CapraRAT Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

Tidslinje

Lang

en28
zh6
it2

Land

us26
cn8

Skådespelare

CapraRAT1
Crimson RAT1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined10
Web Server4
Content Management System2
Database Software2
Operating System2

Säljare

Not Defined8
Apache4
D-Link4
PuneethReddyHC2
Keenetic2

Produkt

Apache HTTP Server4
PuneethReddyHC Event Management2
Django2
Pligg2
Keenetic KN-10102

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1h5ai privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.033150.00CVE-2015-3203
2TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010755.05CVE-2006-6168
3Advanced Guestbook index.php kataloggenomgång3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
4D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi svag autentisering9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.012740.17CVE-2024-3272
5SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.50CVE-2022-28959
6Login with Phone Number Plugin Setting cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2022-0598
7Microsoft Windows Remote Desktop Protocol informationsgivning3.53.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-38631
8Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js informationsgivning5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000457.12CVE-2024-4021
9D-Link DIR-865L register_send.php svag autentisering7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
10Pligg cloud.php sql injektion6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.41
11PuneethReddyHC Event Management register.php sql injektion5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-3432
12Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.06CVE-2020-15906
13LushiWarPlaner register.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.008210.05CVE-2007-0864
14YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
15Django Cache informationsgivning3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004950.00CVE-2014-1418
16PHP MySQL Admin Panel Generator edit-db.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.02CVE-2022-28102
17Microsoft IIS IP/Domain Restriction privilegier eskalering6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.12CVE-2014-4078
18OFCMS uploadFile privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.04CVE-2019-9617
19jsoup HTML Parser/XML Parser förnekande av tjänsten5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006400.00CVE-2021-37714
20Zoom On-Premise Meeting Connector Controller privilegier eskalering4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.04CVE-2021-34416

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
134.102.136.180180.136.102.34.bc.googleusercontent.comCapraRAT17/03/2023verifiedMedium
2XX.XXX.XXX.XXXxxxxxxx17/03/2023verifiedHög
3XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx17/03/2023verifiedHög
4XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxxXxxxxxxx17/03/2023verifiedHög

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-22Path TraversalpredictiveHög
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHög
3TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/backend/register.phppredictiveHög
2File/cgi-bin/nas_sharing.cgipredictiveHög
3File/edit-db.phppredictiveMedium
4File/xxxxxxxxxxxxx.xxpredictiveHög
5File/xxxx.xxxpredictiveMedium
6Filexxxxx/xxxxxxx/xxxxxxxxxxpredictiveHög
7Filexxxxx.xxxpredictiveMedium
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxxx.xxxpredictiveMedium
10Filexxxxxxxx_xxxx.xxxpredictiveHög
11Filexxxx-xxxxx.xxxpredictiveHög
12Filexxxx-xxxxxxxx.xxxpredictiveHög
13Filexxxx.xxpredictiveLåg
14ArgumentxxxxxpredictiveLåg
15ArgumentxxxxxxxxxxpredictiveMedium
16Argumentxxxxx_xx/xxxx_xxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxpredictiveHög
17ArgumentxxxxpredictiveLåg
18ArgumentxxpredictiveLåg
19ArgumentxxxxpredictiveLåg
20ArgumentxxxxpredictiveLåg
21Input Valuexxxx.xxx::$xxxxpredictiveHög
22Input ValuexxxxxxxxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!