CrimsonRAT 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (35)

时间轴

语言

en22
it4
fr2
de2
es2

国家/地区

us32

演员

CrimsonRAT1

活动

利益

时间轴

类型

Not Defined8
Joomla Component2
Operating System2
Photo Gallery Software2
Content Management System2

供应商

Not Defined4
Genetechsolutions2
Apple2
Ipswitch2
Coppermine2

产品

DT Register Extension2
Genetechsolutions Pie-Register2
Apple Mac OS X Server2
Ipswitch MOVEit DMZ2
Coppermine Photo Gallery2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.16CVE-2010-0966
3Apple Mac OS X Server Wiki Server 跨网站脚本4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.04CVE-2009-2814
4Myupb UPB 跨网站脚本4.34.3$0-$5k$0-$5kHighUnavailable0.002970.00CVE-2008-6727
5Pligg cloud.php SQL注入6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.40
6Coppermine Photo Gallery init.inc.php 权限升级7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.083070.05CVE-2004-1988
7Promosi-web ardguest ardguest.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001290.00CVE-2009-3668
8Edgewall Software Trac quickjump 权限升级6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002510.02CVE-2008-2951
9Ipswitch MOVEit DMZ Send Attachment Feature 信息公开6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.02CVE-2015-7675
10Joomla CMS com_easyblog SQL注入6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.22
11PHPGurukul Employee Record Management System POST Parameter forgetpassword.php SQL注入8.07.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.007980.00CVE-2021-43451
12PHP Link Directory Administration Page index.html 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.85CVE-2007-0529
13DT Register Extension SQL注入8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.002820.00CVE-2018-6584
14Genetechsolutions Pie-Register wp-login.php 跨网站脚本4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.009040.00CVE-2013-4954
15Akamai Technologies Download Manager ActiveX Control downloadmanagerv2.ocx getprivateprofilesectionw 内存损坏10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.349050.00CVE-2007-1891
16Symantec Security Check Virus Detection Profiles rufsi.dll GetPrivateProfileString 内存损坏5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.015360.00CVE-2004-1910
17Google Android Permission Check DevicePolicyManagerService.java GetPermittedAccessibilityServicesForUser 权限升级6.56.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2019-2091
18Wheatblog add_comment.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.03CVE-2006-7002
19Oracle Transportation Management Install 权限升级8.17.7$5k-$25k$0-$5kHighOfficial Fix0.975330.00CVE-2017-12617
20Shenzhen Tenda usbeject system 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.03CVE-2017-16923

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1192.3.99.68192-3-99-68-host.colocrossing.comCrimsonRAT2023-03-23verified
2XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxxXxxxxxxxxx2023-03-23verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1059CWE-94Argument Injectionpredictive
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/forgetpassword.phppredictive
2Fileadd_comment.phppredictive
3Fileardguest.phppredictive
4Filexxx-xxx/xxxx/xxxxxxxxpredictive
5Filexxxxx.xxxpredictive
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
7Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
8Filexxxxxxxxxxxxxxxxx.xxxpredictive
9Filexxx/xxxxxx.xxxpredictive
10Filexxxxx.xxxxpredictive
11Filexxxx.xxx.xxxpredictive
12Filexx-xxxxx.xxxpredictive
13Libraryxxxxx.xxxpredictive
14Argumentxxxxxxxxpredictive
15Argumentxxxxxxxxxxpredictive
16Argumentxxx_x_xxxpredictive
17Argumentxxxxxpredictive
18Argumentxxpredictive
19Argumentxxxxxpredictive
20Argumentxxxxpredictive
21Argumentxxxxxpredictive
22Argumentxxxxxxxxxxxxx/xxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!