Magic Hound Analisi
IOB - Indicator of Behavior (593)
Attività
Interesse
Vulnerabilità
Campagne (3)
These are the campaigns that can be associated with the actor:
- PupyRAT
- Xxxxxx Xxxxxx
- Xxxxxxx Xxxx
IOC - Indicator of Compromise (102)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (24)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (231)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
| ID | Classe | Indicator | Genere | Fiducia |
|---|---|---|---|---|
| 1 | File | .htaccess | predictive | Media |
| 2 | File | /admin.php | predictive | Media |
| 3 | File | /admin/book/create/ | predictive | Alto |
| 4 | File | /admin/curriculum/view_curriculum.php | predictive | Alto |
| 5 | File | /admin/departments/view_department.php | predictive | Alto |
| 6 | File | /Admin/login.php | predictive | Alto |
| 7 | File | /admin/loginc.php | predictive | Alto |
| 8 | File | /admin/students/manage.php | predictive | Alto |
| 9 | File | /admin/user/manage_user.php | predictive | Alto |
| 10 | File | /auditLogAction.do | predictive | Alto |
| 11 | File | /cgi-bin/wapopen | predictive | Alto |
| 12 | File | /devices/acurite.c | predictive | Alto |
| 13 | File | /DocSystem/Repos/getReposAllUsers.do | predictive | Alto |
| 14 | File | /etc/ajenti/config.yml | predictive | Alto |
| 15 | File | /event/admin/?page=user/list | predictive | Alto |
| 16 | File | /example/editor | predictive | Alto |
| 17 | File | /foms/place-order.php | predictive | Alto |
| 18 | File | /getcfg.php | predictive | Media |
| 19 | File | /GetCSSashx/?CP=%2fwebconfig | predictive | Alto |
| 20 | File | /goform/login_process | predictive | Alto |
| 21 | File | /goform/rlmswitchr_process | predictive | Alto |
| 22 | File | /goforms/rlminfo | predictive | Alto |
| 23 | File | /newsDia.php | predictive | Media |
| 24 | File | /plugin | predictive | Basso |
| 25 | File | /pms/index.php | predictive | Alto |
| 26 | File | /rating.php | predictive | Media |
| 27 | File | /reviewer/system/system/admins/manage/users/user-update.php | predictive | Alto |
| 28 | File | /scas/admin/ | predictive | Media |
| 29 | File | /xxxx/xxxxxxx/xxxxx.xxx?x=xxxx_xxxx | predictive | Alto |
| 30 | File | /xxxxxxxx/xxxxx.xxx | predictive | Alto |
| 31 | File | /xxx/xxx_xxxxxx.x | predictive | Alto |
| 32 | File | /xxxxxxx/ | predictive | Media |
| 33 | File | /xxxxxxxxx-xxxxxxx-xxxxxxxxxxxxxx/xxxxxxx.xxx | predictive | Alto |
| 34 | File | xxxxxx-xxxxxxx.xxx | predictive | Alto |
| 35 | File | xxxxxxx.xxx | predictive | Media |
| 36 | File | xxx_xx_xxxx.xxx | predictive | Alto |
| 37 | File | xxxxx.xxx | predictive | Media |
| 38 | File | xxxxx/xxxxxx/xxxxxxx.xxx | predictive | Alto |
| 39 | File | xxxxx/xxxxx.xxx | predictive | Alto |
| 40 | File | xxxxx/xxxxxx.xxx | predictive | Alto |
| 41 | File | xxxxx_xxxxxxx.xxx | predictive | Alto |
| 42 | File | xx_xxxxxx.xxx | predictive | Alto |
| 43 | File | xxxxx/xxxxxxxx/xx-xxx/xx_xxxxxxx.x | predictive | Alto |
| 44 | File | xxxx_xxxxxxx.xxx | predictive | Alto |
| 45 | File | xxx/xxxxx/xxxx/xxxx | predictive | Alto |
| 46 | File | xxxxxxxxxxxxxxx.xxxx | predictive | Alto |
| 47 | File | xxxx-xxxxxx.x | predictive | Alto |
| 48 | File | xxxxxxxxx.xxx | predictive | Alto |
| 49 | File | xxxxxxx.xx | predictive | Media |
| 50 | File | xxxxx.xxx | predictive | Media |
| 51 | File | xxxxxxxx.xxx | predictive | Media |
| 52 | File | xxx-xxx/xxxxxx | predictive | Alto |
