RATicate Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Idioma

en	34
de	10
fr	4
es	4

País

us	44
gb	4
fr	2

Actores

Ave Maria	1
AsyncRAT	1
Revenge RAT	1
NjRAT	1
Remcos	1

Interesse

Tipo

Web Server	8
Photo Gallery Software	4
Programming Language Software	4
WordPress Plugin	2
Not Defined	2

Fabricante

Not Defined	12
Microsoft	4
Gallarific	2
All Enthusiast Inc	2
Todd Miller	2

Produto

Microsoft IIS	4
Gallarific PHP Photo Gallery script	2
thttpd	2
nginx	2
Popup Maker Plugin	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00501	0.00	CVE-2004-2175
2	PhotoPost PHP Pro showproduct.php Injecção SQL	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00276	0.04	CVE-2004-0250
3	OpenSSH Authentication Username Divulgação de Informação	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.23	CVE-2016-6210
4	BitTorrent uTorrent Bencoding Parser direitos alargados	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00867	0.02	CVE-2020-8437
5	MDaemon Webmail Roteiro Cruzado de Sítios	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.02	CVE-2019-8983
6	Synology DiskStation Manager Change Password direitos alargados	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.03	CVE-2018-8916
7	Microsoft IIS Roteiro Cruzado de Sítios	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.07	CVE-2017-0055
8	Todd Miller sudo sudoedit sudoers direitos alargados	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00061	0.00	CVE-2015-5602
9	Tim Kosse FileZilla Format String	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03339	0.04	CVE-2007-2318
10	BusyBox Terminal lineedit.c add_match direitos alargados	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00522	0.07	CVE-2017-16544
11	Microsoft Office Equation Editor Excesso de tampão	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.91620	0.02	CVE-2018-0798
12	Citrix ADC/Gateway/NetScaler Gateway/SD-WAN WANOP SSL VPN Web Portal Roteiro Cruzado de Sítios	3.5	3.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00078	0.00	CVE-2020-8245
13	Gallarific PHP Photo Gallery script gallery.php Injecção SQL	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00112	0.04	CVE-2011-0519
14	Gempar Script Toko Online shop_display_products.php Injecção SQL	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
15	K5n WebCalendar send_reminders.php direitos alargados	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05603	0.02	CVE-2008-2836
16	Microsoft IIS direitos alargados	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.08875	0.02	CVE-2010-1256
17	Python urllib.request.AbstractBasicAuthHandler direitos alargados	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00837	0.07	CVE-2020-8492
18	nginx URI String direitos alargados	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.95433	0.00	CVE-2013-4547
19	Microsoft Windows Remote Desktop direitos alargados	7.5	7.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04662	0.00	CVE-2019-1333
20	Mozilla Firefox/Firefox ESR IFRAME PDF.js direitos alargados	8.6	8.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01146	0.00	CVE-2013-5598

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	79.134.225.11		RATicate		31/05/2021	verified	Alto
2	XX.XXX.XXX.XX		Xxxxxxxx		31/05/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/etc/sudoers	predictive	Médio
2	File	/uncpath/	predictive	Médio
3	File	cat.php	predictive	Baixo
4	File	xxxxxx.xxx	predictive	Médio
5	File	xxxxxxxxxxx/xxxxx.xxx	predictive	Alto
6	File	xxxxxxx.xxx	predictive	Médio
7	File	xxxxx/xxxxxxxx.x	predictive	Alto
8	File	xxx.xx	predictive	Baixo
9	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Alto
10	File	xxxx_xxxxxxxxx.xxx	predictive	Alto
11	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
12	File	xxxxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	Alto
14	Argument	xxx	predictive	Baixo
15	Argument	xxxxx	predictive	Baixo
16	Argument	xxx_xx	predictive	Baixo
17	Argument	xxxxxxxx	predictive	Médio
18	Argument	xx	predictive	Baixo
19	Argument	xxxx_xx	predictive	Baixo
20	Argument	xxxxx	predictive	Baixo
21	Argument	xxxxxxxx	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!