxxxxx_xxxxx.xxxpredictiveÉlevé
115Filexxxx/xxxx_xxxx.xpredictiveÉlevé
116Filexxxxxxxxx_xxxx.xpredictiveÉlevé
117Filexxxxxxx.xpredictiveMoyen
118Filexxxxxxx.xxxpredictiveMoyen
119Filexxx.xxxpredictiveFaible
120Filexx-xxxxx/xx/xxxx-xxx.xxpredictiveÉlevé
121Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxpredictiveÉlevé
122Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
123Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveÉlevé
124Filexx-xxxxxxxxxxx.xxxpredictiveÉlevé
125Filexx-xxxxxxxxx.xxxpredictiveÉlevé
126Libraryxxxxxxx\xxx\xxxxxxxx-xxx-x.xxxpredictiveÉlevé
127Libraryxxx/xxxxxx_xxxx.xx)predictiveÉlevé
128Libraryxxx/xxxxxx/xxxxxx_.xpredictiveÉlevé
129Libraryxxx/xxxxxx/xxxxxxxx/xxx.xxxpredictiveÉlevé
130Libraryxxx/xxx.xxpredictiveMoyen
131Libraryxxx/xxxxxxxx/xxxx.xxpredictiveÉlevé
132LibraryxxxxxxpredictiveFaible
133Libraryxxxxxxx/xxxxx/xxx/xxxxxx.xpredictiveÉlevé
134Libraryxxx/xxxxxxxxx/xxx.xpredictiveÉlevé
135Argument$_xxxxxxx['xxxx']predictiveÉlevé
136Argument-xpredictiveFaible
137Argument/../predictiveFaible
138ArgumentxxxxxxxxxxpredictiveMoyen
139ArgumentxxxxxxxxxxxpredictiveMoyen
140ArgumentxxxxxxxxpredictiveMoyen
141ArgumentxxxpredictiveFaible
142ArgumentxxxxxxxxxxpredictiveMoyen
143ArgumentxxxpredictiveFaible
144ArgumentxxxxxxxpredictiveFaible
145ArgumentxxxxxxpredictiveFaible
146ArgumentxxxxpredictiveFaible
147ArgumentxxxpredictiveFaible
148ArgumentxxxxxxxxpredictiveMoyen
149ArgumentxxxxpredictiveFaible
150ArgumentxxxxxxxxxxxxxpredictiveÉlevé
151ArgumentxxxpredictiveFaible
152ArgumentxxxxxxxpredictiveFaible
153ArgumentxxxxxpredictiveFaible
154ArgumentxxxxxxxxxxpredictiveMoyen
155ArgumentxxxxxxxxpredictiveMoyen
156ArgumentxxxxxpredictiveFaible
157ArgumentxxxxxxxpredictiveFaible
158ArgumentxxxxxxxxxpredictiveMoyen
159ArgumentxxxxxxxxpredictiveMoyen
160ArgumentxxxxxxxxxxxxpredictiveMoyen
161ArgumentxxpredictiveFaible
162Argumentxxxxx_xxxx_xxxxxxpredictiveÉlevé
163ArgumentxxxxpredictiveFaible
164ArgumentxxxxpredictiveFaible
165ArgumentxxxxxxpredictiveFaible
166ArgumentxxxxxxpredictiveFaible
167Argumentxxxx/xxx_xxxxxx/xxxxpredictiveÉlevé
168ArgumentxxxxxxxxxxpredictiveMoyen
169ArgumentxxxpredictiveFaible
170ArgumentxxxxxpredictiveFaible
171Argumentxxxx_xxxxxpredictiveMoyen
172Argumentxxx_xxxxxxpredictiveMoyen
173ArgumentxxxxpredictiveFaible
174ArgumentxxxxxxxxpredictiveMoyen
175Argumentxxx-xxx xxxx xxxxxxxxpredictiveÉlevé
176ArgumentxxxxxxxxxpredictiveMoyen
177ArgumentxxxxxxxxpredictiveMoyen
178ArgumentxxxxxxxxxxxpredictiveMoyen
179ArgumentxxxxxxxxxpredictiveMoyen
180Argumentxxx_xxxxpredictiveMoyen
181ArgumentxxxxxxxxpredictiveMoyen
182ArgumentxxxpredictiveFaible
183ArgumentxxxxxpredictiveFaible
184Argumentxxxxxxxxxxxxx xxpredictiveÉlevé
185ArgumentxxxxxxxxpredictiveMoyen
186Argumentxxxxxxxx_xxxpredictiveMoyen
187ArgumentxxxxxxxxxpredictiveMoyen
188ArgumentxxxxxxxpredictiveFaible
189ArgumentxxxxxxpredictiveFaible
190ArgumentxxxxxxpredictiveFaible
191ArgumentxxxxxxxxxxpredictiveMoyen
192Argumentxxxxxx_xxpredictiveMoyen
193Argumentxxxx_xxxpredictiveMoyen
194ArgumentxxxxpredictiveFaible
195ArgumentxxpredictiveFaible
196ArgumentxxxpredictiveFaible
197Argumentxx_xxpredictiveFaible
198ArgumentxxxxxpredictiveFaible
199ArgumentxxxxxxpredictiveFaible
200ArgumentxxxxxxxxxpredictiveMoyen
201ArgumentxxxxxxpredictiveFaible
202Argumentxx_xxpredictiveFaible
203ArgumentxxxxxxxxpredictiveMoyen
204ArgumentxxxxxxxxpredictiveMoyen
205ArgumentxxxxxxpredictiveFaible
206Argumentxxxxxx[]predictiveMoyen
207ArgumentxxxxxxxxxxxxxxxpredictiveÉlevé
208Argumentxxxx=xxxxxxxxpredictiveÉlevé
209Argumentxxxxxx_xxxpredictiveMoyen
210ArgumentxxxpredictiveFaible
211ArgumentxxxpredictiveFaible
212ArgumentxxxxxxxxpredictiveMoyen
213ArgumentxxxxxpredictiveFaible
214Argumentxxx[xxxx_xx]predictiveMoyen
215ArgumentxxxxxxpredictiveFaible
216ArgumentxxxxxxxxxxxpredictiveMoyen
217Argument_xxxxxxxpredictiveMoyen
218Input Value'xx x=xpredictiveFaible
219Input Value);<xxxxxx>xxxxx('xxx')</xxxxxx>predictiveÉlevé
220Input Value..%xxpredictiveFaible
221Input Value../..predictiveFaible
222Input Value/\xxxxxxx.xxxpredictiveÉlevé
223Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveÉlevé
224Input Valuexxxxxxx.xxx_xxx.xxxpredictiveÉlevé
225Input ValuexxxxxxpredictiveFaible
226Input Value\xxx\xxx\xxx\xxx\xxxpredictiveÉlevé
227Network Portxxxxxxxxxxxxxx xxxxxxpredictiveÉlevé
228Network Portxxx/xxxxpredictiveMoyen
229Network Portxxx/xxxx (xxxx) / xxx/xxxx (xxxxx)predictiveÉlevé
230Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!