Sorillus RAT Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (62)

Lang

en	34
de	16
pl	6
ru	4
es	2

Land

us	56
ru	2
fr	2
hu	2

Skådespelare

Ave Maria	2
AsyncRAT	1
Revenge RAT	1
NjRAT	1
Remcos	1

Intressera

Typ

Not Defined	14
Web Server	10
Programming Language Software	4
Office Suite Software	2
Smartphone Operating System	2

Säljare

Not Defined	12
Microsoft	6
IBM	4
All Enthusiast Inc	2
Gempar	2

Produkt

Microsoft IIS	4
Microsoft Office	2
All Enthusiast Inc Reviewpost Php Pro	2
thttpd	2
PHPChain	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injektion	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00501	0.00	CVE-2004-2175
2	PhotoPost PHP Pro showproduct.php sql injektion	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00276	0.04	CVE-2004-0250
3	Microsoft IIS IP/Domain Restriction privilegier eskalering	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.14	CVE-2014-4078
4	OpenSSH Authentication Username informationsgivning	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.19	CVE-2016-6210
5	BitTorrent uTorrent Bencoding Parser privilegier eskalering	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00867	0.04	CVE-2020-8437
6	MDaemon Webmail cross site scripting	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00070	0.02	CVE-2019-8983
7	Synology DiskStation Manager Change Password privilegier eskalering	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.03	CVE-2018-8916
8	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.14	CVE-2017-0055
9	Apache HTTP Server mod_userdir HTTP Response Splitting privilegier eskalering	6.7	6.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00399	0.00	CVE-2016-4975
10	PHP mysqli mysqli_fetch_assoc sql injektion	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00175	0.04	CVE-2010-4700
11	polkit pkexec privilegier eskalering	8.8	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00046	0.04	CVE-2021-4034
12	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.09	CVE-2022-27228
13	Ab Stealer Web Panel cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
14	e-Quick Cart shoptellafriend.asp sql injektion	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.04
15	Virtual Programming VP-ASP shopexd.asp sql injektion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00145	0.03	CVE-2003-0560
16	e-Quick Cart shopprojectlogin.asp cross site scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
17	PHP EXIF exif_process_IFD_in_TIFF minneskorruption	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02863	0.04	CVE-2019-9641
18	Todd Miller sudo sudoedit sudoers privilegier eskalering	7.8	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00061	0.00	CVE-2015-5602
19	Tim Kosse FileZilla Format String	7.3	7.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03339	0.04	CVE-2007-2318
20	BusyBox Terminal lineedit.c add_match privilegier eskalering	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00522	0.07	CVE-2017-16544

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Skådespelare	Identified	Typ	Förtroende
1	79.134.225.85	Sorillus RAT	27/09/2022	verified	Hög
2	XXX.XXX.XXX.XX	Xxxxxxxx Xxx	19/07/2023	verified	Hög
3	XXX.XX.XXX.XXX	Xxxxxxxx Xxx	27/09/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-19, CWE-20, CWE-74, CWE-93, CWE-119, CWE-134, CWE-185, CWE-266, CWE-285, CWE-639, CWE-697, CWE-707	Unknown Vulnerability	predictive	Hög
2	T1059	CAPEC-10	CWE-74, CWE-94, CWE-707	Argument Injection	predictive	Hög
3	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/etc/sudoers	predictive	Medium
2	File	/uncpath/	predictive	Medium
3	File	/usr/bin/pkexec	predictive	Hög
4	File	cat.php	predictive	Låg
5	File	xxxxxx.xxx	predictive	Medium
6	File	xxxxxxxxxxx/xxxxx.xxx	predictive	Hög
7	File	xxxxxxx.xxx	predictive	Medium
8	File	xxxxx/xxxxxxxx.x	predictive	Hög
9	File	xxx.xx	predictive	Låg
10	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Hög
11	File	xxxx_xxxxxxxxx.xxx	predictive	Hög
12	File	xxxxxxx.xxx	predictive	Medium
13	File	xxxxxxxxxxxxxxxx.xxx	predictive	Hög
14	File	xxxxxxxxxxxxxxx.xxx	predictive	Hög
15	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Hög
16	File	xxxxxxxxxxx.xxx	predictive	Hög
17	File	xxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxx	predictive	Hög
18	Argument	xxx	predictive	Låg
19	Argument	xxxxx	predictive	Låg
20	Argument	xxx_xx	predictive	Låg
21	Argument	xxxxxxxx	predictive	Medium
22	Argument	xx	predictive	Låg
23	Argument	xxxx_xx	predictive	Låg
24	Argument	xxxxx	predictive	Låg
25	Argument	xxxxxxxx	predictive	Medium
26	Argument	xxxxxx	predictive	Låg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!