| 53 | File | xxx.xx | predictive | Basso |
| 54 | File | xxxxxx/xxx.x | predictive | Media |
| 55 | File | xxxxxx/xxxxxxx/xxxxxxxxxx_xxxxxxxx.xxx | predictive | Alto |
| 56 | File | xxx?xxx=xxxxx | predictive | Alto |
| 57 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 58 | File | xxxx/xxxxxxxx.xxxx.xxxxxxx.xxx | predictive | Alto |
| 59 | File | xxxxxx.xxx | predictive | Media |
| 60 | File | xxxxxxxxxx_xxxxxx.xxx | predictive | Alto |
| 61 | File | xxxxx/xxxx/xxxxxxxx | predictive | Alto |
| 62 | File | xxxxxxx/xxx/xxx-xxx.x | predictive | Alto |
| 63 | File | xxxxxxx/xxxxxxxxxx/xxx/xxxx/xxxx-xxx.x | predictive | Alto |
| 64 | File | xxxxxxx/xxx/xxxx/xxxxx.x | predictive | Alto |
| 65 | File | xxxxxxxxxx.xxxx | predictive | Alto |
| 66 | File | xxxxx.xxx | predictive | Media |
| 67 | File | xxxxxxxx.x | predictive | Media |
| 68 | File | xxxx.xxx | predictive | Media |
| 69 | File | xxxxx.xxx | predictive | Media |
| 70 | File | xxxxxxx.xxx | predictive | Media |
| 71 | File | xxxx.xxx | predictive | Media |
| 72 | File | xxxxxxx-xxxxxx/xxxxxxxx/xxxxx/xxxx/xxxxxx_xxxx.xxx | predictive | Alto |
| 73 | File | xxx_xxxx.xxx | predictive | Media |
| 74 | File | xxxxxxxxx.xxx | predictive | Alto |
| 75 | File | xxxxxxxxxxxxxxxxxxxx.xxxx | predictive | Alto |
| 76 | File | xxxxxxxxxxxx.xxx | predictive | Alto |
| 77 | File | xxx/xxxxxx.xxx | predictive | Alto |
| 78 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | Alto |
| 79 | File | xxxxxxx/xxxxxxxxx.xxx | predictive | Alto |
| 80 | File | xxxxx.xxx | predictive | Media |
| 81 | File | xxxxx.xxx | predictive | Media |
| 82 | File | xxxxx.xxx/xxxxxxxxxx/xxx_xxxxxxxx | predictive | Alto |
| 83 | File | xxxx_xxxx.xxx | predictive | Alto |
| 84 | File | xxxxx.xxx.xxx.xx | predictive | Alto |
| 85 | File | xxxxxxxx/xxx/xxxxxx.x | predictive | Alto |
| 86 | File | xxxxxxxx/xxx/xxxxx.x | predictive | Alto |
| 87 | File | xxxxxx.xxx | predictive | Media |
| 88 | File | xxxx-xxxxxxxx.xxx | predictive | Alto |
| 89 | File | xxxxx.xxx | predictive | Media |
| 90 | File | xxxxx.xxx | predictive | Media |
| 91 | File | xxxxx.xxx | predictive | Media |
| 92 | File | xxxxx_xxx.xxx | predictive | Alto |
| 93 | File | xxxxx_xx.xxxx | predictive | Alto |
| 94 | File | xx-xxxxx/xxxx-xxxx.xxx | predictive | Alto |
| 95 | File | xxx_xxxxx.x | predictive | Media |
| 96 | File | xxxxxxx.xxx | predictive | Media |
| 97 | File | xxx/xxxxxxxxx/xxxxx_xxxx.x | predictive | Alto |
| 98 | File | xxxx_xxxxxx.xxx | predictive | Alto |
| 99 | File | xxx/xxxxx.xxxx | predictive | Alto |
| 100 | File | xxxx.xxx | predictive | Media |
| 101 | File | xxxxxxxx.xxx | predictive | Media |
| 102 | File | xxxxxxxx_xxxxxxxx.xxx | predictive | Alto |
| 103 | File | xxxxxxx.xxx | predictive | Media |
| 104 | File | xxxxxx_xxxxxxxxxx_xxxxx.xxx | predictive | Alto |
| 105 | File | xxxx.xxx | predictive | Media |
| 106 | File | xxxxxxx.xxx | predictive | Media |
| 107 | File | xxxxxx.xxx | predictive | Media |
| 108 | File | xxxxxxxxxx.xxx | predictive | Alto |
| 109 | File | xxxxxxxx.xxx | predictive | Media |
| 110 | File | xxx_xxxx_xxxxxxxxx.xx | predictive | Alto |
| 111 | File | xxxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 112 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | Alto |
| 113 | File | xxxxx.xxx | predictive | Media |
| 114 | File | xxxx.xxx | predictive | Media |
| 115 | File | xxx/xxxxxxx.x | predictive | Alto |
