RapperBot Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (113)

Временная шкала

Язык

en76
de32
ru6

Страна

us60
de32
ru4

Акторы

Mirai4
RedLine Stealer4
Nanocore RAT4
Cobalt Strike4
Bashlite3

Деятельность

Интерес

Временная шкала

Тип

Not Defined44
Web Browser12
Mail Server Software4
Programming Language Software4
Operating System4

Поставщик

Not Defined32
Google8
Huawei4
Alt-N4
PineApp4

Продукт

Google Chrome8
Huawei HarmonyOS4
Alt-N MDaemon4
Apple QuickTime4
Mozilla Firefox4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1e107 CMS secure_img_render.php эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.03019CVE-2004-2041
2ampleShop category.cfm sql-инъекция7.37.3$0-$5kРасчетNot DefinedUnavailable0.020.00621CVE-2006-2038
3Veritas Backup Exec Ressource отказ в обслуживании6.25.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.02580CVE-2006-1297
4Mozilla Firefox smb/sftp Protocol эскалация привилегий7.56.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.01656CVE-2007-5338
5PHPOutsourcing IdeaBox include.php эскалация привилегий7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050.17410CVE-2008-5199
6Mambo mod_mainmenu.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.650.00000
7Alt-N MDaemon Attachment Virus обход каталога5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00000
8myPHPCalendar admin.php эскалация привилегий7.36.9$0-$5kРасчетProof-of-ConceptNot Defined0.040.02576CVE-2006-6812
9dotProject vw_files.php эскалация привилегий7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
10Zentrack index.php эскалация привилегий7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00000
11Mozilla Firefox Javascript focus отказ в обслуживании5.95.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.96046CVE-2006-1993
12phpforum mainfile.php эскалация привилегий7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00513CVE-2003-0559
13Ibrow News Desk newsdesk.cgi обход каталога5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.16516CVE-2001-0231
14CCBill whereami.cgi эскалация привилегий6.35.8$0-$5k$0-$5kProof-of-ConceptWorkaround0.040.00000
15Apple QuickTime FPX File повреждение памяти8.68.2$5k-$25kРасчетNot DefinedOfficial Fix0.040.22700CVE-2013-0988
16Apple QuickTime MVHD Atom повреждение памяти8.68.2$5k-$25kРасчетNot DefinedOfficial Fix0.000.08598CVE-2013-1022
17Zentrack index.php обход каталога7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.080.00000
18WEBInsta Mailing Manager initdb.php эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.01194CVE-2005-0748
19SourceCodester Food Ordering System PHP File ajax.php эскалация привилегий7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00307CVE-2023-24646
20Linux Kernel capsule-loader.c повреждение памяти4.64.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2022-40307

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
12.58.149.116RapperBot10.10.2022verifiedВысокий
231.44.185.235RapperBot10.10.2022verifiedВысокий
3XXX.XXX.XXX.XXXXxxxxxxxx03.02.2023verifiedВысокий
4XXX.XXX.XX.XXXXxxxxxxxx21.11.2022verifiedВысокий
5XXX.XXX.XX.XXXXxxxxxxxx10.10.2022verifiedВысокий
6XXX.XX.XX.XXXXxxxxxxxx10.10.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveВысокий
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveВысокий
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
13TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/?r=email/api/mark&op=delFromSendpredictiveВысокий
2File/fos/admin/ajax.phppredictiveВысокий
3File/include/chart_generator.phppredictiveВысокий
4File/index.phppredictiveСредний
5File/modules/projects/vw_files.phppredictiveВысокий
6Fileadmin.phppredictiveСредний
7Fileaffich.phppredictiveСредний
8Filealbum_portal.phppredictiveВысокий
9Filecategory.cfmpredictiveСредний
10Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveВысокий
11Filexxx.xxxpredictiveНизкий
12Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictiveВысокий
13Filexxxxx_xxxxxxxx.xxxxpredictiveВысокий
14Filexxxxxx.xpredictiveСредний
15Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveВысокий
16Filexxxxxxxxxxxx_xxxx.xxxpredictiveВысокий
17Filexxxxx_xxxxxx.xxxpredictiveВысокий
18Filexxxxxxx.xxxpredictiveСредний
19Filexxxxx.xxxpredictiveСредний
20Filexxxx.xxx.xxxpredictiveСредний
21Filexxxxxx.xxxpredictiveСредний
22Filexxxxxxxx.xxxpredictiveСредний
23Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
24Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveВысокий
25Filexxx_xxxxxxxx.xxxpredictiveВысокий
26Filexxxxxxxx.xxxpredictiveСредний
27Filexxxxxxx_xxxx.xxxpredictiveВысокий
28Filexxxxxxxx.xxxpredictiveСредний
29Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveВысокий
30Filexxxxxxxx.xxxpredictiveСредний
31Filexxxxxx_xxx_xxxxxx.xxxpredictiveВысокий
32Filexxxxx_xxxxx.xxxpredictiveВысокий
33Filexxxx_xxx.xxxpredictiveСредний
34Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveВысокий
35Filexxxx.xxxpredictiveСредний
36Libraryxxxxxx[xxxxxx_xxxxpredictiveВысокий
37Libraryxxx/xxxxxxxxxxx.xxxpredictiveВысокий
38Libraryxx/xxx.xxx.xxxpredictiveВысокий
39Libraryxxx/xxx/xxxx/xxx/xxxx.xxxpredictiveВысокий
40Argumentxxxxxxxx_xxxxpredictiveВысокий
41ArgumentxxxxpredictiveНизкий
42Argumentxxx_xxxpredictiveНизкий
43ArgumentxxxpredictiveНизкий
44ArgumentxxxxxxxxxxpredictiveСредний
45Argumentxxxxxx[xxxxxx_xxxx]predictiveВысокий
46ArgumentxxxxxxxxxxxxxpredictiveВысокий
47Argumentxxx_x_xxxpredictiveСредний
48Argumentxxxx_xxxxpredictiveСредний
49Argumentxxxxxxxx[xxxx_xxx]predictiveВысокий
50ArgumentxxxxxxxxpredictiveСредний
51Argumentxxxx/xxxxpredictiveСредний
52ArgumentxxxxxxxxpredictiveСредний
53Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveВысокий
54ArgumentxxxxxpredictiveНизкий
55Argumentxxxx_xxxxpredictiveСредний
56Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveВысокий
57ArgumentxxxxxxxxpredictiveСредний
58ArgumentxxxxpredictiveНизкий
59Argumentxxxxx_xxxx_xxxxpredictiveВысокий
60ArgumentxxxxxxxxpredictiveСредний
61Argumentxx_xxxxpredictiveНизкий
62ArgumentxxxxxxxxpredictiveСредний
63ArgumentxxxxxpredictiveНизкий
64ArgumentxxxpredictiveНизкий
65Argumentxxxxxx_xxxpredictiveСредний
66Argumentxxxxxxx_xxpredictiveСредний
67ArgumentxxxxxxxxpredictiveСредний
68Argumentxxxxxxxx/xxxxx xxxxxxx/xxxxxxxxpredictiveВысокий
69ArgumentxxpredictiveНизкий
70Input Value\xxx../../../../xxx/xxxxxxpredictiveВысокий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!