Rancor Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (906)

Язык

sv	162
pl	160
en	148
es	142
it	142

Страна

us	876
cn	16
vn	10
dk	2
me	2

Акторы

Rancor	6
LokiBot	1
Dridex	1
NjRAT	1
SharpPanda	1

Интерес

Тип

Not Defined	362
Content Management System	68
Web Browser	52
Operating System	38
Cloud Software	26

Поставщик

Not Defined	264
Cisco	40
IBM	38
Microsoft	34
Oracle	32

Продукт

Microsoft Internet Explorer	26
FFmpeg	18
ownCloud	16
Mozilla Firefox	12
Cisco Unified Communications Manager	12

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	TikiWiki tiki-register.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	5.02	0.01009	CVE-2006-6168
2	Boa Webserver GET wapopen обход каталога	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.73540	CVE-2017-9833
3	Anti-Web write.cgi обход каталога	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00702	CVE-2017-9097
4	mpg123 MP3 File id3.c next_text повреждение памяти	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00177	CVE-2017-9545
5	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	2.03	0.00000
6	Clash Configuration File cfw-setting.yaml эскалация привилегий	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00389	CVE-2023-24205
7	Lenovo X Server FFDC Service Log эскалация привилегий	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00060	CVE-2017-3744
8	DZCP deV!L`z Clanportal config.php эскалация привилегий	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.43	0.00943	CVE-2010-0966
9	Synacor Zimbra Collaboration XML External Entity	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00441	CVE-2016-9924
10	e-Quick Cart shopprojectlogin.asp sql-инъекция	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00000
11	Tiki Admin Password tiki-login.php слабая аутентификация	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	2.59	0.00936	CVE-2020-15906
12	Pligg cloud.php sql-инъекция	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.36	0.00000
13	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.09	0.00141	CVE-2018-6200
14	phpPgAds adclick.php неизвестная уязвимость	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.67	0.00317	CVE-2005-3791
15	Google Android SDK Platform Tools Signedness adb_client.c adb_connect повреждение памяти	8.8	8.3	$100k и многое другое	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00000
16	Netgear D6300B Credential Storage nvram слабое шифрование	5.4	4.6	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00	0.00000
17	OpenStack Keystone эскалация привилегий	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.01166	CVE-2013-2014
18	Sensysnetworks TrafficDOT эскалация привилегий	8.3	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00828	CVE-2014-2378
19	Cws sahab-alkher.com X.509 Certificate слабое шифрование	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2014-7052
20	Appbasedtechnologies Belaire Family Orthodontics X.509 Certificate слабое шифрование	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2014-7405

Кампании (1)

These are the campaigns that can be associated with the actor:

PLAINTEE/DDKONG

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	45.76.176.236	45.76.176.236.vultr.com	Rancor	PLAINTEE/DDKONG	20.12.2020	verified	Средний
2	45.121.146.26	businesso.top	Rancor	PLAINTEE/DDKONG	20.12.2020	verified	Высокий
3	XX.XX.XXX.XX	xx.xxx.xx.xx.xx-xxxx.xxxx	Xxxxxx	Xxxxxxxx/xxxxxx	20.12.2020	verified	Высокий
4	XXX.XX.XXX.XX	xxxxxx.xxxxxxxx.xxx	Xxxxxx	Xxxxxxxx/xxxxxx	20.12.2020	verified	Высокий
5	XXX.XX.XXX.XX	xxxxxxxxxxxxxxx.xxxx	Xxxxxx	Xxxxxxxx/xxxxxx	20.12.2020	verified	Высокий
6	XXX.XX.XXX.XXX		Xxxxxx	Xxxxxxxx/xxxxxx	20.12.2020	verified	Высокий
7	XXX.XXX.XX.XXX		Xxxxxx	Xxxxxxxx/xxxxxx	20.12.2020	verified	Высокий
8	XXX.XXX.X.XXX	xxx.xxx.x.xxx.xxxxx.xxx	Xxxxxx	Xxxxxxxx/xxxxxx	20.12.2020	verified	Средний

