CetaRAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en890
zh44
ar14
ru14
fr14

国・地域

nl958
us42

アクター

RedLine Stealer6
Dorkbot4
Domestic Kitten3
Charming Kitten2
Mylobot2

アクティビティ

関心

タイムライン

タイプ

Not Defined224
Operating System130
Content Management System42
Firewall Software40
WordPress Plugin30

ベンダー

Not Defined222
Microsoft132
Apache30
Cisco30
Oracle24

製品

Microsoft Windows98
Linux Kernel20
WordPress18
Apache HTTP Server14
Google Android14

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1jforum User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
2nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.14CVE-2020-12440
3Huawei ACXXXX/SXXXX SSH Packet 特権昇格7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
4Microsoft Windows WPAD 特権昇格8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
5Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.035230.00CVE-2021-34530
6Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34487
7Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.13CVE-2017-0055
8Cisco Secure Email and Web Manager Web-based Management Interface 弱い認証9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003370.02CVE-2022-20798
9nginx Log File 特権昇格7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.04CVE-2016-1247
10Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
11Microsoft .NET Core/Visual Studio サービス拒否6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001950.09CVE-2021-26423
12Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k 以上$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
13Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000440.00CVE-2021-26425
14Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k 以上$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
15Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
16Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.04CVE-2021-34536
17Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.035230.03CVE-2021-34533
18Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011080.03CVE-2021-36926
19Microsoft ASP.NET Core/Visual Studio 情報の漏洩4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-34532
20Microsoft Windows Services for NFS ONCRPC XDR Driver 情報の漏洩6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011080.00CVE-2021-36933

