RuRAT Analisi

IOB - Indicator of Behavior (474)

Sequenza temporale

Linguaggio

en228
de204
it40
es2

Nazione

us472

Attori

Attività

Interesse

Sequenza temporale

Genere

Fornitore

Prodotto

WordPress16
SSReader Ultra Star Reader4
Kaqoo Auction Software4
MikroTik RouterOS2
Simple Machines Forum2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.530.00943CVE-2010-0966
3Woltlab Burning Board register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00957CVE-2007-1443
4Magic Photo Storage Website register.php escalazione di privilegi5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
5YaBB register.pl buffer overflow10.08.7$0-$5kCalcoloUnprovenOfficial Fix0.000.17348CVE-2007-3208
6WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.000.00322CVE-2007-5105
7Phpwebgallery register.php cross site scripting4.34.3$0-$5kCalcoloNot DefinedNot Defined0.030.00759CVE-2007-1109
8Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5kCalcoloUnprovenOfficial Fix0.020.00607CVE-2004-1845
9Phorum register.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.01601CVE-2007-0769
10SSReader Ultra Star Reader ActiveX Control pdg2.dll Register buffer overflow10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.05274CVE-2007-5892
11SSReader Ultra Star Reader ActiveX Control register buffer overflow7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.03599CVE-2007-5807
12StoreSprite register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01954CVE-2007-4307
13AlstraSoft AskMe Pro register.php cross site scripting3.53.5$0-$5kCalcoloNot DefinedNot Defined0.000.00000
14Microsoft Register Server denial of service5.35.3$5k-$25k$0-$5kNot DefinedNot Defined0.000.00350CVE-2007-3658
15Scribe forum.php register escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.060.02167CVE-2007-5822
16WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.040.00533CVE-2007-5106
17Andys Chat register.php buffer overflow10.010.0$0-$5k$0-$5kNot DefinedUnavailable0.000.03106CVE-2006-7036
18PBSite register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00000
19LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.070.00821CVE-2007-0864
20TeamCal register.php directory traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00000

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
186.104.15.123cphost07.qhoster.netRuRAT04/08/2022verifiedAlto
2XXX.XXX.XX.XXXxxxxx-x.xxx-xxxxxxx.xxxXxxxx04/08/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (85)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/index.phppredictiveMedia
2File/rom-0predictiveBasso
3File/uncpath/predictiveMedia
4Fileadclick.phppredictiveMedia
5Fileadd_comment.phppredictiveAlto
6Filebase_maintenance.phppredictiveAlto
7Filecomment_add.asppredictiveAlto
8Filedata/gbconfiguration.datpredictiveAlto
9Filedrivers/block/floppy.cpredictiveAlto
10Fileemail.phppredictiveMedia
11FileEmployeeSearch.ccpredictiveAlto
12Fileexit.phppredictiveMedia
13Fileforum.phppredictiveMedia
14Filegoto.phppredictiveMedia
15Filexxxxxxxxx.xxxpredictiveAlto
16Filexxx/xxxxxx.xxxpredictiveAlto
17Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveAlto
18Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictiveAlto
19Filexxxxx.xxxpredictiveMedia
20Filexxxxx.xxx.xxxpredictiveAlto
21Filexxxxx.xxxpredictiveMedia
22Filexxxxx.xxxpredictiveMedia
23Filexxxxx.xxxpredictiveMedia
24Filexxxxxxxx.xxxpredictiveMedia
25Filexxxxxxxx.xxxxpredictiveAlto
26Filexxxxxxxx.xxxpredictiveMedia
27Filexxxxxxxx.xxxpredictiveMedia
28Filexxxxxxxx.xxpredictiveMedia
29Filexxxxxxxx_xxxxxx.xxxpredictiveAlto
30Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveAlto
31Filexxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxxpredictiveAlto
32Filexxxxxx/xxxxxxxx.xxxpredictiveAlto
33Filexxxxxx.xxxpredictiveMedia
34Filexxxxxxx/xxxxxxxx.xxxpredictiveAlto
35Filexxxx-xxxxxxxx.xxxpredictiveAlto
36Filexxxx/xxxxxxxx.xxxpredictiveAlto
37Filexxxxx/xxxxxxxx.xxxpredictiveAlto
38Filexxxx/xxxxxxxx.xxxpredictiveAlto
39Filexx-xxxxx/xxxxx-xxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxxxxpredictiveAlto
40Filexx-xxxxx.xxxpredictiveMedia
41Filexx-xxxxxxxx.xxxpredictiveAlto
42Filexxxxxx.xxxpredictiveMedia
43Libraryxxxx.xxxpredictiveMedia
44ArgumentxxxxxxxpredictiveBasso
45ArgumentxxxxxxpredictiveBasso
46ArgumentxxxxxxxxpredictiveMedia
47ArgumentxxxxxxxpredictiveBasso
48ArgumentxxxxpredictiveBasso
49ArgumentxxxxxpredictiveBasso
50ArgumentxxxxxpredictiveBasso
51Argumentxxxxxxx=xxxxxxxxpredictiveAlto
52ArgumentxxxxpredictiveBasso
53Argumentxxxx_xxxxxpredictiveMedia
54ArgumentxxxxxxxxpredictiveMedia
55ArgumentxxpredictiveBasso
56Argumentxx_xxxxxxxxpredictiveMedia
57Argumentxxxxxxx_xxxxpredictiveMedia
58Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveAlto
59ArgumentxxxxpredictiveBasso
60ArgumentxxxxxxxxxxxxxpredictiveAlto
61ArgumentxxxxxxxpredictiveBasso
62ArgumentxxxxpredictiveBasso
63Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
64ArgumentxxxxpredictiveBasso
65ArgumentxxxxpredictiveBasso
66ArgumentxxxxpredictiveBasso
67ArgumentxxxxxxxxpredictiveMedia
68Argumentxxxx_xxxxpredictiveMedia
69Argumentxxx_xxxxpredictiveMedia
70ArgumentxxxxxxpredictiveBasso
71ArgumentxxxxxxxxxxxxpredictiveMedia
72ArgumentxxxxxxpredictiveBasso
73ArgumentxxxxxxxxxxpredictiveMedia
74ArgumentxxxpredictiveBasso
75ArgumentxxxxxpredictiveBasso
76ArgumentxxxpredictiveBasso
77ArgumentxxxxxxxxpredictiveMedia
78Argumentxxxx_xxxxxpredictiveMedia
79Argumentxxxx_xxxxxpredictiveMedia
80ArgumentxxxpredictiveBasso
81Argument_xxxxxx[xxxx_xxxx]predictiveAlto
82Input ValuexxxxpredictiveBasso
83Input Valuexxxxxxxxx' xxx 'x'='xpredictiveAlto
84Input ValuexxxxpredictiveBasso
85Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!