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
3	T1059	CWE-94	Argument Injection	predictive	Высокий
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
11	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Высокий
15	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий
17	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (230)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/bin/login.php	predictive	Высокий
2	File	/cgi-bin/wapopen	predictive	Высокий
3	File	/cgi/cpaddons_feature.pl	predictive	Высокий
4	File	/data/nvram	predictive	Средний
5	File	/forum/away.php	predictive	Высокий
6	File	/frontend/x3/cpanelpro/filelist-thumbs.html	predictive	Высокий
7	File	/fs/cifs/file.c	predictive	Высокий
8	File	/goform/login	predictive	Высокий
9	File	/horde/util/go.php	predictive	Высокий
10	File	/mib.db	predictive	Низкий
11	File	/modules/profile/index.php	predictive	Высокий
12	File	/OA_HTML/cabo/jsps/a.jsp	predictive	Высокий
13	File	/out.php	predictive	Средний
14	File	/system/site.php	predictive	Высокий
15	File	adb/adb_client.c	predictive	Высокий
16	File	adclick.php	predictive	Средний
17	File	add_comment.php	predictive	Высокий
18	File	adelogs.adobe.com	predictive	Высокий
19	File	admin.php	predictive	Средний
20	File	admin/google_search_console/class-gsc-table.php	predictive	Высокий
21	File	administrator/components/com_media/helpers/media.php	predictive	Высокий
22	File	android/webkit/SearchBoxImpl.java	predictive	Высокий
23	File	app-layer-ssh.c	predictive	Высокий
24	File	arch_init.c	predictive	Средний
25	File	authenticate.c	predictive	Высокий
26	File	awstats.pl	predictive	Средний
27	File	BKCLogSvr.exe	predictive	Высокий
28	File	xx.xxx	predictive	Низкий
29	File	xxxxxx	predictive	Низкий
30	File	xxx_xxxxxxxxx.xxx	predictive	Высокий
31	File	xxxxxxxx.xxx	predictive	Средний
32	File	xxxxxxxxxxxx.xxx	predictive	Высокий
33	File	xxx-xxxx.xxx	predictive	Средний
34	File	xxx-xxxxxxx.xxxx	predictive	Высокий
35	File	xxx-xxx/xxxxx.xxx	predictive	Высокий
36	File	xxxxxxxx	predictive	Средний
37	File	xxxxx.xxx	predictive	Средний
38	File	xxxxxx/xxx.x	predictive	Средний
39	File	xxxxxx/xxxxx/xxxxxxx.x	predictive	Высокий
40	File	xxxxxxxxxxxxx.xxx	predictive	Высокий
41	File	xxxxxxx.xxx	predictive	Средний
42	File	xxxxxxx-xxxxx-xxxxxxxx.xxx	predictive	Высокий
43	File	xxxxxxx/xxxxxx/xxxxxxxxxxxxxxx_xxxx.xx	predictive	Высокий
44	File	xxxxxxxxx.xxx	predictive	Высокий
45	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
46	File	xxxx_xxxxxxx.xxx	predictive	Высокий
47	File	xxxxxx.xxx	predictive	Средний
48	File	xxxxxx-xxxxx.x	predictive	Высокий
49	File	xxxx_xxxxx.xxx	predictive	Высокий
50	File	xxxx/xxxxxxxxxx/xxxxxx-xxxxx.x	predictive	Высокий