| 116 | File | xxx/xxxx/xxx/xxxx.x | predictive | Alto |
| 117 | File | xxx_xxxxx.x | predictive | Media |
| 118 | File | xxxxxx_xxxxxxx.xxx | predictive | Alto |
| 119 | File | xxxxx-xxxxxxxxxxxx.xxx | predictive | Alto |
| 120 | File | xxxxxx.xxx | predictive | Media |
| 121 | File | xxxx/xxx-xxx.xxx | predictive | Alto |
| 122 | File | xxxxx/xxxxxx.xxx | predictive | Alto |
| 123 | File | xxx.xxx | predictive | Basso |
| 124 | File | xxxxxx | predictive | Basso |
| 125 | File | xx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxx | predictive | Alto |
| 126 | File | xx-xxxxx/xxxxx-xxxxxx.xxx | predictive | Alto |
| 127 | File | xx-xxxxxxxx/xx/xxxxxxxxxxxx | predictive | Alto |
| 128 | File | xx-xxxxx.xxx | predictive | Media |
| 129 | File | xx-xxxxxxxxxxx.xxx | predictive | Alto |
| 130 | File | xxxxxx.xxx | predictive | Media |
| 131 | File | \xxxxx\xxxxxxxxxx\xxxxxxxx.xxx | predictive | Alto |
| 132 | File | \xxxxxxx\xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | Alto |
| 133 | File | \xxxx\xxxxxxxxxx\xxxx.xxx | predictive | Alto |
| 134 | File | _xxxxxx.xxx | predictive | Media |
| 135 | Library | /_xxx_xxx/xxxxx.xxx | predictive | Alto |
| 136 | Library | xxx/xx_xxx.x | predictive | Media |
| 137 | Library | xxxxxxxx/xxxxxxx/xxxxx/xxx.xxx | predictive | Alto |
| 138 | Argument | $_xxxxxxx['xxxxxxx']['xxxx'] | predictive | Alto |
| 139 | Argument | xxx_xxxx | predictive | Media |
| 140 | Argument | xxxxxx/xxxxxx | predictive | Alto |
| 141 | Argument | xxxxxxxx | predictive | Media |
| 142 | Argument | xxxxxx | predictive | Basso |
| 143 | Argument | xxx_xxx | predictive | Basso |
| 144 | Argument | xxx | predictive | Basso |
| 145 | Argument | xxx_xx | predictive | Basso |
| 146 | Argument | xxx | predictive | Basso |
| 147 | Argument | xxx | predictive | Basso |
| 148 | Argument | xxxx_xx | predictive | Basso |
| 149 | Argument | xxxxxxxxxxxxxxx | predictive | Alto |
| 150 | Argument | xxxxxx | predictive | Basso |
| 151 | Argument | xxxx | predictive | Basso |
| 152 | Argument | xxx | predictive | Basso |
| 153 | Argument | xxxx | predictive | Basso |
| 154 | Argument | xxxxxx/xxxxxx | predictive | Alto |
| 155 | Argument | xxxx | predictive | Basso |
| 156 | Argument | xxxxxxxxxx | predictive | Media |
| 157 | Argument | xxxxxx | predictive | Basso |
| 158 | Argument | xxxxx xxxx/xxxx xxxx | predictive | Alto |
| 159 | Argument | x/xx/x/xxxx_xxxxxxxx_xxxxxx/xxxx_xxxxxx | predictive | Alto |
| 160 | Argument | xxxxx/xxxxxxxxxxxxxx | predictive | Alto |
| 161 | Argument | xxxx | predictive | Basso |
| 162 | Argument | xxxx | predictive | Basso |
| 163 | Argument | xxxxxxxxxx | predictive | Media |
| 164 | Argument | xxxx | predictive | Basso |
| 165 | Argument | xxxx/xxxxxxx | predictive | Media |
| 166 | Argument | xxxx | predictive | Basso |
| 167 | Argument | xx | predictive | Basso |
| 168 | Argument | xxxxxxxx | predictive | Media |
| 169 | Argument | xxxxxxx | predictive | Basso |
| 170 | Argument | xxxx_xx | predictive | Basso |
| 171 | Argument | xxxx | predictive | Basso |
| 172 | Argument | xxx | predictive | Basso |
| 173 | Argument | xxx_xxxx | predictive | Media |
| 174 | Argument | xxx | predictive | Basso |
| 175 | Argument | xxxxxx_xxxx_xxxx | predictive | Alto |
| 176 | Argument | xxxxxx_xx | predictive | Media |
| 177 | Argument | xxxx | predictive | Basso |
| 178 | Argument | xxxxxxx | predictive | Basso |