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1109.236.85.152customer.worldstream.nlCetaRAT2021年09月07日verified
2XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2021年09月07日verified
3XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2021年09月07日verified
4XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2021年09月07日verified
5XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2021年09月07日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-0CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
19TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (224)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.travis.ymlpredictive
2File/.envpredictive
3File/admin.phppredictive
4File/admin/subnets/ripe-query.phppredictive
5File/apply.cgipredictive
6File/core/conditions/AbstractWrapper.javapredictive
7File/debug/pprofpredictive
8File/exportpredictive
9File/file?action=download&filepredictive
10File/hardwarepredictive
11File/librarian/bookdetails.phppredictive
12File/medical/inventories.phppredictive
13File/monitoringpredictive
14File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
15File/plugin/LiveChat/getChat.json.phppredictive
16File/plugins/servlet/audit/resourcepredictive
17File/plugins/servlet/project-config/PROJECT/rolespredictive
18File/replicationpredictive
19File/RestAPIpredictive
20File/tmp/speedtest_urls.xmlpredictive
21File/tmp/zarafa-vacation-*predictive
22File/uncpath/predictive
23File/uploadpredictive
24File/user/loader.php?api=1predictive
25File/var/log/nginxpredictive
26File/xxx/xxx/xxxxxxxx.xxxpredictive
27File/xxxxxx/xxxxxx.xxxxpredictive
28File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictive
29Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
30Filexxxxxxx.xxxpredictive
31Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictive
32Filexxxxxxx.xxxpredictive
33Filexxxxxxx.xxxpredictive
34Filexxx/xxx/xxxx-xxxpredictive
35Filexxx/xx/xxxxxxpredictive
36Filexxxxx.xxxpredictive
37Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
38Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictive
39Filexxxx-xxxx.xpredictive
40Filexxxx/xxxxxxx.xxxpredictive
41Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictive
42Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictive
43Filexxx-xxx/xx.xxxpredictive
44Filexxx/xxxxxxx.xxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxxx.xxxpredictive
47Filexxx_xxxxxx.xxxpredictive
48Filexxx.xxxpredictive
49Filexxxxxx.xxxpredictive
50Filexxxxxxxx.xxpredictive
51Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictive
52Filex_xxxxxxpredictive
53Filexxxxxx.xxxpredictive
54Filexxxxxxx.xxxpredictive
55Filexxxxxxx/xxxxx/xxxxxx.xpredictive
56Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictive
57Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictive
58Filexxxx_xxxxx.xxxpredictive
59Filexxxx.xxxpredictive
60Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictive
61Filexxxxxxxx.xpredictive
62Filexx/xxxxxxxxx.xpredictive
63Filexx/xxxxx.xpredictive
64Filexx/xxxxx/xxxxxxx.xpredictive
65Filexxxxx.xxxpredictive
66Filexxxxxxxxxx.xxpredictive
67Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
68Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictive
69Filexxxxx-xxxxx.xpredictive
70Filexxxxxx_xxxxx_xxxxxxx.xpredictive
71Filexxxxx-xxxxxxxxxx.xpredictive
72Filexxxxxxx/xxxx.xxxpredictive
73Filexxxxx.xxxpredictive
74Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictive
75Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictive
76Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictive
77Filexxxx_xxxxxx.xxpredictive
78Filexxxxxx/xxx/xxxxxxxx.xpredictive
79Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictive
80Filexxxxxxx/xx_xxx.xpredictive
81Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
82Filexxxx.xxxpredictive
83Filexxxxx.xxxpredictive
84Filexxxxx.xxxpredictive
85Filexxxxxxxxxx/xxx.xpredictive
86Filexxxx.xpredictive
87Filexxxx.xxxpredictive
88Filexxxxxx_xxxxx_xxxxxxx.xpredictive
89Filexxxxxxxxxxxxxxxx.xpredictive
90Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
91Filexxx/xxxxxxxxx/x_xxxxxx.xpredictive
92Filexxxx.xxxpredictive
93Filexxx_xxxxxxx.xpredictive
94Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
95Filexxx_xx.xpredictive
96Filexxxxxxxxxxxxxxxxx.xxxpredictive
97Filexxxxxxxxx.xxx.xxxpredictive
98Filexxxxxxx.xxxpredictive
99Filexxxxxxxx.xxxxpredictive
100Filexxxxxxxxxxxxx.xxxxpredictive
101Filexxxxxx.xpredictive
102Filexxxxx.xxxpredictive
103Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
104Filexxxxxxxx.xxxpredictive
105Filexxxxxxx.xpredictive
106Filexxxxxxx.xxxpredictive
107Filexxxxx.xxxpredictive
108Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
109Filexxxxxxx.xpredictive
110Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
111Filexxxx_xxx_xx.xpredictive
112Filexx_xxx.xpredictive
113Filexxx.xpredictive
114Filexxxxxx.xpredictive
115Filexxxxx.xxxpredictive
116Filexxxx-xxxxxx.xpredictive
117Filexxxxxxx.xpredictive
118Filexxx/xxx_xxxxx.xpredictive
119Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
120Filexxxxxx.xxxpredictive
121Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictive
122Filexxxx.xxxxxxxxx.xxxpredictive
123Filexxxx_xxxx.xxxpredictive
124Filexxxxxx.xxxpredictive
125Filexxx.xxxpredictive
126Filexxxxxx/xx/xxxx.xxxpredictive
127Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
128Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
129Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictive
130Filexx-xxxxxxxx/xxxx.xxxpredictive
131Filexx/xx/xxxxxpredictive
132Filexx_xxxxxxx.xpredictive
133File_xxxxxxxx/xxxxxxxx.xxxpredictive
134File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictive
135Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictive
136Libraryxxxxxxxx.xxxpredictive
137Libraryxxxxxxxxxx/xxxxxxxx.xpredictive
138Libraryxxxxxxxx.xxxpredictive
139Libraryxxxxxxxxx.xxxpredictive
140Libraryxxxxxxxx.xxxpredictive
141Libraryxxxxxx.xxx.xxx.xxxpredictive
142Libraryxxxxxxxx.xxxpredictive
143Libraryxxxxxxxx.xxxpredictive
144Argument-xpredictive
145Argumentxxxxxx_xxxxpredictive
146Argumentxxxpredictive
147Argumentxxxxxpredictive
148Argumentxxx_xxpredictive
149Argumentxxxxxxxxxxxxxxxpredictive
150Argumentxxxxxxpredictive
151Argumentxxxxxxx xxxxpredictive
152Argumentxxxxxxxxxxpredictive
153Argumentxxxxxxxpredictive
154Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictive
155Argumentxxxxpredictive
156Argumentxxxxxxxxxxxpredictive
157Argumentxxxxxx_xxxxpredictive
158Argumentxxxxpredictive
159Argumentxxpredictive
160Argumentxxpredictive
161Argumentxxxxxxxxxxxxxxpredictive
162Argumentxxxxxxxpredictive
163Argumentxxxxx[xxxxx][xx]predictive
164Argumentxxxx_xxxxxx_xxxxpredictive
165Argumentxxxx x xxxxpredictive
166Argumentxxxxxxxxx/xxxxxxxxxpredictive
167Argumentxxxpredictive
168Argumentxx_xxxxpredictive
169Argumentxxxxpredictive
170Argumentxxxxxxxxxxxxxxxxxxxxpredictive
171Argumentxxpredictive
172Argumentxxxxxxx/xxxx/xxxxxxxxpredictive
173Argumentxxxxxpredictive
174Argumentxxxxx/xxxxxxpredictive
175Argumentxxxxpredictive
176Argumentxxxx_xxxxpredictive
177Argumentxxxxxxxxpredictive
178Argumentxxxxxxxxpredictive
179Argumentxxxxxxxxpredictive
180Argumentxxxxxxxxxpredictive
181Argumentxxx_xxxpredictive
182Argumentxxxxxxpredictive
183Argumentxxxxxxpredictive
184Argumentxx_xxxxxxx_xxxxxxxpredictive
185Argumentxxxxxxxxxxxxxpredictive
186Argumentxxxxxpredictive
187Argumentxxxxxxx_xxxpredictive
188Argumentxxxxpredictive
189Argumentxxxxxxxpredictive
190Argumentxxxxxxpredictive
191Argumentxxxxxxxx_xxxxxpredictive
192Argumentxxxpredictive
193Argumentxxxxxxxxxxxxpredictive
194Argumentxxxxxxpredictive
195Argumentxxxxxxxxxpredictive
196Argumentxxxpredictive
197Argumentxxxxxxpredictive
198Argumentxxxpredictive
199Argumentxxxxxxxx-xxxxxxxxpredictive
200Argumentxxxpredictive
201Argumentxxxxpredictive
202Argumentxxxxxxxxpredictive
203Argumentxxxxxxxpredictive
204Argumentxxxx->xxxxxxxpredictive
205Argumentx-xxxxxxxxx-xxxpredictive
206Argumentxxxpredictive
207Argument\xxxxxx\predictive
208Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictive
209Argument_xxx_xxxxxxxxxxx_predictive
210Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
211Input Value.%xx.../.%xx.../predictive
212Input Value//predictive
213Input Valuexxx xxxxxxxxpredictive
214Input Valuexxxxxxxxpredictive
215Input Valuexxxxxxxxx' xxx 'x'='xpredictive
216Input Valuexxxxxpredictive
217Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictive
218Input Value\xpredictive
219Input Value….//predictive
220Pattern|xx|predictive
221Network Portxxxxxpredictive
222Network Portxx xxxxxxx xxx.xx.xx.xxpredictive
223Network Portxxx/xx (xxxxxx)predictive
224Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!