Ekipa RAT Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (165)

Curso de tempo

Idioma

en86
ja26
de26
zh6
es6

País

us166

Actores

Ekipa RAT4
Cobalt Strike3
RedLine Stealer3
Rhadamanthys2
Ave Maria2

Actividades

Interesse

Curso de tempo

Tipo

Not Defined70
Content Management System14
Photo Gallery Software12
Bug Tracking Software6
Forum Software6

Fabricante

Not Defined52
Atlassian6
HP6
Microsoft6
Mamboxchange4

Produto

Atlassian Data Center6
Bludit6
Atlassian JIRA Server4
Mosets Tree4
HP Integrated Lights-Out4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Hassan Consulting Shopping Cart shop.cgi Directório Traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.021490.06CVE-2000-0921
2Squitosoft Squito Gallery photolist.inc.php Excesso de tampão7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.04CVE-2005-2258
3PhotoPost PhotoPost vBGallery File Upload upload.php direitos alargados6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.06CVE-2008-7088
4Midicart Software MidiCart PHP Shopping Cart search_list.php Roteiro Cruzado de Sítios6.36.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.073380.03CVE-2005-1502
5HP Integrated Lights-Out Divulgação de Informação9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.022860.02CVE-2012-3271
6Dell EMC PowerScale OneFS master.passwd vulnerabilidade desconhecida4.14.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.03CVE-2022-22563
7Asternic Flash Operator Panel User Control Panel direitos alargados7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002140.04CVE-2018-5694
8Ilohamail Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
9Cybernetikz Easy Social Icons Authentication admin.php Falsificação de Pedido Cross Site6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005540.00CVE-2015-2084
10HD FLV PLayer Plugin functions.php hd_update_media Injecção SQL7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.04CVE-2012-10011
11Franklin Fueling Systems Colibri Controller Module Directório Traversal8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.647720.07CVE-2021-46417
12Fortinet FortiADC Roteiro Cruzado de Sítios6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000700.04CVE-2022-38374
13FacileForms facileforms.frame.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018450.02CVE-2008-2990
14htmltonuke htmltonuke.php direitos alargados7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.018490.04CVE-2006-0308
15SimpleBoard file_upload.php direitos alargados8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.128910.00CVE-2006-3528
16Skrypty Ppa Gallery functions.inc.php Excesso de tampão7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.02CVE-2005-2199
17Mamboxchange Extended Registration registration_detailed.inc.php direitos alargados7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050540.04CVE-2006-5254
18EyouCMS Index.php wechat_return XML External Entity5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2021-42194
19Sennheiser HeadSetup Certificates SennComCCKey.pem Key Fraca autenticação5.75.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.003970.05CVE-2018-17612
20Pear Admin Think UploadService.php direitos alargados6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.005310.02CVE-2021-29377