51	File	xxxxxxxxxxxxx/	predictive	Высокий
52	File	xxxxxxx/xxxxxxxxxxx/xxxxxxxxx	predictive	Высокий
53	File	xxxxxxxx_xxxxxxxx.xxx	predictive	Высокий
54	File	xx/xxx/xxxxx.x	predictive	Высокий
55	File	xxxxxxx.xxx	predictive	Средний
56	File	xxxx_xxxx.xxx	predictive	Высокий
57	File	xxxxxxxxxxxxxxx.xxx	predictive	Высокий
58	File	xxxx.xxx	predictive	Средний
59	File	xxxxxxxx.xxx	predictive	Средний
60	File	xxxxx.xx	predictive	Средний
61	File	xxxxxxxx-xxxx-xxxxxx-xx-xxxxxxx.xxx	predictive	Высокий
62	File	xxx/xxxxxx.xxx	predictive	Высокий
63	File	xxx/xxxxx/xxxx-xxxxxxxx.xxx	predictive	Высокий
64	File	xxxxx.xxx	predictive	Средний
65	File	xxxxxxx-xx.x	predictive	Средний
66	File	xxx.x	predictive	Низкий
67	File	xxxxxxxxxx/xxxx.x	predictive	Высокий
68	File	xxxxxxxxxx/xxxx.x	predictive	Высокий
69	File	xxxxxxxxxx/xxxx_xx	predictive	Высокий
70	File	xxxxxxxxxxx/xxxxx.x	predictive	Высокий
71	File	xxxxxxxxxxx/xxxxxxxxxxx.x	predictive	Высокий
72	File	xxxxx.xxx	predictive	Средний
73	File	xxxxx.xxx	predictive	Средний
74	File	xxxx.xxx	predictive	Средний
75	File	xxxxxxxxxx.x	predictive	Средний
76	File	xxxxx/xxxxxxx/xxxxxx_xxxxx_xxxxxxx.xx	predictive	Высокий
77	File	xxxx_xxxxx.xxxxxxxx-xxx.xxx	predictive	Высокий
78	File	xxxxxxxx.x	predictive	Средний
79	File	xxxx.xxx	predictive	Средний
80	File	xxx-xxxxxxxx.x	predictive	Высокий
81	File	xxxxxxx.xxx	predictive	Средний
82	File	xxxxxxx.xxx	predictive	Средний
83	File	xxxxxxx/xxxxxxxxxxxx.x	predictive	Высокий
84	File	xxx_xxx_xxx/xxxxx.x	predictive	Высокий
85	File	xxxxxxxxx.x	predictive	Средний
86	File	xxx/xxxx/xxx_xxxxxx.x	predictive	Высокий
87	File	xxx/xxxxxx/xxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxx	predictive	Высокий
88	File	xxx/xxxxxx/xxxxxxxx/xxxxx/xxxxxxxxx.xxxx	predictive	Высокий
89	File	xxxx/xxxxxxxxx.xxx	predictive	Высокий
90	File	xxxxxxxxxx_xxxx.xxx	predictive	Высокий
91	File	xx_xxxx.xxx	predictive	Средний
92	File	xxx.xxxx	predictive	Средний
93	File	xxxxxxx.xxx	predictive	Средний
94	File	xxxxx.xxx	predictive	Средний
95	File	xxxxxxxx.xxx	predictive	Средний
96	File	xxxxxxxxxx.xxx	predictive	Высокий
97	File	xxxxxxxxx/xxx/xxxxxxxxxxxxx.xxx	predictive	Высокий
98	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Высокий
99	File	xxxxxx.xxx	predictive	Средний
100	File	xxxxxxxxxx.xxx	predictive	Высокий
101	File	xxxxxxxx.xxx	predictive	Средний
102	File	xxxxx/xxxxxxxxxxxx/xxxxxxx/xxx.xxxx	predictive	Высокий
103	File	xxxxxxxxxxxxxxxx.xxx	predictive	Высокий
104	File	xxxxx_xxxxxx_xxxxxxx.xxx	predictive	Высокий
105	File	xxxxxxxxx.x	predictive	Средний
106	File	xxxxx/xxxx/xxxxx.x	predictive	Высокий
107	File	xxxxxxxxx.xxx	predictive	Высокий
108	File	xx_xxxxxxx.xxx	predictive	Высокий
109	File	xxxxxxxxxxx.xxx	predictive	Высокий
