RATicate Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Langue

en	34
de	10
pl	4
es	2
fr	2

De campagne

us	38
fr	6
se	2
hu	2
gb	2

Acteurs

Ave Maria	1
AsyncRAT	1
Revenge RAT	1
NjRAT	1
Remcos	1

Intérêt

Taper

Not Defined	10
Web Server	6
Operating System	4
Programming Language Software	4
Database Administration Software	2

Fournisseur

Not Defined	14
Microsoft	6
IBM	4
Gempar	2
All Enthusiast Inc	2

Produit

Microsoft Windows	2
Microsoft IIS	2
phpMyAdmin	2
Python	2
Gempar Script Toko Online	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00501	CVE-2004-2175
2	PhotoPost PHP Pro showproduct.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00276	CVE-2004-0250
3	OpenSSH Authentication Username divulgation de l'information	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.12	0.10737	CVE-2016-6210
4	BitTorrent uTorrent Bencoding Parser elévation de privilèges	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00867	CVE-2020-8437
5	MDaemon Webmail cross site scripting	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00070	CVE-2019-8983
6	Synology DiskStation Manager Change Password elévation de privilèges	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00068	CVE-2018-8916
7	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.06	0.00548	CVE-2017-0055
8	Todd Miller sudo sudoedit sudoers elévation de privilèges	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00061	CVE-2015-5602
9	Tim Kosse FileZilla Format String	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04	0.03339	CVE-2007-2318
10	BusyBox Terminal lineedit.c add_match elévation de privilèges	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00522	CVE-2017-16544
11	Microsoft Office Equation Editor buffer overflow	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.91620	CVE-2018-0798
12	Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scripting	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00078	CVE-2020-8245
13	Gallarific PHP Photo Gallery script gallery.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00112	CVE-2011-0519
14	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00100	CVE-2009-0296
15	K5n WebCalendar send_reminders.php elévation de privilèges	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.05603	CVE-2008-2836
16	Microsoft IIS elévation de privilèges	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.02	0.08875	CVE-2010-1256
17	Python urllib.request.AbstractBasicAuthHandler elévation de privilèges	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	0.00837	CVE-2020-8492
18	nginx URI String elévation de privilèges	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.95433	CVE-2013-4547
19	Microsoft Windows Remote Desktop elévation de privilèges	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.04662	CVE-2019-1333
20	Mozilla Firefox/Firefox ESR IFRAME PDF.js elévation de privilèges	8.6	8.2	$25k-$100k	Calculateur	Not Defined	Official Fix	0.00	0.01146	CVE-2013-5598

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	79.134.225.11		RATicate		31/05/2021	verified	Élevé
2	XX.XXX.XXX.XX		Xxxxxxxx		31/05/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1059	CWE-94	Argument Injection	predictive	Élevé
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/etc/sudoers	predictive	Moyen
2	File	/uncpath/	predictive	Moyen
3	File	cat.php	predictive	Faible
4	File	xxxxxx.xxx	predictive	Moyen
5	File	xxxxxxxxxxx/xxxxx.xxx	predictive	Élevé
6	File	xxxxxxx.xxx	predictive	Moyen
7	File	xxxxx/xxxxxxxx.x	predictive	Élevé
8	File	xxx.xx	predictive	Faible
9	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Élevé
10	File	xxxx_xxxxxxxxx.xxx	predictive	Élevé
11	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Élevé
12	File	xxxxxxxxxxx.xxx	predictive	Élevé
13	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	Élevé
14	Argument	xxx	predictive	Faible
15	Argument	xxxxx	predictive	Faible
16	Argument	xxx_xx	predictive	Faible
17	Argument	xxxxxxxx	predictive	Moyen
18	Argument	xx	predictive	Faible
19	Argument	xxxx_xx	predictive	Faible
20	Argument	xxxxx	predictive	Faible
21	Argument	xxxxxxxx	predictive	Moyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you need the next level of professionalism?

Upgrade your account now!