ZuoRAT Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (123)

Idioma

en	94
zh	28
es	2

País

cn	86
us	38

Actores

ZuoRAT	3
Cobalt Strike	2
APT10	1
pupy	1
Sliver	1

Interesse

Tipo

Not Defined	44
Content Management System	10
Database Software	10
Firewall Software	10
Groupware Software	6

Fabricante

Not Defined	22
Microsoft	12
Oracle	8
Apache	6
Fortinet	6

Produto

Mail2000	6
Oracle Database Server	6
Microsoft Exchange Server	4
Microsoft IIS	4
Microsoft Windows	4

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	QNAP QTS Photo Station direitos alargados	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96341	0.04	CVE-2019-7192
2	Deltek Vision RPC over HTTP SQL Injecção SQL	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00576	0.02	CVE-2018-18251
3	Mail2000 Login portal Roteiro Cruzado de Sítios	5.2	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00334	0.04	CVE-2019-15072
4	Zoho ManageEngine ADSelfService Plus direitos alargados	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00562	0.00	CVE-2020-11518
5	Shopro Mall System Injecção SQL	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.07	CVE-2022-35154
6	wix-embedded-mysql com.wix.mysql.distribution.Setup.apply direitos alargados	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00128	0.00	CVE-2023-39021
7	Blueriver Sava CMS fileManager.cfc Directório Traversal	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02567	0.04	CVE-2010-3468
8	Mura CMS Draggable Feeds readRSS.cfm XML External Entity	6.4	5.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01204	0.00	CVE-2017-15639
9	Gibbon direitos alargados	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02842	0.09	CVE-2023-34598
10	Slider Revolution Plugin Image File direitos alargados	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.03	CVE-2023-2359
11	Essential Grid Plugin direitos alargados	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02	CVE-2023-47771
12	Citrix ShareFile StorageZones Controller direitos alargados	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97392	0.00	CVE-2023-24489
13	HPE ArubaOS AirWave Client Service Excesso de tampão	9.8	9.6	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00187	0.03	CVE-2023-45616
14	VMware Workspace ONE UEM Console SAML Response Redirect	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.05	CVE-2023-20886
15	D-Link D-View coreservice_action_script Remote Code Execution	9.8	9.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.00	CVE-2023-44414
16	Citrix XenMobile Server direitos alargados	5.5	5.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00248	0.00	CVE-2022-26151
17	y_project RuoYi GenController Injecção SQL	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00133	0.07	CVE-2022-4566
18	VMware Horizon Server Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00046	0.03	CVE-2023-34038
19	Fortinet FortiWeb Authorization Header Injecção SQL	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00131	0.00	CVE-2020-29015
20	Ignition Automation Ignition JavaSerializationCodec direitos alargados	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02	CVE-2023-39476

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	59.124.6.0	59-124-6-0.hinet-ip.hinet.net	ZuoRAT	05/07/2022	verified	Alto
2	82.157.69.219		ZuoRAT	01/07/2022	verified	Alto
3	XXX.XXX.XXX.XXX		Xxxxxx	01/07/2022	verified	Alto
4	XXX.XX.XXX.XXX		Xxxxxx	01/07/2022	verified	Alto
5	XXX.XX.XXX.XX		Xxxxxx	01/07/2022	verified	Alto
6	XXX.XX.XXX.X	xxxxxxxxxxx-xxx-xx-xxx-x.xxxx-xxxxxxx.xxxxxxx.xx.xxxxxxxxxx.xxx	Xxxxxx	05/07/2022	verified	Alto
7	XXX.XXX.XX.XX		Xxxxxx	01/07/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Alto
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX.XXX	CAPEC-0	CWE-XX	Xxxxxxxxxxxxx	predictive	Alto
14	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
15	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	.kdbgrc	predictive	Baixo
2	File	/../../conf/template/uhttpd.json	predictive	Alto
3	File	/cgi-bin/go	predictive	Médio
4	File	/cgi-bin/portal	predictive	Alto
5	File	/etc/shadow	predictive	Médio
6	File	/etc/sudoers	predictive	Médio
7	File	/xxxxxxxxx//../	predictive	Alto
8	File	/xxxxxxx/	predictive	Médio
9	File	xxx-xxx/xxxxxxxxxxxx.xxx/xxxxxxxxxxxx	predictive	Alto
10	File	xxx/xxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxx	predictive	Alto
11	File	xxxx/xxxxxxxxxxxxx.xxx	predictive	Alto
12	File	xxxxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxxxx/xxxxxx/xxxxx.xxx	predictive	Alto
14	File	xxxxxx/xxxxxxxxxxxx	predictive	Alto
15	File	xxx/xxxxxx.xxx	predictive	Alto
16	File	xxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxx	predictive	Alto
17	File	xxxxx.xxx	predictive	Médio
18	File	xxxxxxxxxxx-xxxx.xx	predictive	Alto
19	File	xxxxxxx.xxx	predictive	Médio
20	File	xxxxx_xxxxxx_xxxxxxxx.xxx	predictive	Alto
21	File	xxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxx	predictive	Alto
22	File	xxx.x	predictive	Baixo
23	File	xxxx.xx.xx	predictive	Médio
24	File	xxxxxx.xxx	predictive	Médio
25	File	xxxxx/xxxx/xxxxxxx.xxx	predictive	Alto
26	File	xxxxxx/xxxxxxxxxxx/xxxx_xxxxxxx.xxx	predictive	Alto
27	File	xxxxxxxx.xxx	predictive	Médio
28	Library	xxxxxxx.xxx	predictive	Médio
29	Argument	xxxxxx	predictive	Baixo
30	Argument	xxxx_xxxxxxx	predictive	Médio
31	Argument	xxxxxxxx	predictive	Médio
32	Argument	xxx_xxxxxx_x	predictive	Médio
33	Argument	xxxxxxxxxxx	predictive	Médio
34	Argument	xxxxxxxxxx	predictive	Médio
35	Argument	xxxxxx	predictive	Baixo
36	Argument	xxxxxx_xxxxx_xxx	predictive	Alto
37	Argument	xx	predictive	Baixo
38	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Alto
39	Argument	xxx	predictive	Baixo
40	Argument	xxxxxxxx	predictive	Médio
41	Argument	xxxxx	predictive	Baixo
42	Input Value	xxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxx	predictive	Alto
43	Input Value	\x	predictive	Baixo
44	Network Port	xxxxx	predictive	Baixo
45	Network Port	xxx/xx (xxx)	predictive	Médio

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!