RuRAT Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (474)

Idioma

en	224
de	212
it	34
es	2
fr	2

País

us	472
ir	2

Actores

RuRAT	1

Interesse

Tipo

Not Defined	46
Content Management System	22
Forum Software	12
Programming Language Software	8
Web Server	4

Fabricante

Not Defined	58
Microsoft	4
Public Warehouse	2
AlienVault	2
Coppermine	2

Produto

WordPress	16
PHP	6
Phorum	4
Public Warehouse Light Blog	2
RedCMS	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.82	0.00943	CVE-2010-0966
3	Woltlab Burning Board register.php Roteiro Cruzado de Sítios	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00957	CVE-2007-1443
4	Magic Photo Storage Website register.php direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00000
5	YaBB register.pl Excesso de tampão	10.0	8.7	$0-$5k	Calculado	Unproven	Official Fix	0.00	0.17348	CVE-2007-3208
6	WordPress wp-register.php Roteiro Cruzado de Sítios	4.3	4.2	$5k-$25k	$0-$5k	High	Unavailable	0.00	0.00322	CVE-2007-5105
7	Phpwebgallery register.php Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	Calculado	Not Defined	Not Defined	0.03	0.00759	CVE-2007-1109
8	Expinion.net News Manager Lite comment_add.asp Roteiro Cruzado de Sítios	4.3	3.8	$0-$5k	Calculado	Unproven	Official Fix	0.02	0.00607	CVE-2004-1845
9	Phorum register.php Roteiro Cruzado de Sítios	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.01601	CVE-2007-0769
10	SSReader Ultra Star Reader ActiveX Control pdg2.dll Register Excesso de tampão	10.0	9.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.05274	CVE-2007-5892
11	SSReader Ultra Star Reader ActiveX Control register Excesso de tampão	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.03599	CVE-2007-5807
12	StoreSprite register.php Roteiro Cruzado de Sítios	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01954	CVE-2007-4307
13	AlstraSoft AskMe Pro register.php Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	Calculado	Not Defined	Not Defined	0.00	0.00000
14	Microsoft Register Server Negação de Serviço	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00350	CVE-2007-3658
15	Scribe forum.php register direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.06	0.02167	CVE-2007-5822
16	WordPress wp-register.php Roteiro Cruzado de Sítios	4.3	4.2	$5k-$25k	$0-$5k	High	Unavailable	0.04	0.00533	CVE-2007-5106
17	Andys Chat register.php Excesso de tampão	10.0	10.0	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00	0.03106	CVE-2006-7036
18	PBSite register.php Local Privilege Escalation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00000
19	LushiWarPlaner register.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.18	0.00821	CVE-2007-0864
20	TeamCal register.php Directório Traversal	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00000

