Ruskill Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Język

en	18
pt	4
fr	2

Kraj

us	8
gb	4
ru	4
cn	2
jp	2

Aktorzy

Ruskill	3
Locky	1
Qakbot	1
Phorpiex	1
Emotet	1

Wysiłek

Rodzaj

Not Defined	10
Operating System	4
Solution Stack Software	2
Programming Language Software	2
Ticket Tracking Software	2

Sprzedawca

Not Defined	10
Microsoft	4
SAP	2
Trend Micro	2
Thomas R. Pasawicz	2

Produkt

Microsoft Windows	4
SAP NetWeaver	2
SAP ABAP Platform	2
PHP	2
Donglify	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Sophos Anti-Virus RAR Archive rarvm.hpp memory corruption	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02
2	Donglify IOCTL memory corruption	8.3	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-42994
3	Donglify IOCTL memory corruption	7.8	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2021-42996
4	Microsoft Windows Desired State Configuration information disclosure	5.1	4.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00043	0.03	CVE-2022-30148
5	Microsoft Windows Access Restriction privilege escalation	4.4	4.4	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00057	0.00	CVE-2011-4434
6	BeyondTrust Secure Remote Access Base Software cross site request forgery	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00286	0.02	CVE-2021-31589
7	Craft EXIF Data Location information disclosure	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02064	0.02	CVE-2019-14280
8	MetInfo sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00220	0.03	CVE-2019-17553
9	SAP NetWeaver/ABAP Platform ABAP Server privilege escalation	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00104	0.00	CVE-2020-6296
10	E-topbiz Online Store index.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00137	0.02	CVE-2008-5802
11	Alibabaclone Alibaba Clone B2B countrydetails.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00112	0.02	CVE-2010-4849
12	OpenSSH X11 Authentication Credential xauth privilege escalation	6.3	6.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.02329	0.00	CVE-2016-3115
13	PHP Session Name session.c privilege escalation	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00577	0.00	CVE-2016-7125
14	Trend Micro Threat Discovery Appliance log_query_dlp.cgi privilege escalation	8.8	8.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00334	0.00	CVE-2016-8590
15	CakePHP security.php unserialize privilege escalation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
16	osTicket file.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00205	0.00	CVE-2017-14396
17	CS-Cart Administration files privilege escalation	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00099	0.03	CVE-2017-15673
18	phpMyAdmin db_central_columns.php cross site scripting	4.4	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00208	0.00	CVE-2018-7260
19	cmsimple index.php directory traversal	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06344	0.03	CVE-2008-2650
20	Django Media directory traversal	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00626	0.05	CVE-2009-2659

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	13.107.21.200		Ruskill	2021-07-24	verified	Wysoki
2	13.107.22.200		Ruskill	2021-07-24	verified	Wysoki
3	35.205.61.67	67.61.205.35.bc.googleusercontent.com	Ruskill	2022-05-06	verified	Medium
4	66.171.248.178	api1.whatismyipaddress.com	Ruskill	2022-05-06	verified	Wysoki
5	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxxx.xxx-xxxx.xx.xxx.xxx.xx.xx-xxxx.xxxx	Xxxxxxx	2022-05-06	verified	Wysoki
6	XXX.XXX.XX.XXX	xxxxxxxxxx.xx.xx	Xxxxxxx	2022-05-06	verified	Wysoki
7	XXX.XX.XXX.XXX		Xxxxxxx	2022-05-06	verified	Wysoki
8	XXX.XXX.XXX.XX		Xxxxxxx	2022-05-06	verified	Wysoki
9	XXX.XX.XX.XXX		Xxxxxxx	2022-05-06	verified	Wysoki
10	XXX.XXX.X.XXX		Xxxxxxx	2022-05-06	verified	Wysoki
11	XXX.XXX.XX.XXX	x-xxxx.xx-xxxxxx.xxx	Xxxxxxx	2021-07-24	verified	Wysoki
12	XXX.XXX.XX.XXX		Xxxxxxx	2021-07-22	verified	Wysoki
13	XXX.X.XXX.XXX	xxxx.xxx	Xxxxxxx	2022-05-06	verified	Wysoki
14	XXX.XX.XX.XXX		Xxxxxxx	2021-07-22	verified	Wysoki
15	XXX.XX.XX.XXX		Xxxxxxx	2022-05-06	verified	Wysoki
16	XXX.XX.XX.XXX		Xxxxxxx	2021-07-22	verified	Wysoki
17	XXX.XXX.XX.XXX	xxxxx.xxx-xxx-xx.xxxxxx.xxxxxxxxxxxx.xxx	Xxxxxxx	2022-05-06	verified	Wysoki
18	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xx	Xxxxxxx	2021-07-22	verified	Wysoki

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
8	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/appliance/users?action=edit	predictive	Wysoki
2	File	admin/?n=tags&c=index&a=doSaveTags	predictive	Wysoki
3	File	countrydetails.php	predictive	Wysoki
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
5	File	xx_xxxxxxx_xxxxxxx.xxx	predictive	Wysoki
6	File	xxx/xxxxxxx/xxxxxxx.x	predictive	Wysoki
7	File	xxxx.xxx	predictive	Medium
8	File	xxxxx.xxx	predictive	Medium
9	File	xxx_xxxxx_xxx.xxx	predictive	Wysoki
10	File	xxxxx.xxx	predictive	Medium
11	Library	xxxx/xxxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxx.xxx	predictive	Wysoki
12	Argument	xxxxx_xx	predictive	Medium
13	Argument	xxx_xx	predictive	Niski
14	Argument	xx_xx	predictive	Niski
15	Argument	xxx	predictive	Niski
16	Argument	xx	predictive	Niski

Referencje (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!