RATLoader Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (154)

Curso de tempo

Idioma

en114
fr22
de12
pl4
es2

País

us122
de8
ch4
fr4
pl2

Actores

NjRAT1
RATLoader1
Purple Fox1
AsyncRAT1
BitRAT1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined44
Operating System8
Programming Language Software8
Content Management System4
Network Camera Software4

Fabricante

Not Defined32
Microsoft8
Google4
Itechscripts4
Site2Nite2

Produto

Microsoft Windows6
PHP4
Google Chrome4
Ilohamail4
Itechscripts iTechBids4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Gempar Script Toko Online shop_display_products.php Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
2FiberHome HG2201T telnet.cgi direitos alargados8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006090.00CVE-2019-17186
3Google Chrome Utility Process Condição de Corrida9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.008010.07CVE-2011-3961
4DataLynx suGuard direitos alargados5.95.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.00CVE-1999-0388
5Ecommerce Online Store Kit shop.php Injecção SQL9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.08CVE-2004-0300
6Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password Divulgação de Informação5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.007550.04CVE-2001-0821
7Linksys WVC11B main.cgi Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.04CVE-2004-2508
8Asternic Flash Operator Panel User Control Panel direitos alargados7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002140.04CVE-2018-5694
9Contenido Contendio allow_url_fopen direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005750.00CVE-2005-4132
10MidiCart PHP Shopping Cart item_show.php Injecção SQL6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
11Microsoft Windows Remote Desktop/Terminal Services Web Connection Fraca autenticação6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
12Ilohamail Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
13Microsoft IIS Error Message Roteiro Cruzado de Sítios6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001690.00CVE-2000-1104
14Microsoft IIS Error Message Roteiro Cruzado de Sítios4.24.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.039110.03CVE-2003-0223
15Adobe ColdFusion Roteiro Cruzado de Sítios4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014790.00CVE-2007-0817
16SourceCodester Garage Management System createUser.php direitos alargados6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.003070.08CVE-2022-2578
17D-Link IP Cameras rtpd.cgi má configuração9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.901140.00CVE-2013-1599
18Microsoft IIS viewcode.asp direitos alargados5.35.1$25k-$100k$0-$5kHighOfficial Fix0.946320.05CVE-1999-0737
19UnrealIRCd direitos alargados7.37.3$0-$5k$0-$5kHighNot Defined0.649510.04CVE-2010-2075
20Stoverud PHPhotoalbum File Upload upload.php direitos alargados7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.028730.00CVE-2009-4819

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
1185.81.157.59RATLoader06/04/2023verifiedAlto
2XXX.XX.XXX.XXXXxxxxxxxx06/04/2023verifiedAlto
3XXX.XX.XXX.XXXXxxxxxxxx06/04/2023verifiedAlto
4XXX.XX.XXX.XXXXxxxxxxxx06/04/2023verifiedAlto
5XXX.XX.XXX.XXXXxxxxxxxx28/06/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (86)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/catalog/admin/categories.php?cPath=&action=new_productpredictiveAlto
2File/inc/HTTPClient.phppredictiveAlto
3File/php_action/createUser.phppredictiveAlto
4File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveAlto
5Fileadmin.phppredictiveMédio
6Fileadmin/admin.shtmlpredictiveAlto
7FileAdmin/ADM_Pagina.phppredictiveAlto
8Fileadmin/editcatalogue.phppredictiveAlto
9Fileadmin/menus/edit.phppredictiveAlto
10Fileapage.cgipredictiveMédio
11Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictiveAlto
12Filexxxxxxxxxx.xxxpredictiveAlto
13Filexxxxxxxx.xxxpredictiveMédio
14Filexxxxxxxx_xxxx.xxxpredictiveAlto
15Filexxx_xxxx.xpredictiveMédio
16Filexxxxxxxxx.xxxpredictiveAlto
17Filexxxxxx-xxxxxpredictiveMédio
18Filexxxxxx.xxxpredictiveMédio
19Filexxxxxx.xxxpredictiveMédio
20Filexxxxx_xxx_xxxxx.xxxpredictiveAlto
21Filexxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxxpredictiveAlto
22Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
23Filexxxxxxx/xxxx_xxxxxxxx.xxxxx.xxxpredictiveAlto
24Filexxxxx.xxxpredictiveMédio
25Filexxxxxxx.xxxpredictiveMédio
26Filexxxxxxxxxx.xxxpredictiveAlto
27Filexxxx_xxxx.xxxpredictiveAlto
28Filexxxxx_xx.xxxxpredictiveAlto
29Filexxxxxxxxxx/xxxxxxx.xpredictiveAlto
30Filexxxx.xxxpredictiveMédio
31Filexxxxxxxx.xxxpredictiveMédio
32Filexxxxxxxx.xxxpredictiveMédio
33Filexxx_xxxx.xxx.xxxpredictiveAlto
34Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveAlto
35Filexxxxxxxxxx.xxxpredictiveAlto
36Filexxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxxpredictiveAlto
37Filexxxxxxxx.xxxpredictiveMédio
38Filexxxx.xxxpredictiveMédio
39Filexxxxxxxxxxxxx.xxxpredictiveAlto
40Filexxxxxxxxx.xxxpredictiveAlto
41Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
42Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
43Filexxxxx_xxxxx.xxxpredictiveAlto
44Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveAlto
45Filexxxxxx.xxxpredictiveMédio
46Filexxxx_xxxxx.xxxpredictiveAlto
47Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveAlto
48Filexxxx.xxxpredictiveMédio
49Filexxxxxxxx.xxxpredictiveMédio
50Filexxxxxxx.xxxpredictiveMédio
51Libraryxxxxxx[xxxxxx_xxxxpredictiveAlto
52Libraryxxxxxx.xxxpredictiveMédio
53Libraryxxx/xx_xxx.xpredictiveMédio
54Argument(xxxxxx)predictiveMédio
55Argumentxxx_xxpredictiveBaixo
56Argumentxx_xxxx_xxxxpredictiveMédio
57ArgumentxxxpredictiveBaixo
58ArgumentxxxxxpredictiveBaixo
59Argumentxxx_xxpredictiveBaixo
60ArgumentxxxpredictiveBaixo
61Argumentxxxx_xxpredictiveBaixo
62ArgumentxxxxxxxpredictiveBaixo
63Argumentxxxxxx[xxxxxx_xxxx]predictiveAlto
64Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveAlto
65Argumentxxxxxx_xxxxpredictiveMédio
66ArgumentxxxxxxxxpredictiveMédio
67ArgumentxxpredictiveBaixo
68ArgumentxxpredictiveBaixo
69Argumentxxxx_xxpredictiveBaixo
70Argumentxxxxx_xxxxpredictiveMédio
71ArgumentxxxxxxpredictiveBaixo
72Argumentxxxx_xxxxpredictiveMédio
73Argumentxxx[xxxx][xx_xxxx_xxxx]predictiveAlto
74Argumentxxxx_xxpredictiveBaixo
75ArgumentxxxxpredictiveBaixo
76Argumentxxxxxx_xxxxpredictiveMédio
77ArgumentxxxxxxxxpredictiveMédio
78Argumentxxxxxx_xxxx[]predictiveAlto
79ArgumentxxxxxxpredictiveBaixo
80ArgumentxxxxxpredictiveBaixo
81ArgumentxxxxpredictiveBaixo
82ArgumentxxxxxxxxpredictiveMédio
83Argumentx-xxxx-xxxxxpredictiveMédio
84Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveAlto
85Input Value//xxx.xxxxxxx.xxxpredictiveAlto
86Pattern|xx xx xx|predictiveMédio

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!