Rakos Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (397)

Sequenza temporale

Linguaggio

en306
ru40
de8
zh8
es8

Nazione

us218
ru82
pl12
me10
cn8

Attori

Rakos10
Locky6
Cobalt Strike5
TrickBot4
Mirai3

Attività

Interesse

Sequenza temporale

Genere

Not Defined162
Content Management System14
Operating System12
WordPress Plugin10
Firewall Software10

Fornitore

Not Defined118
Cisco12
Microsoft10
Apache8
SourceCodester8

Prodotto

Linux Kernel6
WordPress6
AT&T U-verse6
phpMyAdmin4
Customer Reviews for WooCommerce Plugin4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.07CVE-2010-0966
3Zyxel NAS326/NAS542 Web Server escalazione di privilegi9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000680.04CVE-2023-4473
4nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.76CVE-2020-12440
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.15CVE-2017-0055
6DZCP deV!L`z Clanportal browser.php rivelazione di un 'informazione5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.21CVE-2007-1167
7MikroTik RouterOS Winbox/HTTP Interface escalazione di privilegi7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.05CVE-2023-30799
8Laravel Framework Token Encrypter.php decrypt escalazione di privilegi6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.624180.03CVE-2018-15133
9Linux Kernel fbcon vt.c KD_FONT_OP_COPY rivelazione di un 'informazione5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-28974
10Devilz Clanportal File Upload vulnerabilità sconosciuta5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.06CVE-2006-6338
11Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.00CVE-2006-3347
12Microsoft IIS IP/Domain Restriction escalazione di privilegi6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.29CVE-2014-4078
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
14SourceCodester Petrol Pump Management Software product.php escalazione di privilegi4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2058
15CKFinder File Name escalazione di privilegi7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
16Elementor Plugin escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.15CVE-2024-24934
17guzzlehttp psr7 Header Parser escalazione di privilegi6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.01CVE-2022-24775
18DrayTek Vigor 2960 Web Management Interface mainfunction.cgi escalazione di privilegi7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.00CVE-2023-1162
19BeCustom Plugin cross site request forgery6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001220.04CVE-2022-3747
20Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.894280.10CVE-2023-20198

