CrimsonRAT Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Временная шкала

Язык

en28
de4
sv2
it2

Страна

us30

Акторы

CrimsonRAT1

Деятельность

Интерес

Временная шкала

Тип

Not Defined12
Anti-Malware Software2
Operating System2
Content Management System2
Smartphone Operating System2

Поставщик

Not Defined2
Shenzhen2
Symantec2
Edgewall Software2
Apple2

Продукт

Wheatblog2
Shenzhen Tenda2
Symantec Security Check Virus Detection2
Edgewall Software Trac2
Apple Mac OS X Server2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25kРасчетHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.48CVE-2010-0966
3Apple Mac OS X Server Wiki Server межсайтовый скриптинг4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.04CVE-2009-2814
4Myupb UPB межсайтовый скриптинг4.34.3$0-$5k$0-$5kHighUnavailable0.002970.00CVE-2008-6727
5Pligg cloud.php sql-инъекция6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.57
6Coppermine Photo Gallery init.inc.php эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.083070.05CVE-2004-1988
7Promosi-web ardguest ardguest.php межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.00CVE-2009-3668
8Edgewall Software Trac quickjump эскалация привилегий6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002510.04CVE-2008-2951
9Ipswitch MOVEit DMZ Send Attachment Feature раскрытие информации6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.02CVE-2015-7675
10Joomla CMS com_easyblog sql-инъекция6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.30
11PHPGurukul Employee Record Management System POST Parameter forgetpassword.php sql-инъекция8.07.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.007980.00CVE-2021-43451
12PHP Link Directory Administration Page index.html межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.21CVE-2007-0529
13DT Register Extension sql-инъекция8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002820.00CVE-2018-6584
14Genetechsolutions Pie-Register wp-login.php межсайтовый скриптинг4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.009040.00CVE-2013-4954
15Akamai Technologies Download Manager ActiveX Control downloadmanagerv2.ocx getprivateprofilesectionw повреждение памяти10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.349050.00CVE-2007-1891
16Symantec Security Check Virus Detection Profiles rufsi.dll GetPrivateProfileString повреждение памяти5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.015360.00CVE-2004-1910
17Google Android Permission Check DevicePolicyManagerService.java GetPermittedAccessibilityServicesForUser эскалация привилегий6.56.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2019-2091
18Wheatblog add_comment.php межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2006-7002
19Oracle Transportation Management Install эскалация привилегий8.18.0$5k-$25k$0-$5kHighOfficial Fix0.975010.05CVE-2017-12617
20Shenzhen Tenda usbeject system эскалация привилегий7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001000.03CVE-2017-16923

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1192.3.99.68192-3-99-68-host.colocrossing.comCrimsonRAT23.03.2023verifiedВысокий
2XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxxXxxxxxxxxx23.03.2023verifiedВысокий

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveВысокий
3TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/forgetpassword.phppredictiveВысокий
2Fileadd_comment.phppredictiveВысокий
3Fileardguest.phppredictiveСредний
4Filexxx-xxx/xxxx/xxxxxxxxpredictiveВысокий
5Filexxxxx.xxxpredictiveСредний
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
7Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveВысокий
8Filexxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
9Filexxx/xxxxxx.xxxpredictiveВысокий
10Filexxxxx.xxxxpredictiveСредний
11Filexxxx.xxx.xxxpredictiveСредний
12Filexx-xxxxx.xxxpredictiveСредний
13Libraryxxxxx.xxxpredictiveСредний
14ArgumentxxxxxxxxpredictiveСредний
15ArgumentxxxxxxxxxxpredictiveСредний
16Argumentxxx_x_xxxpredictiveСредний
17ArgumentxxxxxpredictiveНизкий
18ArgumentxxpredictiveНизкий
19ArgumentxxxxxpredictiveНизкий
20ArgumentxxxxpredictiveНизкий
21ArgumentxxxxxpredictiveНизкий
22Argumentxxxxxxxxxxxxx/xxxxxpredictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!