RATicate Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Język

en	34
de	12
pl	4
es	2

Kraj

us	42
fr	4
se	2
gb	2

Aktorzy

Ave Maria	1
AsyncRAT	1
Revenge RAT	1
NjRAT	1
Remcos	1

Wysiłek

Rodzaj

Not Defined	8
Web Server	4
Connectivity Software	2
Smartphone Operating System	2
Operating System Utility Software	2

Sprzedawca

Not Defined	10
Tim Kosse	2
Microsoft	2
Google	2
Todd Miller	2

Produkt

Tim Kosse FileZilla	2
PHPChain	2
Microsoft IIS	2
Google Android	2
Todd Miller sudo	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00501	0.00	CVE-2004-2175
2	PhotoPost PHP Pro showproduct.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00276	0.04	CVE-2004-0250
3	OpenSSH Authentication Username information disclosure	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.18	CVE-2016-6210
4	BitTorrent uTorrent Bencoding Parser privilege escalation	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00867	0.04	CVE-2020-8437
5	MDaemon Webmail cross site scripting	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.02	CVE-2019-8983
6	Synology DiskStation Manager Change Password privilege escalation	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.03	CVE-2018-8916
7	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.33	CVE-2017-0055
8	Todd Miller sudo sudoedit sudoers privilege escalation	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00061	0.00	CVE-2015-5602
9	Tim Kosse FileZilla Format String	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03339	0.04	CVE-2007-2318
10	BusyBox Terminal lineedit.c add_match privilege escalation	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00522	0.07	CVE-2017-16544
11	Microsoft Office Equation Editor memory corruption	7.5	7.4	$5k-$25k	$0-$5k	High	Official Fix	0.91620	0.03	CVE-2018-0798
12	Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal cross site scripting	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00078	0.00	CVE-2020-8245
13	Gallarific PHP Photo Gallery script gallery.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00112	0.04	CVE-2011-0519
14	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
15	K5n WebCalendar send_reminders.php privilege escalation	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05178	0.02	CVE-2008-2836
16	Microsoft IIS privilege escalation	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.08875	0.04	CVE-2010-1256
17	Python urllib.request.AbstractBasicAuthHandler privilege escalation	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00837	0.07	CVE-2020-8492
18	nginx URI String privilege escalation	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.95433	0.04	CVE-2013-4547
19	Microsoft Windows Remote Desktop privilege escalation	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04662	0.00	CVE-2019-1333
20	Mozilla Firefox/Firefox ESR IFRAME PDF.js privilege escalation	8.6	8.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01146	0.00	CVE-2013-5598

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	79.134.225.11		RATicate		2021-05-31	verified	Wysoki
2	XX.XXX.XXX.XX		Xxxxxxxx		2021-05-31	verified	Wysoki

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/etc/sudoers	predictive	Medium
2	File	/uncpath/	predictive	Medium
3	File	cat.php	predictive	Niski
4	File	xxxxxx.xxx	predictive	Medium
5	File	xxxxxxxxxxx/xxxxx.xxx	predictive	Wysoki
6	File	xxxxxxx.xxx	predictive	Medium
7	File	xxxxx/xxxxxxxx.x	predictive	Wysoki
8	File	xxx.xx	predictive	Niski
9	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Wysoki
10	File	xxxx_xxxxxxxxx.xxx	predictive	Wysoki
11	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Wysoki
12	File	xxxxxxxxxxx.xxx	predictive	Wysoki
13	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	Wysoki
14	Argument	xxx	predictive	Niski
15	Argument	xxxxx	predictive	Niski
16	Argument	xxx_xx	predictive	Niski
17	Argument	xxxxxxxx	predictive	Medium
18	Argument	xx	predictive	Niski
19	Argument	xxxx_xx	predictive	Niski
20	Argument	xxxxx	predictive	Niski
21	Argument	xxxxxxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you know our Splunk app?

Download it now for free!