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.34.180.64vds-merkyl-88517.itldc-customer.netRakos31/05/2021verifiedAlto
25.34.183.231vds-454576.hosted-by-itldc.comRakos31/05/2021verifiedAlto
346.8.44.55Rakos31/05/2021verifiedAlto
4XXX.XX.XX.XXxxx.xxxxxxx.xxxXxxxx31/05/2021verifiedAlto
5XXX.XX.XX.XXxxxxxxx-xxxxxx.xxxxxx-xx.xxxxx.xxxXxxxx31/05/2021verifiedAlto
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxx-xxxXxxxx31/05/2021verifiedAlto
7XXX.XX.XXX.XXXxxxxx-xxxxxxxxxxxxxxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx31/05/2021verifiedAlto
8XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxx31/05/2021verifiedAlto
9XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxx31/05/2021verifiedAlto
10XXX.XX.XXX.XXxxxxxxx.xxxXxxxx31/05/2021verifiedAlto
11XXX.XX.XXX.XXxx.xxxxx-xxxxxxxx.xxxXxxxx31/05/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22, CWE-23Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
19TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (208)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File//proc/kcorepredictiveMedia
2File/addWhiteListDomain.imsspredictiveAlto
3File/admin/app/product.phppredictiveAlto
4File/anony/mjpg.cgipredictiveAlto
5File/cgi-bin/wlogin.cgipredictiveAlto
6File/cobbler-apipredictiveMedia
7File/customer_support/index.phppredictiveAlto
8File/forum/away.phppredictiveAlto
9File/inc/parser/xhtml.phppredictiveAlto
10File/include/makecvs.phppredictiveAlto
11File/index.phppredictiveMedia
12File/login/index.phppredictiveAlto
13File/preview.phppredictiveMedia
14File/protocol/index.phppredictiveAlto
15File/requests.phppredictiveAlto
16File/search-result.phppredictiveAlto
17File/secret_coder.sqlpredictiveAlto
18File/shop.phppredictiveMedia
19File/uncpath/predictiveMedia
20File/view_order.phppredictiveAlto
21File/wp-admin/admin.php?page=wp_file_manager_propertiespredictiveAlto
22Fileadd.phppredictiveBasso
23Fileadminer.phppredictiveMedia
24Fileadm_config_report.phppredictiveAlto
25Filexxxxx.xxxpredictiveMedia
26Filexxx/xx-xxxxx-xxxxxxx/xxx-xx-xxxxx-xxxxxxx.xxxpredictiveAlto
27Filexxxx-xxxx.xpredictiveMedia
28Filexxx.xxxpredictiveBasso
29Filexxxxx.xxxxxxxxx.xxxpredictiveAlto
30Filexxxxxxxxxx.xxxpredictiveAlto
31Filexxxxxxxxx.xxxpredictiveAlto
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
33Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveAlto
34Filexxxxxx/xx/xx_xxxxx.xpredictiveAlto
35Filexxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:xpredictiveAlto
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
37Filexxxxxxx.xxxpredictiveMedia
38Filexxxxxx.xxxpredictiveMedia
39Filexxxx_xxxx.xxxpredictiveAlto
40Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictiveAlto
41Filexxxxxxx/xxx/xx/xx.xpredictiveAlto
42Filexxxxxxxxxxxx.xxxpredictiveAlto
43Filexxxx.xxxpredictiveMedia
44Filexxxxx.xxxpredictiveMedia
45Filexxxxxxxx_xxx_xxx_xxxx.xxxpredictiveAlto
46Filexxxxxx.xxxpredictiveMedia
47Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
48Filexxxxxxxxxxxx.xxxpredictiveAlto
49Filexxxxxxxxxx.xxxpredictiveAlto
50Filexxxxxxxxx.xxxpredictiveAlto
51Filexxxx.xxxpredictiveMedia
52Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveAlto
53Filexx_xxxxxxx.xpredictiveMedia
54Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
55Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
56Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveAlto
57Filexxxxxxxxxx.xx/xxx-xxxxx.xxxpredictiveAlto
58Filexxx/xxxxxx.xxxpredictiveAlto
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
60Filexxxxx.xxxpredictiveMedia
61Filexx.xxxpredictiveBasso
62Filexxxxxx.xpredictiveMedia
63Filexxxx.xxxpredictiveMedia
64Filexx.xxxpredictiveBasso
65Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveAlto
66Filexxxxx_xx.xxxxpredictiveAlto
67Filexxxxxx.xxxpredictiveMedia
68Filexxxxxxxxxxxxx.xxxpredictiveAlto
69Filexxxxxxxxxxxx.xxxpredictiveAlto
70Filexxxxxxxx_xxxxxxx.xxxpredictiveAlto
71Filexxxx.xxxpredictiveMedia
72Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveAlto
73Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxxx.xxxpredictiveAlto
74Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictiveAlto
75Filexxxxxxxxxx_xxxxxxx.xxxpredictiveAlto
76Filexxxxxxx-xxxxx.xxpredictiveAlto
77Filexxxxx_xxxxxxxx.xxxpredictiveAlto
78Filexxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
79Filexxxxx.xxxpredictiveMedia
80Filexxxxxxx.xxxpredictiveMedia
81Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveAlto
82Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveAlto
83Filexxxx.xxxpredictiveMedia
84Filexxxxxxx/xxxxxx.xxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveAlto
85Filexxxxx.xxxpredictiveMedia
86Filexxxxx-xxxx.xxxpredictiveAlto
87Filexxxxxxx.xxxpredictiveMedia
88Filexxxxxxxx.xxxpredictiveMedia