110	File	xxxxxxxx.xxx	predictive	Средний
111	File	xxxx-xxxxx.xxx	predictive	Высокий
112	File	xxxx-xxxxxxxx.xxx	predictive	Высокий
113	File	xxx.xxx	predictive	Низкий
114	File	xxxxxxxxxxx_xxxxx.xxx	predictive	Высокий
115	File	xxxx/xxxx_xxxx.x	predictive	Высокий
116	File	xxxxxxxxx_xxxx.x	predictive	Высокий
117	File	xxxxxxx.x	predictive	Средний
118	File	xxxxxxx.xxx	predictive	Средний
119	File	xxx.xxx	predictive	Низкий
120	File	xx-xxxxx/xx/xxxx-xxx.xx	predictive	Высокий
121	File	xx-xxxxxxxx/xxxxx-xxxxxx.xxx	predictive	Высокий
122	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Высокий
123	File	xx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxx	predictive	Высокий
124	File	xx-xxxxxxxxxxx.xxx	predictive	Высокий
125	File	xx-xxxxxxxxx.xxx	predictive	Высокий
126	Library	xxxxxxx\xxx\xxxxxxxx-xxx-x.xxx	predictive	Высокий
127	Library	xxx/xxxxxx_xxxx.xx)	predictive	Высокий
128	Library	xxx/xxxxxx/xxxxxx_.x	predictive	Высокий
129	Library	xxx/xxxxxx/xxxxxxxx/xxx.xxx	predictive	Высокий
130	Library	xxx/xxx.xx	predictive	Средний
131	Library	xxx/xxxxxxxx/xxxx.xx	predictive	Высокий
132	Library	xxxxxx	predictive	Низкий
133	Library	xxxxxxx/xxxxx/xxx/xxxxxx.x	predictive	Высокий
134	Library	xxx/xxxxxxxxx/xxx.x	predictive	Высокий
135	Argument	$_xxxxxxx['xxxx']	predictive	Высокий
136	Argument	-x	predictive	Низкий
137	Argument	/../	predictive	Низкий
138	Argument	xxxxxxxxxx	predictive	Средний
139	Argument	xxxxxxxxxxx	predictive	Средний
140	Argument	xxxxxxxx	predictive	Средний
141	Argument	xxx	predictive	Низкий
142	Argument	xxxxxxxxxx	predictive	Средний
143	Argument	xxx	predictive	Низкий
144	Argument	xxxxxxx	predictive	Низкий
145	Argument	xxxxxx	predictive	Низкий
146	Argument	xxxx	predictive	Низкий
147	Argument	xxx	predictive	Низкий
148	Argument	xxxxxxxx	predictive	Средний
149	Argument	xxxx	predictive	Низкий
150	Argument	xxxxxxxxxxxxx	predictive	Высокий
151	Argument	xxx	predictive	Низкий
152	Argument	xxxxxxx	predictive	Низкий
153	Argument	xxxxx	predictive	Низкий
154	Argument	xxxxxxxxxx	predictive	Средний
155	Argument	xxxxxxxx	predictive	Средний
156	Argument	xxxxx	predictive	Низкий
157	Argument	xxxxxxx	predictive	Низкий
158	Argument	xxxxxxxxx	predictive	Средний
159	Argument	xxxxxxxx	predictive	Средний
160	Argument	xxxxxxxxxxxx	predictive	Средний
161	Argument	xx	predictive	Низкий
162	Argument	xxxxx_xxxx_xxxxxx	predictive	Высокий
163	Argument	xxxx	predictive	Низкий
164	Argument	xxxx	predictive	Низкий
165	Argument	xxxxxx	predictive	Низкий
166	Argument	xxxxxx	predictive	Низкий
167	Argument	xxxx/xxx_xxxxxx/xxxx	predictive	Высокий
168	Argument	xxxxxxxxxx	predictive	Средний
169	Argument	xxx	predictive	Низкий
170	Argument	xxxxx	predictive	Низкий
