DetaRAT Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Linguaggio

en	52
de	18
ru	2

Nazione

us	32
de	16
ca	2

Attori

ActionRAT	1
Venom RAT	1
Cobalt Strike	1

Interesse

Genere

Not Defined	26
Packet Analyzer Software	4
Virtualization Software	4
Content Management System	4
Programming Language Software	2

Fornitore

Not Defined	16
Linux Foundation	4
Michael Salzer	2
Vlad Alexa Mancini	2
Powerscripts	2

Prodotto

tcpdump	4
Linux Foundation Xen	4
Joplin	2
PHP	2
Michael Salzer Guestbox	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Tiki Admin Password tiki-login.php autenticazione debole	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.28	CVE-2020-15906
3	Joomla CMS com_easyblog sql injection	6.3	6.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.35
4	DZCP deV!L`z Clanportal config.php escalazione di privilegi	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.71	CVE-2010-0966
5	Michael Salzer Guestbox gbshow.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04283	0.02	CVE-2006-0860
6	Vunet VU Web Visitor Analyst redir.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Workaround	0.00119	0.19	CVE-2010-2338
7	DolphinPHP User Management Page cross site scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00053	0.07	CVE-2022-1086
8	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.25
9	vu Mass Mailer Login Page redir.asp sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00181	0.07	CVE-2007-6138
10	Mozilla Firefox/Thunderbird SetOffsets denial of service	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.09052	0.00	CVE-2013-1677
11	IBM InfoSphere Master Data Management cross site scripting	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00063	0.00	CVE-2015-1968
12	IBM Rational Collaborative Lifecycle Management Jazz Foundation cross site scripting	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00063	0.00	CVE-2015-0130
13	McAfee ePolicy Orchestrator cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00192	0.02	CVE-2015-4559
14	Moodle configonlylib.php min_get_slash_argument directory traversal	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00177	0.02	CVE-2015-1493
15	WordPress Shortcodes/Post Content escalazione di privilegi	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.13008	0.00	CVE-2013-0235
16	Moodle Contacts/Messages rivelazione di un 'informazione	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00124	0.04	CVE-2015-2266
17	Moodle mdeploy.php escalazione di privilegi	6.3	5.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00112	0.00	CVE-2015-2267
18	Moodle Regular Expression denial of service	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00282	0.00	CVE-2015-2268
19	Adobe Flash Player buffer overflow	10.0	8.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.03041	0.00	CVE-2015-0342
20	WhatsApp Messenger Profile Image rivelazione di un 'informazione	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.02

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	173.212.224.110	vmi587275.contaboserver.net	DetaRAT		07/09/2021	verified	Alto
2	XXX.XXX.XX.XXX	xxxxxxxxx.xxxxxxxxxxxxx.xxx	Xxxxxxx		07/09/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/forum/away.php	predictive	Alto
2	File	/wordpress/wp-admin/admin.php	predictive	Alto
3	File	admin/index.php	predictive	Alto
4	File	data/gbconfiguration.dat	predictive	Alto
5	File	filter.php	predictive	Media
6	File	xxxxxx.xxx	predictive	Media
7	File	xxx/xxxxxx.xxx	predictive	Alto
8	File	xxx/xxxx/xxx.x/xxxx_xxxxxx.x	predictive	Alto
9	File	xxxxx.xxx	predictive	Media
10	File	xxxxxxx.xxx	predictive	Media
11	File	xxxxxxxxx/xxxx-xxxx	predictive	Alto
12	File	xxxx.xxx	predictive	Media
13	File	xxxxx/xxxxxxx/	predictive	Alto
14	File	xxxxxx.xxx	predictive	Media
15	File	xxxxx.xxx	predictive	Media
16	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
17	File	xxxxx.xxx	predictive	Media
18	File	xxxx-xxxxx.xxx	predictive	Alto
19	Library	xxx/xxxxxxxxxxxxx.xxx	predictive	Alto
20	Argument	xxxxxxxx	predictive	Media
21	Argument	xxxxxxx	predictive	Basso
22	Argument	xxxx	predictive	Basso
23	Argument	xxxxxxxx	predictive	Media
24	Argument	xx	predictive	Basso
25	Argument	xxxxxxxxxx	predictive	Media
26	Argument	xxxxxx	predictive	Basso
27	Argument	xxxxxxxx	predictive	Media
28	Argument	xxxxxxx_xx	predictive	Media
29	Argument	xxxxxxx	predictive	Basso
30	Argument	xxxx	predictive	Basso
31	Argument	xxxxx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!