ZenRAT Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

Idioma

en	28
de	2

País

ru	10
de	2

Actores

Cobalt Strike	1
RedLine Stealer	1
ZenRAT	1

Interesse

Tipo

Not Defined	8
Ticket Tracking Software	4
Joomla Component	2
Database Administration Software	2
Network Attached Storage Software	2

Fabricante

Not Defined	14
Microsoft	2
DTH	2
Valdersoft	2
QNAP	2

Produto

Movie Ticket Booking System	4
Microsoft ASP.NET Core MVC	2
DTH DT Register Extension	2
Valdersoft Valdersoft Shopping Cart	2
phpMyAdmin	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	XMB Forum phpinfo.php Divulgação de Informação	5.3	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01811	0.00	CVE-2004-2588
2	DTH DT Register Extension index.php Injecção SQL	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
3	Zabbix Configuration setup.php direitos alargados	5.5	5.5	$0-$5k	$0-$5k	High	Not Defined	0.62980	0.05	CVE-2022-23134
4	JCE-Tech Php Calendars Script product_list.php Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.04	CVE-2010-0375
5	Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.04	CVE-2022-28507
6	DNN Directório Traversal	4.2	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00063	0.04	CVE-2022-2922
7	Movie Ticket Booking System booking.php Injecção SQL	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.04	CVE-2022-4247
8	Movie Ticket Booking System editBooking.php Injecção SQL	6.6	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.04	CVE-2022-4248
9	OpenSSL Ticket t1_lib.c tls_decrypt_ticket direitos alargados	6.4	6.3	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.30715	0.05	CVE-2016-6302
10	FlatPress Setup main.lib.php Roteiro Cruzado de Sítios	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00088	0.04	CVE-2022-4822
11	Coppermine Photo Gallery init.inc.php direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08307	0.05	CVE-2004-1988
12	PHP String-Typed ZVAL Remote Code Execution	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
13	Hospital Management Center patient-info.php Injecção SQL	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00151	0.04	CVE-2022-4012
14	olbookmarks default.php direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.20427	0.00	CVE-2007-2816
15	Valdersoft Valdersoft Shopping Cart default.php Excesso de tampão	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03054	0.00	CVE-2006-0099
16	gtd-php newContext.php Roteiro Cruzado de Sítios	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01202	0.00	CVE-2006-1479
17	SourceCodester Blood Bank Management System login.php Injecção SQL	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00152	0.04	CVE-2022-4737
18	Php Script Tools PSY Auction item.php Injecção SQL	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00331	0.00	CVE-2006-7005
19	Microsoft ASP.NET Core MVC View direitos alargados	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
20	Metalinks MetaCart e-Shop product.asp Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00210	0.00	CVE-2005-1361

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	185.156.72.8		ZenRAT		29/10/2023	verified	Alto
2	XXX.XXX.XX.XX		Xxxxxx		29/10/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22, CWE-23	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	booking.php	predictive	Médio
2	File	editBooking.php	predictive	Alto
3	File	grab_globals.lib.php	predictive	Alto
4	File	include/templates/categories/default.php	predictive	Alto
5	File	xxxxx.xxx	predictive	Médio
6	File	xxxx.xxx.xxx	predictive	Médio
7	File	xxxx.xxx	predictive	Médio
8	File	xxxxx.xxx	predictive	Médio
9	File	xxxxxxxxxx.xxx	predictive	Alto
10	File	xxxxxxx-xxxx.xxx	predictive	Alto
11	File	xxxxxxx.xxx	predictive	Médio
12	File	xxxxxxx.xxx	predictive	Médio
13	File	xxxxxxx_xxxx.xxx	predictive	Alto
14	File	xxxxx.xxx	predictive	Médio
15	File	xxxxx/xxx/xxxx.xxx.xxx	predictive	Alto
16	File	xxxxxx/xxxxxxx.xxx	predictive	Alto
17	Library	xxx/xx_xxx.x	predictive	Médio
18	Argument	xxx	predictive	Baixo
19	Argument	xxxxxxxxxxxxxxxxxxx	predictive	Alto
20	Argument	xxx[x]	predictive	Baixo
21	Argument	xxx_x_xxx	predictive	Médio
22	Argument	xx	predictive	Baixo
23	Argument	xxxxxx	predictive	Baixo
24	Argument	xx_xx	predictive	Baixo
25	Argument	xxxx	predictive	Baixo
26	Argument	xxxxxxxxxx_xxxx	predictive	Alto
27	Argument	xxxxx	predictive	Baixo
28	Argument	xxxxxxxx/xxxxxxxx	predictive	Alto
29	Input Value	x) xx x-- -	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!