171	Argument	xxxx_xxxxx	predictive	Средний
172	Argument	xxx_xxxxxx	predictive	Средний
173	Argument	xxxx	predictive	Низкий
174	Argument	xxxxxxxx	predictive	Средний
175	Argument	xxx-xxx xxxx xxxxxxxx	predictive	Высокий
176	Argument	xxxxxxxxx	predictive	Средний
177	Argument	xxxxxxxx	predictive	Средний
178	Argument	xxxxxxxxxxx	predictive	Средний
179	Argument	xxxxxxxxx	predictive	Средний
180	Argument	xxx_xxxx	predictive	Средний
181	Argument	xxxxxxxx	predictive	Средний
182	Argument	xxx	predictive	Низкий
183	Argument	xxxxx	predictive	Низкий
184	Argument	xxxxxxxxxxxxx xx	predictive	Высокий
185	Argument	xxxxxxxx	predictive	Средний
186	Argument	xxxxxxxx_xxx	predictive	Средний
187	Argument	xxxxxxxxx	predictive	Средний
188	Argument	xxxxxxx	predictive	Низкий
189	Argument	xxxxxx	predictive	Низкий
190	Argument	xxxxxx	predictive	Низкий
191	Argument	xxxxxxxxxx	predictive	Средний
192	Argument	xxxxxx_xx	predictive	Средний
193	Argument	xxxx_xxx	predictive	Средний
194	Argument	xxxx	predictive	Низкий
195	Argument	xx	predictive	Низкий
196	Argument	xxx	predictive	Низкий
197	Argument	xx_xx	predictive	Низкий
198	Argument	xxxxx	predictive	Низкий
199	Argument	xxxxxx	predictive	Низкий
200	Argument	xxxxxxxxx	predictive	Средний
201	Argument	xxxxxx	predictive	Низкий
202	Argument	xx_xx	predictive	Низкий
203	Argument	xxxxxxxx	predictive	Средний
204	Argument	xxxxxxxx	predictive	Средний
205	Argument	xxxxxx	predictive	Низкий
206	Argument	xxxxxx[]	predictive	Средний
207	Argument	xxxxxxxxxxxxxxx	predictive	Высокий
208	Argument	xxxx=xxxxxxxx	predictive	Высокий
209	Argument	xxxxxx_xxx	predictive	Средний
210	Argument	xxx	predictive	Низкий
211	Argument	xxx	predictive	Низкий
212	Argument	xxxxxxxx	predictive	Средний
213	Argument	xxxxx	predictive	Низкий
214	Argument	xxx[xxxx_xx]	predictive	Средний
215	Argument	xxxxxx	predictive	Низкий
216	Argument	xxxxxxxxxxx	predictive	Средний
217	Argument	_xxxxxxx	predictive	Средний
218	Input Value	'xx x=x	predictive	Низкий
219	Input Value	);<xxxxxx>xxxxx('xxx')</xxxxxx>	predictive	Высокий
220	Input Value	..%xx	predictive	Низкий
221	Input Value	../..	predictive	Низкий
222	Input Value	/\xxxxxxx.xxx	predictive	Высокий
223	Input Value	x" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="	predictive	Высокий
224	Input Value	xxxxxxx.xxx_xxx.xxx	predictive	Высокий
225	Input Value	xxxxxx	predictive	Низкий
226	Input Value	\xxx\xxx\xxx\xxx\xxx	predictive	Высокий
227	Network Port	xxxxxxxxxxxxxx xxxxxx	predictive	Высокий
228	Network Port	xxx/xxxx	predictive	Средний
229	Network Port	xxx/xxxx (xxxx) / xxx/xxxx (xxxxx)	predictive	Высокий
230	Network Port	xxx xxxxxx xxxx	predictive	Высокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!