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	86.104.15.123	cphost07.qhoster.net	RuRAT		04/08/2022	verified	Alto
2	XXX.XXX.XX.XXX	xxxxx-x.xxx-xxxxxxx.xxx	Xxxxx		04/08/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (85)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/index.php	predictive	Médio
2	File	/rom-0	predictive	Baixo
3	File	/uncpath/	predictive	Médio
4	File	adclick.php	predictive	Médio
5	File	add_comment.php	predictive	Alto
6	File	base_maintenance.php	predictive	Alto
7	File	comment_add.asp	predictive	Alto
8	File	data/gbconfiguration.dat	predictive	Alto
9	File	drivers/block/floppy.c	predictive	Alto
10	File	email.php	predictive	Médio
11	File	EmployeeSearch.cc	predictive	Alto
12	File	exit.php	predictive	Médio
13	File	forum.php	predictive	Médio
14	File	goto.php	predictive	Médio
15	File	xxxxxxxxx.xxx	predictive	Alto
16	File	xxx/xxxxxx.xxx	predictive	Alto
17	File	xxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxx	predictive	Alto
18	File	xxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxx	predictive	Alto
19	File	xxxxx.xxx	predictive	Médio
20	File	xxxxx.xxx.xxx	predictive	Alto
21	File	xxxxx.xxx	predictive	Médio
22	File	xxxxx.xxx	predictive	Médio
23	File	xxxxx.xxx	predictive	Médio
24	File	xxxxxxxx.xxx	predictive	Médio
25	File	xxxxxxxx.xxxx	predictive	Alto
26	File	xxxxxxxx.xxx	predictive	Médio
27	File	xxxxxxxx.xxx	predictive	Médio
28	File	xxxxxxxx.xx	predictive	Médio
29	File	xxxxxxxx_xxxxxx.xxx	predictive	Alto
30	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Alto
31	File	xxxxxxxxxx/xxxxxxxxxx_xxxxxxxxxx.xxx	predictive	Alto
32	File	xxxxxx/xxxxxxxx.xxx	predictive	Alto
33	File	xxxxxx.xxx	predictive	Médio
34	File	xxxxxxx/xxxxxxxx.xxx	predictive	Alto
35	File	xxxx-xxxxxxxx.xxx	predictive	Alto
36	File	xxxx/xxxxxxxx.xxx	predictive	Alto
37	File	xxxxx/xxxxxxxx.xxx	predictive	Alto
38	File	xxxx/xxxxxxxx.xxx	predictive	Alto
39	File	xx-xxxxx/xxxxx-xxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxxxx	predictive	Alto
40	File	xx-xxxxx.xxx	predictive	Médio
41	File	xx-xxxxxxxx.xxx	predictive	Alto
42	File	xxxxxx.xxx	predictive	Médio
43	Library	xxxx.xxx	predictive	Médio
44	Argument	xxxxxxx	predictive	Baixo
45	Argument	xxxxxx	predictive	Baixo
46	Argument	xxxxxxxx	predictive	Médio
47	Argument	xxxxxxx	predictive	Baixo
48	Argument	xxxx	predictive	Baixo
49	Argument	xxxxx	predictive	Baixo
50	Argument	xxxxx	predictive	Baixo
51	Argument	xxxxxxx=xxxxxxxx	predictive	Alto
52	Argument	xxxx	predictive	Baixo
53	Argument	xxxx_xxxxx	predictive	Médio
54	Argument	xxxxxxxx	predictive	Médio
55	Argument	xx	predictive	Baixo
56	Argument	xx_xxxxxxxx	predictive	Médio
57	Argument	xxxxxxx_xxxx	predictive	Médio
58	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	Alto
59	Argument	xxxx	predictive	Baixo
60	Argument	xxxxxxxxxxxxx	predictive	Alto
61	Argument	xxxxxxx	predictive	Baixo
62	Argument	xxxx	predictive	Baixo
63	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Alto
64	Argument	xxxx	predictive	Baixo
65	Argument	xxxx	predictive	Baixo
66	Argument	xxxx	predictive	Baixo
67	Argument	xxxxxxxx	predictive	Médio
68	Argument	xxxx_xxxx	predictive	Médio
69	Argument	xxx_xxxx	predictive	Médio
70	Argument	xxxxxx	predictive	Baixo
71	Argument	xxxxxxxxxxxx	predictive	Médio
72	Argument	xxxxxx	predictive	Baixo
73	Argument	xxxxxxxxxx	predictive	Médio
74	Argument	xxx	predictive	Baixo
75	Argument	xxxxx	predictive	Baixo
76	Argument	xxx	predictive	Baixo
77	Argument	xxxxxxxx	predictive	Médio
78	Argument	xxxx_xxxxx	predictive	Médio
79	Argument	xxxx_xxxxx	predictive	Médio
80	Argument	xxx	predictive	Baixo
81	Argument	_xxxxxx[xxxx_xxxx]	predictive	Alto
82	Input Value	xxxx	predictive	Baixo
83	Input Value	xxxxxxxxx' xxx 'x'='x	predictive	Alto
84	Input Value	xxxx	predictive	Baixo
85	Network Port	xxx xxxxxx xxxx	predictive	Alto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!