| 179 | Argument | xxxxxxx | predictive | Basso |
| 180 | Argument | xxxxxxx/xxxx/xxxxxxxx | predictive | Alto |
| 181 | Argument | xxxxx/xxxxxxx | predictive | Alto |
| 182 | Argument | xxxxxx | predictive | Basso |
| 183 | Argument | xxxx | predictive | Basso |
| 184 | Argument | xxxx | predictive | Basso |
| 185 | Argument | xxxxxxxx | predictive | Media |
| 186 | Argument | xxxx | predictive | Basso |
| 187 | Argument | xxxx_xxxx | predictive | Media |
| 188 | Argument | xxxx_xx | predictive | Basso |
| 189 | Argument | xxxxxxx_xx | predictive | Media |
| 190 | Argument | xxxxxxx_xxxx | predictive | Media |
| 191 | Argument | xxxxxx | predictive | Basso |
| 192 | Argument | xxxxxxxx | predictive | Media |
| 193 | Argument | xxxxxxx | predictive | Basso |
| 194 | Argument | xxxxxxxxxx | predictive | Media |
| 195 | Argument | xxxxxx | predictive | Basso |
| 196 | Argument | xxxxxx | predictive | Basso |
| 197 | Argument | xxxxxx/xxxxxx_xxxxxx | predictive | Alto |
| 198 | Argument | xxxxxxxxxx/xxxxxxx | predictive | Alto |
| 199 | Argument | xxxxxxxx | predictive | Media |
| 200 | Argument | xxxxxxxx[xxxx xxxxxxx][xxxxxxxxxxxxxxxxxx] | predictive | Alto |
| 201 | Argument | xxxx | predictive | Basso |
| 202 | Argument | xxx | predictive | Basso |
| 203 | Argument | xxxxxxxxx | predictive | Media |
| 204 | Argument | xxxxxxxxxxxx/xxxxxxxxxxxxxxxx | predictive | Alto |
| 205 | Argument | xxxxxxxx | predictive | Media |
| 206 | Argument | xxxxx | predictive | Basso |
| 207 | Argument | xxxxxxxxxxx | predictive | Media |
| 208 | Argument | xxxxx | predictive | Basso |
| 209 | Argument | xxx | predictive | Basso |
| 210 | Argument | xxx | predictive | Basso |
| 211 | Argument | xxxx/xxxx | predictive | Media |
| 212 | Argument | xxxxxxxx | predictive | Media |
| 213 | Argument | xxxx_xx | predictive | Basso |
| 214 | Argument | xxxx_xxxx | predictive | Media |
| 215 | Argument | xxxxx | predictive | Basso |
| 216 | Argument | \xxx\ | predictive | Basso |
| 217 | Argument | \xxxxxx\ | predictive | Media |
| 218 | Argument | _xxxxx | predictive | Basso |
| 219 | Input Value | %xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xx | predictive | Alto |
| 220 | Input Value | ../ | predictive | Basso |
| 221 | Input Value | ../.. | predictive | Basso |
| 222 | Input Value | .xxx | predictive | Basso |
| 223 | Input Value | xx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) -- | predictive | Alto |
| 224 | Input Value | ::$xxxxx_xxxxxxxxxx | predictive | Alto |
| 225 | Input Value | xxxxx' xx 'x'='x | predictive | Alto |
| 226 | Input Value | xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx | predictive | Alto |
| 227 | Input Value | xxxxxxxxx' xxx 'x'='x | predictive | Alto |
| 228 | Input Value | \x | predictive | Basso |
| 229 | Pattern | |xx xx xx| | predictive | Media |
| 230 | Network Port | xxx/xxx (xxx) | predictive | Alto |
| 231 | Network Port | xxx xxxxxx xxxx | predictive | Alto |
Referenze (6)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxx%xxxxxxx
- xxxxx://xxxxxx.xxxxxxxxxxxxxxxx.xxx/xxxxxx-xxxxx-xxxxx-xxxxxxxx-xxxxxxx-xxxxx-xxxxxxx/
- xxxxx://xxx.xxxxxxx.xxx/xxxxxxx/xxx/xxxxxxx-xxx/xxxxxx/xx/xxxxxxx-xxxxxxx/xxxx/xxx-xxxxxxxxx-xxxxxxx-xxxx.xxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxx/xxxxxxx-xxxxxxx-xxxxx-xxxxxx-xxxxxxx-xxxxxxxxxxxxx
- xxxxx://xxx.xxxxxxxxxxx.xxx/xxxxxx.xxx?x=xxxxxxx-xxxxxxxxx-xxxxxxx-xxxx.xxx&x=xxxx