89Filexxxxxxx_xxxx.xxxpredictiveAlto
90Filexxxxxxx.xxxpredictiveMedia
91Filexxxxx.xxxpredictiveMedia
92Filexxxxxxxx.xxxpredictiveMedia
93Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveAlto
94Filexxxx.xxpredictiveBasso
95Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveAlto
96Filexxxxxxxxxxxxxxxx.xxpredictiveAlto
97Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveAlto
98Filexxx/xxxxxx_xxx.xxxpredictiveAlto
99Filexxxxxxxxxxxx.xxxpredictiveAlto
100Filexxxxx.xpredictiveBasso
101Filexxxxxxxxxxx.xxxpredictiveAlto
102Filexxxxxxxx/xxxxxxxxpredictiveAlto
103Filexxxxxxxx.xxxpredictiveMedia
104Filexxxxxxxxxx.xxxpredictiveAlto
105Filexxxxxxx.xxxpredictiveMedia
106Filexx_xxxxxxxx.xxxpredictiveAlto
107Filexxxxx.xxxpredictiveMedia
108Filexxxxxxxx.xxxpredictiveMedia
109Filexx-xxxxx/xxxxxxx.xxxpredictiveAlto
110Filexx-xxxxxx.xxxpredictiveAlto
111Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
112Filexx-xxxxxxxx/xxxx.xxxpredictiveAlto
113Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
114Filexx-xxxxxxxx.xxxpredictiveAlto
115File~/xxxxxxxxx/predictiveMedia
116Libraryxxxxxxx.xxxpredictiveMedia
117Libraryxxxxxxxxxxxx.xxxpredictiveAlto
118Libraryxxxx.xxx.xxxpredictiveMedia
119Libraryxxxxxx.xxxpredictiveMedia
120Libraryxxxxxxxxxxx.xxxpredictiveAlto
121Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictiveAlto
122Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveAlto
123Libraryxxx/xx_xxx.xpredictiveMedia
124Libraryxxxxxxxx.xpredictiveMedia
125Argumentxx/xxpredictiveBasso
126Argumentxx_xxxxx_xxx_xxxxpredictiveAlto
127ArgumentxxxxxxpredictiveBasso
128ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
129ArgumentxxxxxxxxpredictiveMedia
130ArgumentxxxpredictiveBasso
131Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveAlto
132Argumentxxxxxx[xxxx]predictiveMedia
133Argumentxxxxxxxxxxx(xxxxxx)predictiveAlto
134Argumentxxxx/xxxxxx/xxxpredictiveAlto
135ArgumentxxxxxxpredictiveBasso
136Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictiveAlto
137Argumentxxxxx xxxxxpredictiveMedia
138ArgumentxxxxxpredictiveBasso
139ArgumentxxxxpredictiveBasso
140ArgumentxxxxxxxxpredictiveMedia
141Argumentxxxxxx_xxxxxx_xxpredictiveAlto
142Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxx/xxxxxxxpredictiveAlto
143Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxpredictiveAlto
144ArgumentxxxxxxxxxxxxpredictiveMedia
145Argumentxxxxxxxxxxxxxx($xxx)predictiveAlto
146Argumentxxxxx_xxpredictiveMedia
147Argumentxxx_xxxxpredictiveMedia
148ArgumentxxxxpredictiveBasso
149Argumentxxxx xxxxxxxpredictiveMedia
150Argumentxxxx_xxxxpredictiveMedia
151ArgumentxxxxpredictiveBasso
152ArgumentxxxxpredictiveBasso
153ArgumentxxpredictiveBasso
154ArgumentxxpredictiveBasso
155ArgumentxxxxxpredictiveBasso
156ArgumentxxxxxpredictiveBasso
157ArgumentxxxxxxpredictiveBasso
158ArgumentxxxxpredictiveBasso
159ArgumentxxxxxxpredictiveBasso
160ArgumentxxxxpredictiveBasso
161ArgumentxxxxxxpredictiveBasso
162Argumentxxxxx[xxxxx][xx]predictiveAlto
163ArgumentxxxxxpredictiveBasso
164Argumentxx/xx/xx/xx/xpredictiveAlto
165ArgumentxxxxpredictiveBasso
166ArgumentxxxxxxxxpredictiveMedia
167Argumentxxxx_xxxxpredictiveMedia
168ArgumentxxxxxxpredictiveBasso
169ArgumentxxxxpredictiveBasso
170Argumentxxxx_xxxxpredictiveMedia
171ArgumentxxxxxxxxpredictiveMedia
172ArgumentxxxxxxpredictiveBasso
173ArgumentxxxxpredictiveBasso
174ArgumentxxxxxxxxpredictiveMedia
175ArgumentxxxxxpredictiveBasso
176Argumentxxxxxxx_xxpredictiveMedia
177Argumentxxxxxxx_xxxxxpredictiveAlto
178ArgumentxxxpredictiveBasso
179Argumentxxx=xxxxpredictiveMedia
180ArgumentxxxxxxxxpredictiveMedia
181Argumentxxxxxx_xxxxpredictiveMedia
182ArgumentxxxxxxxxxxpredictiveMedia
183ArgumentxxxxxxpredictiveBasso
184Argumentxxxxxxxx/xxxxxxxxxpredictiveAlto
185ArgumentxxxxxxpredictiveBasso
186Argumentxxxxxxxx_xxxxpredictiveAlto
187Argumentxxxxxxxxxx_xxxxpredictiveAlto
188ArgumentxxxpredictiveBasso
189ArgumentxxxpredictiveBasso
190Argumentxxxx-xxxxxpredictiveMedia
191ArgumentxxxxxxxxxpredictiveMedia
192Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
193Argumentxxxxxxxx:xxxxxxxxpredictiveAlto
194Argumentxxxx_xxxxxpredictiveMedia
195ArgumentxxxxpredictiveBasso
196Argumentx-xxxx-xxxxxpredictiveMedia
197Argumentxxxxx_xxxxxxxxxx_xxxxxpredictiveAlto
198Input Value../predictiveBasso
199Input Value>><xxx/xxx/xxxxxxx=xxxxx(x)>predictiveAlto
200Input Valuexxxx.xxx"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx);</xxxxxx>)predictiveAlto
201Input ValuexxxxxxxpredictiveBasso
202Input Valuexxxxxxxxx:xxxxxxxxpredictiveAlto
203Pattern|xx xx xx|predictiveMedia
204Network PortxxxpredictiveBasso
205Network Portxxx/xx (xxxxxx)predictiveAlto
206Network Portxxx/xxxxxpredictiveMedia
207Network Portxxx/xxxxxpredictiveMedia
208Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!