ObliqueRAT Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (546)

Lang

en	518
es	14
fr	6
it	4
ru	2

Land

us	506
ru	26
cn	14

Skådespelare

ObliqueRAT	2
Conti	2
Fodcha	2
RedLine Stealer	2
Wizard Spider	1

Intressera

Typ

Firewall Software	22
Not Defined	14
Content Management System	10
Web Browser	4
Log Management Software	2

Säljare

Not Defined	28
Squid	6
Mozilla	4
Nagios	2
Google	2

Produkt

Drupal	6
Mozilla Firefox	4
Squid Proxy	4
WordPress	2
BusyBox	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Apache HTTP Server mod_proxy_balancer.c balancer_handler cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.21782	0.00	CVE-2012-4558
2	Google Android Proxy Auto-Config ic.cc UpdateLoadElement minneskorruption	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00102	0.00	CVE-2019-2047
3	Telegram Desktop Proxy privilegier eskalering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00219	0.00	CVE-2018-17613
4	https-proxy-agent JSON minneskorruption	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00659	0.03	CVE-2018-3739
5	Apache HTTP Server mod_proxy_fcgi.c handle_headers minneskorruption	5.3	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00953	0.05	CVE-2014-3583
6	Apple iOS Proxy Authentication privilegier eskalering	6.6	6.4	$100k och mer	$5k-$25k	Not Defined	Official Fix	0.00182	0.04	CVE-2016-4642
7	YoungZSoft CCProxy Proxy Service minneskorruption	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.11487	0.00	CVE-2004-2685
8	CNCF Envoy Proxy förnekande av tjänsten	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00341	0.04	CVE-2020-8659
9	Blue Coat ProxySG SGOS informationsgivning	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00139	0.02	CVE-2015-4334
10	Juniper WLC Proxy ARP/No Broadcast Feature privilegier eskalering	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00712	0.00	CVE-2014-6381
11	Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored cross site scripting	5.7	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00115	0.00	CVE-2018-18370
12	Palo Alto PAN-OS DNS Proxy privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06716	0.03	CVE-2017-8390
13	QNAP Proxy Server Setting svag autentisering	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.00	CVE-2017-7639
14	Squid Web Proxy cachemgr.cgi privilegier eskalering	6.1	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00267	0.04	CVE-2019-18860
15	Bluecoat SGOS Management Console cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00265	0.02	CVE-2010-5192
16	Artica Proxy fw.progrss.details.php kataloggenomgång	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96791	0.00	CVE-2020-13158
17	Artica Proxy settings.inc privilegier eskalering	4.9	4.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00130	0.02	CVE-2019-7300
18	Sarg Squid Analysis Report Generator Proxy Server useragent.c useragent minneskorruption	10.0	9.0	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.44560	0.00	CVE-2008-1167
19	Google Android Proxy Configuration hydrogen-alias-analysis.h HAliasAnalyzer.Query privilegier eskalering	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00102	0.04	CVE-2019-2097
20	Check point Firewall-1/VPN-1 IKE Aggressive Mode svag kryptering	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00409	0.10	CVE-2002-1623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	185.117.73.222		ObliqueRAT		31/03/2022	verified	Hög
2	XXX.XXX.XX.XXX		Xxxxxxxxxx		10/08/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-19, CWE-20, CWE-119, CWE-120, CWE-121, CWE-189, CWE-190, CWE-287, CWE-352, CWE-399, CWE-400, CWE-404, CWE-415, CWE-704, CWE-787, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
13	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
14	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/assets/php/upload.php	predictive	Hög
2	File	admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list	predictive	Hög
3	File	cachemgr.cgi	predictive	Medium
4	File	cgi-bin/cmh/webcam.sh	predictive	Hög
5	File	xxxxxx.x	predictive	Medium
6	File	xx.xxxxxxx.xxxxxxx.xxx	predictive	Hög
7	File	xxxxxxxx-xxxxx-xxxxxxxx.x	predictive	Hög
8	File	xx.xx	predictive	Låg
9	File	xxxxxx.xxx	predictive	Medium
10	File	xxxxx.xxx	predictive	Medium
11	File	xxxxxx.x	predictive	Medium
12	File	xxxxx.xxx	predictive	Medium
13	File	xxx_xxxxx_xxxxxxxx.x	predictive	Hög
14	File	xxx_xxxxx_xxxx.x	predictive	Hög
15	File	xxxxxxxx_xxxxxx.xxx	predictive	Hög
16	File	xxxxxxxxxx/xxxxxxxx.xxx	predictive	Hög
17	File	xxxxxxxxx.x	predictive	Medium
18	File	xxxxx/xxxxx.xx	predictive	Hög
19	File	xxxxxxxxxxxxx.xxxx	predictive	Hög
20	Library	xxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxx	predictive	Hög
21	Argument	xxxx	predictive	Låg
22	Argument	xxxxxxxxxxxxx	predictive	Hög
23	Argument	xxxxxxxxxxxx	predictive	Medium
24	Argument	xxxxxxxx	predictive	Medium
25	Argument	xx_xxxxxxxx	predictive	Medium
26	Argument	xxxxxxxxx	predictive	Medium
27	Argument	xxxx_xxxxx/xxxx_xxxxxxxx	predictive	Hög
28	Argument	xxxxxxx.xxx_xxxxxxxxxx	predictive	Hög
29	Argument	xxxxx	predictive	Låg
30	Argument	xxx	predictive	Låg
31	Argument	xxxxxxxx	predictive	Medium
32	Argument	xxxx xxxx	predictive	Medium
33	Input Value	%xx%xx%xx	predictive	Medium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Might our Artificial Intelligence support you?

Check our Alexa App!