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
185.208.136.130Ekipa RAT27/02/2024verifiedAlto
2146.70.87.148Ekipa RAT27/02/2024verifiedAlto
3XXX.XX.XX.XXXXxxxx Xxx27/02/2024verifiedAlto
4XXX.XX.XX.XXXXxxxx Xxx27/02/2024verifiedAlto
5XXX.XXX.XXX.XXXXxxxx Xxx27/02/2024verifiedAlto
6XXX.XXX.XXX.XXXXxxxx Xxx27/02/2024verifiedAlto
7XXX.XX.XX.XXXXxxxx Xxx27/02/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (159)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/bl-plugins/backup/plugin.phppredictiveAlto
2File/cgi-bin/nightled.cgipredictiveAlto
3File/controller/Index.phppredictiveAlto
4File/etc/master.passwdpredictiveAlto
5File/etc/passwdpredictiveMédio
6File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveAlto
7File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveAlto
8File/secure/admin/RestoreDefaults.jspapredictiveAlto
9File/wmiwizard.jsppredictiveAlto
10Fileaccounts/inc/include.phppredictiveAlto
11Fileacrotxt.phppredictiveMédio
12Fileaddpost_newpoll.phppredictiveAlto
13Fileadmin.phppredictiveMédio
14Fileadmin.php/index/upload because app/common/service/UploadService.phppredictiveAlto
15Fileadmin/handlers.phppredictiveAlto
16FileadminBoards.phppredictiveAlto
17FileadminSmileys.phppredictiveAlto
18Fileakocomments.phppredictiveAlto
19Fileampie.swfpredictiveMédio
20Filexxxxxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveAlto
21Filexxxxxxxx.xxxxxxx.xxxpredictiveAlto
22Filexxxxxxxxx/xxxxx.xxxpredictiveAlto
23Filexx-xxxxxx/xxxx/xxxxxx-xxxx.xxxpredictiveAlto
24Filexx-xxxxxx/xxxxx/xxxxxxxxxxx/xxxx-xxxxxxxx.xxxpredictiveAlto
25Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictiveAlto
26Filexx-xxxxxx/xxxxxxxx.xxxxx.xxxpredictiveAlto
27Filexx_xxxxxxxxx_xxxx.xxxpredictiveAlto
28Filexx_xxxxxxxxxx_xxxx.xxxpredictiveAlto
29Filexxxxx.xxxpredictiveMédio
30Filexx_xxxx.xxxpredictiveMédio
31Filexxxx_xxxxxxx.xxxpredictiveAlto
32Filexxx-xxx/xxxxxxx.xxpredictiveAlto
33Filexxx-xxx/xxxxxxxx.xxxpredictiveAlto
34Filexxxx_xxxxxxxx/xx.xxxpredictiveAlto
35Filexxxxxxxx_xxxxxxx.xxxpredictiveAlto
36Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
37Filexxxxxxxxx.xxxpredictiveAlto
38Filexxxxxxxxxxx\xxxxx.xxxpredictiveAlto
39Filexxx.xxxpredictiveBaixo
40Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
41Filexxxxxx.xxxpredictiveMédio
42Filexxxxxxx.xxxpredictiveMédio
43Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
44Filexxxxxxxx_xxx.xxxpredictiveAlto
45Filexxxxxxxx.xxpredictiveMédio
46Filexxxxxxxx.xxx.xxxpredictiveAlto
47Filexxxxxxxxxxx.xxxxx.xxxpredictiveAlto
48Filexxxxx_xxxxxx.xpredictiveAlto
49Filexxxx_xxxxxx.xxxpredictiveAlto
50Filexxxxxxxxx.xxxpredictiveAlto
51Filexxxxxxx.xxxpredictiveMédio
52Filexxxxxxxxxx.xxxpredictiveAlto
53Filexxxxx_xxxxxx.xxxpredictiveAlto
54Filexxxxxxxxx.xxxpredictiveAlto
55Filexxx/xxxxxxxxx.xxx.xxxpredictiveAlto
56Filexxx_xxxxxxxxxxxxxx.xxxpredictiveAlto
57Filexxxxx.xxxpredictiveMédio
58Filexxxx.xxx.xxxpredictiveMédio
59Filexxxxxxx.xxxxxxxxxx.xxxpredictiveAlto
60Filexxxxxxxxxx/xxxxx.xxpredictiveAlto
61Filexxxx_xxxx.xxxpredictiveAlto
62Filexxx_xxxxxxx.xxxpredictiveAlto
63Filexxxxx.xxxpredictiveMédio
64Filexxx_xxxx.xxxpredictiveMédio
65Filexxxx.xxxpredictiveMédio
66Filexxxxxxxxxxxxx.xxxxpredictiveAlto
67Filexxxxxxxxx.xxxpredictiveAlto
68Filexxx_xxxxx.xxxpredictiveAlto
69Filexxxxx.xxxxxxxxxx.xxxpredictiveAlto
70Filexxxxxxxxx.xxx.xxxpredictiveAlto
71Filexxxxxxxx.xxxpredictiveMédio
72Filexxxxxxxxxxxxxxxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveAlto
73Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveAlto
74Filexxxxxxx_xxxxxx_xxxxx.xxxpredictiveAlto
75Filexxxxxxx_xxxxxx_xxxxxx.xxxpredictiveAlto
76Filexxxxxx_xxxx.xxxpredictiveAlto
77Filexxxxxxxxxxxx.xxxpredictiveAlto
78Filexxxx$xx.xxxpredictiveMédio
79Filexxxx.xxxpredictiveMédio
80Filexxxx.xxxpredictiveMédio
81Filexxxxxxx.xxxpredictiveMédio
82Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
83Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
84Filexxxx_xxxxxxx.xxxxx.xxxpredictiveAlto
85Filexxxxx_xxxxx.xxxpredictiveAlto
86Filexxx-xxxxxxxxx.xxxpredictiveAlto
87Filexxxxxx.xxxpredictiveMédio
88Filexxxxxxxxx.xxxpredictiveAlto
89Filexx-xxxxx/xxxxx.xxxpredictiveAlto
90Filexxxxxx.xxxpredictiveMédio
91File_xxxxxxxxx.xxxpredictiveAlto
92File~/xxx/xxxxx.xxxpredictiveAlto
93Libraryxxxxxx[xxxxxx_xxxxpredictiveAlto
94Libraryxxxxxx.xxxxxxx('xxxxx_xxxx:/xxx/xxxxxx')predictiveAlto
95ArgumentxxxxxxpredictiveBaixo
96Argumentxxxx_xxxxpredictiveMédio
97ArgumentxxxxxxxxpredictiveMédio
98ArgumentxxxxxpredictiveBaixo
99ArgumentxxxxxxpredictiveBaixo
100Argumentxxxx_xxx_xxxxpredictiveAlto
101ArgumentxxxpredictiveBaixo
102ArgumentxxxpredictiveBaixo
103ArgumentxxxxxxxxxxpredictiveMédio
104ArgumentxxxxxxxxxxpredictiveMédio
105Argumentxxxx_xxpredictiveBaixo
106ArgumentxxxxxxxpredictiveBaixo
107ArgumentxxxxxxpredictiveBaixo
108Argumentxxxxxx[xxxxxx_xxxx]predictiveAlto
109Argumentxxxxxx[xxx_xxxx_xxxx]predictiveAlto
110Argumentxxx_x_xxxpredictiveMédio
111Argumentxxxx_xxxxpredictiveMédio
112ArgumentxxxpredictiveBaixo
113Argumentxxx[xxx]predictiveMédio
114Argumentxx_xxxxxxxpredictiveMédio
115ArgumentxxxxxxxpredictiveBaixo
116ArgumentxxxxxxxpredictiveBaixo
117Argumentxxxxxxx_xxxxxxxpredictiveAlto
118Argumentxxxx_xxpredictiveBaixo
119Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveAlto
120ArgumentxxpredictiveBaixo
121Argumentxxxxx_xxxxpredictiveMédio
122ArgumentxxxxpredictiveBaixo
123ArgumentxxxxxxpredictiveBaixo
124ArgumentxxxxxxpredictiveBaixo
125ArgumentxxxxxxxpredictiveBaixo
126Argumentxxx_xxxx_xxxxpredictiveAlto
127Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
128Argumentxxxxxxx_xxxxpredictiveMédio
129ArgumentxxxxpredictiveBaixo
130Argumentxxxx_xxxxpredictiveMédio
131Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveAlto
132Argumentxxxxxx xxxxxxpredictiveAlto
133ArgumentxxxxpredictiveBaixo
134ArgumentxxxxxxxxxpredictiveMédio
135Argumentxxxx_xxxx/xxxxx_xxxxpredictiveAlto
136Argumentxxxxxxxxxx[x]predictiveAlto
137ArgumentxxxxxxpredictiveBaixo
138ArgumentxxxxxpredictiveBaixo
139ArgumentxxxxxxxxxxxpredictiveMédio
140ArgumentxxxpredictiveBaixo
141ArgumentxxxxxxxxxxxxxxxxxxxpredictiveAlto
142ArgumentxxxxxxxxxxxxpredictiveMédio
143Argumentxxxx$xx.xxxpredictiveMédio
144ArgumentxxxxpredictiveBaixo
145Argumentxxxx_xxxxx_xxpredictiveAlto
146Argumentxxxx_xxxxpredictiveMédio
147Argumentxxxxx_xxxxpredictiveMédio
148ArgumentxxxxxxpredictiveBaixo
149ArgumentxxxxxxpredictiveBaixo
150ArgumentxxxxxxxxxxpredictiveMédio
151ArgumentxxxxxxxxpredictiveMédio
152ArgumentxxxxpredictiveBaixo
153Argumentxxxxxxxxxxxxx.xxxxxxxxxxpredictiveAlto
154ArgumentxxxxxxxxpredictiveMédio
155Argumentxxxx_xxpredictiveBaixo
156Argumentx-xxxxxxxxx-xxxpredictiveAlto
157Argument_xxxx[_xxx_xxxx_xxxxpredictiveAlto
158Argument_xxxx[_xxx_xxxx_xxxx]predictiveAlto
159Network Portxxx/xxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!