ElectroRAT 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

语言

en	8

国家/地区

ru	8

演员

Raccoon	2
RecordBreaker	2
ElectroRAT	2
Bumblebee	1
DCRat	1

利益

类型

Not Defined	4
Web Server	2
Firewall Software	2

供应商

Not Defined	6
e7d	2

产品

Discuz!ML	2
e7d Speed Test	2
nginx	2
SonicWall SSLVPN SMA100	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	SonicWall SSLVPN SMA100 SQL注入	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.02628	0.04	CVE-2021-20016
2	e7d Speed Test 目录遍历	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00096	0.04	CVE-2021-40349
3	Discuz!ML Cookie 权限升级	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04015	0.02	CVE-2019-13956
4	nginx 权限升级	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.24	CVE-2020-12440
5	DataLife Engine addnews.html 跨网站脚本	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.02	CVE-2018-14777
6	Microsoft IIS 跨网站脚本	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.21	CVE-2017-0055
7	Joomla CMS index.php SQL注入	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02514	0.04	CVE-2010-4166

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	193.38.55.4	vm579410.stark-industries.solutions	ElectroRAT	2024-02-12	verified	高
2	XXX.XX.XX.XXX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxxxxxxxx	2024-02-12	verified	高
3	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxxxxxxxxx	2024-02-12	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	分类	漏洞	访问向量	类型	可信度
1	T1006	CAPEC-139	CWE-23	Path Traversal	predictive	高
2	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/addnews.html	predictive	高
2	File	/xxxxxxx/	predictive	中
3	File	xxxxx.xxx	predictive	中
4	Argument	xxxxxx_xxxxx_xxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!