DetaRAT 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

时间轴

语言

en50
de22

国家/地区

us28
de18
ca4

演员

ActionRAT1
Venom RAT1
Cobalt Strike1
Crimson RAT1
Lilith RAT1

活动

利益

时间轴

类型

Not Defined26
Learning Management Software8
Virtualization Software6
Content Management System6
WordPress Plugin2

供应商

Not Defined18
Linux Foundation4
IBM4
Linksys4
Omron2

产品

Moodle8
Linux Foundation Xen4
Linksys WAG54GS4
Omron CX-One CX-Programmer2
Vlad Alexa Mancini PHPFootball2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Tiki Admin Password tiki-login.php 弱身份验证8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.06CVE-2020-15906
3Joomla CMS com_easyblog SQL注入6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.19
4DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.23CVE-2010-0966
5Michael Salzer Guestbox gbshow.php 跨网站脚本4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.042830.02CVE-2006-0860
6Vunet VU Web Visitor Analyst redir.asp SQL注入7.37.1$0-$5k$0-$5kHighWorkaround0.001190.09CVE-2010-2338
7DolphinPHP User Management Page 跨网站脚本3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000530.09CVE-2022-1086
8LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.16
9vu Mass Mailer Login Page redir.asp SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.03CVE-2007-6138
10Mozilla Firefox/Thunderbird SetOffsets 拒绝服务7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.090520.00CVE-2013-1677
11IBM InfoSphere Master Data Management 跨网站脚本3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2015-1968
12IBM Rational Collaborative Lifecycle Management Jazz Foundation 跨网站脚本3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2015-0130
13McAfee ePolicy Orchestrator 跨网站脚本4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001920.02CVE-2015-4559
14Moodle configonlylib.php min_get_slash_argument 目录遍历6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001770.02CVE-2015-1493
15WordPress Shortcodes/Post Content 权限升级6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.130080.00CVE-2013-0235
16Moodle Contacts/Messages 信息公开5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001240.04CVE-2015-2266
17Moodle mdeploy.php 权限升级6.35.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001120.00CVE-2015-2267
18Moodle Regular Expression 拒绝服务5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.002820.00CVE-2015-2268
19Adobe Flash Player 内存损坏10.08.7$25k-$100k$0-$5kUnprovenOfficial Fix0.030410.00CVE-2015-0342
20WhatsApp Messenger Profile Image 信息公开5.35.0$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.02

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1173.212.224.110vmi587275.contaboserver.netDetaRAT2021-09-07verified
2XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx2021-09-07verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXXCWE-XXXxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/forum/away.phppredictive
2File/wordpress/wp-admin/admin.phppredictive
3Fileadmin/index.phppredictive
4Filedata/gbconfiguration.datpredictive
5Filefilter.phppredictive
6Filexxxxxx.xxxpredictive
7Filexxx/xxxxxx.xxxpredictive
8Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictive
9Filexxxxx.xxxpredictive
10Filexxxxxxx.xxxpredictive
11Filexxxxxxxxx/xxxx-xxxxpredictive
12Filexxxx.xxxpredictive
13Filexxxxx/xxxxxxx/predictive
14Filexxxxxx.xxxpredictive
15Filexxxxx.xxxpredictive
16Filexxxxxxxxxxxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxx-xxxxx.xxxpredictive
19Libraryxxx/xxxxxxxxxxxxx.xxxpredictive
20Argumentxxxxxxxxpredictive
21Argumentxxxxxxxpredictive
22Argumentxxxxpredictive
23Argumentxxxxxxxxpredictive
24Argumentxxpredictive
25Argumentxxxxxxxxxxpredictive
26Argumentxxxxxxpredictive
27Argumentxxxxxxxxpredictive
28Argumentxxxxxxx_xxpredictive
29Argumentxxxxxxxpredictive
30Argumentxxxxpredictive
31Argumentxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!