Yellow Cockatoo RAT Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (91)

Idioma

en	88
zh	2
de	2

País

us	86
de	2
es	2
ru	2

Actores

Yellow Cockatoo RAT	3
Cobalt Strike	1
BumbleBee	1
Qakbot	1
ISFB	1

Interesse

Tipo

Not Defined	40
Router Operating System	6
Multimedia Player Software	4
WordPress Plugin	4
Web Browser	4

Fabricante

Not Defined	24
Apache	4
Cisco	4
CCBill	2
Craig Patchett	2

Produto

CCBill WhereAmI CGI	2
phpShop	2
Craig Patchett Fileseek	2
Apple QuickTime	2
Juniper Junos	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Lars Ellingsen Guestserver guestbook.cgi Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00169	0.15	CVE-2005-4222
2	TikiWiki tiki-register.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	7.66	CVE-2006-6168
3	Youxun AC Centralized Management Platform HTML File upfile.cgi HTML injection	4.1	4.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.04	CVE-2023-34855
4	Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track Falsificação de Pedido Cross Site	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00063	0.00	CVE-2022-47166
5	Sun Cobalt Raq HTTP Request Directório Traversal	5.3	5.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00642	0.04	CVE-2002-0347
6	DUware DUclassmate default.asp Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00221	0.05	CVE-2005-2049
7	s0nic Paranews news.php Roteiro Cruzado de Sítios	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00195	0.04	CVE-2008-4349
8	xz m4 File Remote Code Execution	9.9	9.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.13337	0.52	CVE-2024-3094
9	Apache Solr Privilege Escalation	7.1	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.87242	0.04	CVE-2023-50386
10	Juniper Junos XNM Command Processor Negação de Serviço	7.5	6.5	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00728	0.03	CVE-2014-0613
11	Plesk Obsidian Login Page direitos alargados	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.04	CVE-2023-24044
12	RiteCMS Admin Panel Directório Traversal	4.6	4.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00336	0.04	CVE-2022-24248
13	Netgear ProSAFE Network Management System Java Debug Wire Protocol Fraca autenticação	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00214	0.04	CVE-2023-49693
14	Joomla CMS LDAP Authentication Fraca autenticação	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00999	0.00	CVE-2014-6632
15	FCKeditor Connector Module Directório Traversal	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.97236	0.04	CVE-2009-2265
16	Adobe Commerce File System direitos alargados	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00140	0.03	CVE-2023-22247
17	Konga Login API Encriptação fraca	4.0	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00228	0.08	CVE-2023-2418
18	Cisco ASA Clientless SSL VPN Portal Excesso de tampão	7.4	7.2	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00109	0.03	CVE-2022-20737
19	phpMyAdmin Configuration File setup.php direitos alargados	7.3	7.0	$5k-$25k	$0-$5k	High	Official Fix	0.80586	0.05	CVE-2009-1151
20	VMware vCenter Server PSC direitos alargados	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00125	0.04	CVE-2022-31680

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Actor	Identified	Tipo	Aceitação
1	67.43.234.48	Yellow Cockatoo RAT	18/12/2023	verified	Alto
2	XXX.XX.XXX.XX	Xxxxxx Xxxxxxxx Xxx	05/11/2022	verified	Alto
3	XXX.XXX.XXX.XX	Xxxxxx Xxxxxxxx Xxx	18/12/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
8	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
12	TXXXX.XXX	CAPEC-112	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (66)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/api/baskets/{name}	predictive	Alto
2	File	/debug/pprof	predictive	Médio
3	File	/forum/away.php	predictive	Alto
4	File	/mhds/clinic/view_details.php	predictive	Alto
5	File	/preview.php	predictive	Médio
6	File	/student/bookdetails.php	predictive	Alto
7	File	/upfile.cgi	predictive	Médio
8	File	adclick.php	predictive	Médio
9	File	xxxxxxxxx.xxx	predictive	Alto
10	File	xxxxxx.xxx	predictive	Médio
11	File	xxxxx_xxxxxx.xxx	predictive	Alto
12	File	xxxxxxxx.xxx	predictive	Médio
13	File	xx_xxxx_xx_xxxx_xxxx.xxx	predictive	Alto
14	File	xxxxxxx.xxx	predictive	Médio
15	File	xxxxxxxx.xxx	predictive	Médio
16	File	xxxxxxxx.xxx	predictive	Médio
17	File	xxxxxx_xxx.xxx	predictive	Alto
18	File	xxxxxxxxxxxx_xxxx.xxx	predictive	Alto
19	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
20	File	xxxx.xxx	predictive	Médio
21	File	xxxxxxxxx.xxx	predictive	Alto
22	File	xxxxxxx.xxx	predictive	Médio
23	File	xxxxx.xxx	predictive	Médio
24	File	xxxxx.xxx/xxxxxxxxx_xxxx/xxx_xxxxxxx_xxxxxxxxxx/	predictive	Alto
25	File	xxxxxxxx.xxx	predictive	Médio
26	File	xxxxxxx/xxx_xxxxxxxx.xxx	predictive	Alto
27	File	xxx_xxxxxxxx.xxx	predictive	Alto
28	File	xxxxxxxxx.xxx	predictive	Alto
29	File	xxxx.xxx	predictive	Médio
30	File	xxxxxxxx.xxx	predictive	Médio
31	File	xxxx.xxx	predictive	Médio
32	File	xxxxx/xxxxxxx.xxx	predictive	Alto
33	File	xxxxxx_xxx_xxxxxx.xxx	predictive	Alto
34	File	xxxxx.xxx	predictive	Médio
35	File	xxxx.xxx	predictive	Médio
36	File	xxxx-xxxxxxxx.xxx	predictive	Alto
37	File	xx.xxx	predictive	Baixo
38	File	xxxxxx.xxx	predictive	Médio
39	File	xx/xx_xxxxxx.xxx	predictive	Alto
40	File	xxxx_xxxx.xxx	predictive	Alto
41	Library	xxxxxxxxxx/xxxxxxxxx.x	predictive	Alto
42	Library	xx/xxx.xxx.xxx	predictive	Alto
43	Argument	$xxxxxxxx	predictive	Médio
44	Argument	xxxx	predictive	Baixo
45	Argument	xxxx_xxx	predictive	Médio
46	Argument	xxxxxxxxxx	predictive	Médio
47	Argument	xxxx	predictive	Baixo
48	Argument	xxxxx	predictive	Baixo
49	Argument	xxxxxxxx	predictive	Médio
50	Argument	xxxx/xxxx	predictive	Médio
51	Argument	xxxx	predictive	Baixo
52	Argument	xx	predictive	Baixo
53	Argument	xx	predictive	Baixo
54	Argument	xxxxxxxxxxxxxxxx	predictive	Alto
55	Argument	xxxx	predictive	Baixo
56	Argument	xxxxxxx	predictive	Baixo
57	Argument	xxxx_xxxx	predictive	Médio
58	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Alto
59	Argument	xxxx_xx	predictive	Baixo
60	Argument	xxxx	predictive	Baixo
61	Argument	xxx_xxx[]	predictive	Médio
62	Argument	xxxxx_xxxx_xxxx	predictive	Alto
63	Argument	xx_xxxx	predictive	Baixo
64	Argument	xxxxxxx_xx	predictive	Médio
65	Argument	xxxxxx	predictive	Baixo
66	Input Value	\xxx../../../../xxx/xxxxxx	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!