ObliqueRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (546)

タイムライン

言語

en516
es18
it8
fr2
zh2

国・地域

us506
ru28
cn12

アクター

ObliqueRAT2
Conti2
Fodcha2
RedLine Stealer2
Wizard Spider1

アクティビティ

関心

タイムライン

タイプ

Firewall Software22
Not Defined16
Content Management System10
Smartphone Operating System6
Web Server4

ベンダー

Not Defined20
Squid6
Apache6
Google4
Vera Edge2

製品

WordPress4
Drupal4
Google Android4
Squid Proxy4
Apache HTTP Server4

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Apache HTTP Server mod_proxy_balancer.c balancer_handler クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.21782CVE-2012-4558
2Google Android Proxy Auto-Config ic.cc UpdateLoadElement メモリ破損8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00102CVE-2019-2047
3Telegram Desktop Proxy 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00219CVE-2018-17613
4https-proxy-agent JSON メモリ破損7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00659CVE-2018-3739
5Apache HTTP Server mod_proxy_fcgi.c handle_headers メモリ破損5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.00953CVE-2014-3583
6Apple iOS Proxy Authentication 特権昇格6.66.4$100k 以上$5k-$25kNot DefinedOfficial Fix0.040.00182CVE-2016-4642
7YoungZSoft CCProxy Proxy Service メモリ破損7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.11487CVE-2004-2685
8CNCF Envoy Proxy サービス拒否6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00341CVE-2020-8659
9Blue Coat ProxySG SGOS 情報の漏洩5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00139CVE-2015-4334
10Juniper WLC Proxy ARP/No Broadcast Feature 特権昇格5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00712CVE-2014-6381
11Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored クロスサイトスクリプティング5.75.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00115CVE-2018-18370
12Palo Alto PAN-OS DNS Proxy 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.06716CVE-2017-8390
13QNAP Proxy Server Setting 弱い認証6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00069CVE-2017-7639
14Squid Web Proxy cachemgr.cgi 特権昇格6.15.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00267CVE-2019-18860
15Bluecoat SGOS Management Console クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00265CVE-2010-5192
16Artica Proxy fw.progrss.details.php ディレクトリトラバーサル7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.96791CVE-2020-13158
17Artica Proxy settings.inc 特権昇格4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00130CVE-2019-7300
18Sarg Squid Analysis Report Generator Proxy Server useragent.c useragent メモリ破損10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.44560CVE-2008-1167
19Google Android Proxy Configuration hydrogen-alias-analysis.h HAliasAnalyzer.Query 特権昇格8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.00102CVE-2019-2097
20Check point Firewall-1/VPN-1 IKE Aggressive Mode 弱い暗号化5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00409CVE-2002-1623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1185.117.73.222ObliqueRAT2022年03月31日verified
2XXX.XXX.XX.XXXXxxxxxxxxx2022年08月10日verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/assets/php/upload.phppredictive
2Fileadmin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/listpredictive
3Filecachemgr.cgipredictive
4Filecgi-bin/cmh/webcam.shpredictive
5Filexxxxxx.xpredictive
6Filexx.xxxxxxx.xxxxxxx.xxxpredictive
7Filexxxxxxxx-xxxxx-xxxxxxxx.xpredictive
8Filexx.xxpredictive
9Filexxxxxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxx.xpredictive
12Filexxxxx.xxxpredictive
13Filexxx_xxxxx_xxxxxxxx.xpredictive
14Filexxx_xxxxx_xxxx.xpredictive
15Filexxxxxxxx_xxxxxx.xxxpredictive
16Filexxxxxxxxxx/xxxxxxxx.xxxpredictive
17Filexxxxxxxxx.xpredictive
18Filexxxxx/xxxxx.xxpredictive
19Filexxxxxxxxxxxxx.xxxxpredictive
20Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxxpredictive
21Argumentxxxxpredictive
22Argumentxxxxxxxxxxxxxpredictive
23Argumentxxxxxxxxxxxxpredictive
24Argumentxxxxxxxxpredictive
25Argumentxx_xxxxxxxxpredictive
26Argumentxxxxxxxxxpredictive
27Argumentxxxx_xxxxx/xxxx_xxxxxxxxpredictive
28Argumentxxxxxxx.xxx_xxxxxxxxxxpredictive
29Argumentxxxxxpredictive
30Argumentxxxpredictive
31Argumentxxxxxxxxpredictive
32Argumentxxxx xxxxpredictive
33Input Value%xx%xx%xxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!