DarkCrystalRAT 分析

IOB - Indicator of Behavior (260)

时间轴

语言

en236
es8
ru8
de4
it2

国家/地区

us52
ru16
es10
pt2
de2

演员

活动

利益

时间轴

类型

供应商

产品

Microsoft Windows8
SAP Solution Manager6
Google Chrome6
Netgear RBK406
Linux Kernel4

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1PHP Link Directory Administration Page index.html 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.240.00374CVE-2007-0529
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.480.00943CVE-2010-0966
3Microsoft Windows New Horizon Data Systems Boot Loader Privilege Escalation6.16.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.00054CVE-2022-34302
4Rockwell Automation RSLinx Enterprise Service Port 4444 LogReceiver.exe 信息公开7.47.3$0-$5k计算Not DefinedWorkaround0.020.00056CVE-2013-2807
5Microsoft Windows WDAC OLE DB Provider for SQL Server Remote Code Execution8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.070.00106CVE-2024-21391
6Watchguard Firebox/XTM Remote Code Execution6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.03712CVE-2022-26318
7Zentrack index.php 权限升级7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00000
8Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
9Matrix Synap JSON 拒绝服务5.95.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00664CVE-2020-26890
10Invision Power Services IP.Board URL 拒绝服务5.35.1$0-$5k计算Not DefinedOfficial Fix0.020.00164CVE-2015-6812
11TypeORM Prototype Remote Code Execution8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00301CVE-2020-8158
12Fortinet FortiGate Log 权限升级4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00089CVE-2020-12818
13Softaculous Loginizer Plugin 跨网站请求伪造5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00058CVE-2022-45079
14Terrasoft Bpm'online CRM-System SDK Terrasoft.Core.DB.Column.Const SQL注入8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00138CVE-2019-15301
15Sudo Environment Variable 权限升级8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00050CVE-2023-22809
16Page Engine CMS login_include.php 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00000
17D-Link DIR-816L/DIR-803 URL Encoding info.php 跨网站脚本5.25.2$5k-$25k$5k-$25kNot DefinedUnavailable0.000.00111CVE-2020-25786
18Pivotal Spring Framework 目录遍历5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00479CVE-2014-3625
19Fortinet FortiOS/FortiProxy Administrative Interface 弱身份验证9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.97217CVE-2022-40684
20VMware ESXi settingsd 竞争条件7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00101CVE-2021-22043

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/backupsettings.confpredictive
2File/exportpredictive
3File/horde/util/go.phppredictive
4File/show_news.phppredictive
5File/uncpath/predictive
6Fileadclick.phppredictive
7Fileadmin/dashboard.phppredictive
8Fileadmin/index.phppredictive
9Fileadmin/tools/dolibarr_export.phppredictive
10Fileadv_remotelog.asppredictive
11Fileapi.phppredictive
12Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictive
13Filexxxx-xxxx.xpredictive
14Filexxxxxxx.xxpredictive
15Filexxxx.xxxpredictive
16Filex:\xxxxxxxxxxpredictive
17Filexxx.xxxpredictive
18Filexxx.xxxpredictive
19Filexxx_xxx_xxx.xxxpredictive
20Filexxxxxxxxxx.xxxxxx.xxxpredictive
21Filexxxxxxxxxx_xxxxx.xxxpredictive
22Filexxxxxx.xxpredictive
23Filexxxx/xxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxxxxxxpredictive
24Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
25Filexxxxxxxxxx_xxxxxx.xpredictive
26Filexxx.xxxpredictive
27Filexxxxxxx.xxxpredictive
28Filexxxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexxxxxxxx/xxxxxx/xxxxx.xxxpredictive
31Filexxxxxxxx.xxxpredictive
32Filexxxxxx/x.xxxpredictive
33Filexxx/xxxxxx.xxxpredictive
34Filexxxxxxxx/xxxxxxx/xxxxx_xxxxxxx.xxxpredictive
35Filexxxxx.xxxxpredictive
36Filexxxxx.xxxpredictive
37Filexx xxx/xxxx/xxxx.xpredictive
38Filexxx/xxxxxx.xxxpredictive
39Filexxxxxx/xxx/xxxxxxxx.xpredictive
40Filexxxxxxxxxxx/xx_xxxxxxxxxx.xpredictive
41Filexxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictive
42Filexxxx/xxxxxxx/xxxxxxx.xpredictive
43Filexxxxx.xxxpredictive
44Filexxxxxxxxxxx.xxxpredictive
45Filexxxx/xxxxxxxx/xxxxxx_xxxx.xxxpredictive
46Filexxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxx.xxxpredictive
47Filexxxxx.xxxpredictive
48Filexxxxxxxxx/xxxx-xxxxpredictive
49Filexxxxxxx.xxxpredictive
50Filexxxxxxxxxxxx.xxpredictive
51Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
52Filexxxxxx.xpredictive
53Filexxxx_xxxxxxx.xxxpredictive
54Filexxxxx.xpredictive
55Filexxxx.xxpredictive
56Filexxxxxxxx.xxxpredictive
57Filexxxxxx.xxxpredictive
58Filexxxxxxxx/xxxxx_xxxxxpredictive
59Filexxxx-xxxxxxx-xxxxxx.xxxpredictive
60Filexxxxxx/xx/xxxx.xxxpredictive
61Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
62Filexx-xxxx.xxxpredictive
63Filexx/xxx.xxxpredictive
64File~/xxx/xxxx-xxxxxxxxx.xxxpredictive
65Argumentxxxxxxxxpredictive
66Argumentxxx_xxxxxx_xpredictive
67Argumentxxxpredictive
68Argumentxxxxxxpredictive
69Argumentxxxxxxxxxxpredictive
70Argumentxxxxpredictive
71Argumentxxxxxxxxxxxxpredictive
72Argumentxxxxx xxxx/xxxx xxxxpredictive
73Argumentxxxxxxxpredictive
74Argumentxxxxxpredictive
75Argumentxxxx_xxxpredictive
76Argumentxxxxpredictive
77Argumentxxpredictive
78Argumentxx_xxxxxxxpredictive
79Argumentxxxxxxpredictive
80Argumentxxxxxxxx_xxxpredictive
81Argumentxxxxpredictive
82Argumentx_xxx_xxxxxxpredictive
83Argumentxxxxxxxxxxxxpredictive
84Argumentxxxx_xxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxxxxxxxxpredictive
87Argumentxxxxxxxxxpredictive
88Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictive
89Argumentxxxxxxxxxxxxxxxxpredictive
90Argumentxxxxxpredictive
91Argumentxxxxpredictive
92Argumentxxxpredictive
93Argumentxxxpredictive
94Argumentxxxxpredictive
95Argumentxxxxxpredictive
96Argumentxxxxxxxxxxx_xxxxxxxxpredictive
97Input Valuex.x.x.x%xxxxxx+-x+x+xxx.xxx.x.xx%xxpredictive
98Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictive
99Network Portxxx/xxxxxpredictive
100Network Portxxx/xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!