ObliqueRAT 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (546)

时间轴

语言

en522
es12
it6
fr4
zh2

国家/地区

us518
ru16
cn10
tk2

演员

ObliqueRAT2
Conti2
Fodcha2
RedLine Stealer2
Wizard Spider1

活动

利益

时间轴

类型

Firewall Software16
Not Defined12
Content Management System10
Web Server6
Database Administration Software4

供应商

Not Defined20
Mozilla4
QNAP4
Microsoft4
Apache4

产品

Drupal6
phpMyAdmin4
Mozilla Firefox4
QNAP Proxy Server4
WordPress4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Apache HTTP Server mod_proxy_balancer.c balancer_handler 跨网站脚本4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.217820.00CVE-2012-4558
2Google Android Proxy Auto-Config ic.cc UpdateLoadElement 内存损坏8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001020.00CVE-2019-2047
3Telegram Desktop Proxy 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002190.00CVE-2018-17613
4https-proxy-agent JSON 内存损坏7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.006590.03CVE-2018-3739
5Apache HTTP Server mod_proxy_fcgi.c handle_headers 内存损坏5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.009530.04CVE-2014-3583
6Apple iOS Proxy Authentication 权限升级6.66.4$100k 以及更多$5k-$25kNot DefinedOfficial Fix0.001820.04CVE-2016-4642
7YoungZSoft CCProxy Proxy Service 内存损坏7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.114870.00CVE-2004-2685
8CNCF Envoy Proxy 拒绝服务6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003410.04CVE-2020-8659
9Blue Coat ProxySG SGOS 信息公开5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001390.02CVE-2015-4334
10Juniper WLC Proxy ARP/No Broadcast Feature 权限升级5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.00CVE-2014-6381
11Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored 跨网站脚本5.75.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2018-18370
12Palo Alto PAN-OS DNS Proxy 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.067160.03CVE-2017-8390
13QNAP Proxy Server Setting 弱身份验证6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2017-7639
14Squid Web Proxy cachemgr.cgi 权限升级6.15.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002670.04CVE-2019-18860
15Bluecoat SGOS Management Console 跨网站脚本4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002650.02CVE-2010-5192
16Artica Proxy fw.progrss.details.php 目录遍历7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.967910.00CVE-2020-13158
17Artica Proxy settings.inc 权限升级4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.001300.02CVE-2019-7300
18Sarg Squid Analysis Report Generator Proxy Server useragent.c useragent 内存损坏10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.445600.00CVE-2008-1167
19Google Android Proxy Configuration hydrogen-alias-analysis.h HAliasAnalyzer.Query 权限升级8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001020.04CVE-2019-2097
20Check point Firewall-1/VPN-1 IKE Aggressive Mode 弱加密5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.004090.03CVE-2002-1623

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1185.117.73.222ObliqueRAT2022-03-31verified
2XXX.XXX.XX.XXXXxxxxxxxxx2022-08-10verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/assets/php/upload.phppredictive
2Fileadmin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/listpredictive
3Filecachemgr.cgipredictive
4Filecgi-bin/cmh/webcam.shpredictive
5Filexxxxxx.xpredictive
6Filexx.xxxxxxx.xxxxxxx.xxxpredictive
7Filexxxxxxxx-xxxxx-xxxxxxxx.xpredictive
8Filexx.xxpredictive
9Filexxxxxx.xxxpredictive
10Filexxxxx.xxxpredictive
11Filexxxxxx.xpredictive
12Filexxxxx.xxxpredictive
13Filexxx_xxxxx_xxxxxxxx.xpredictive
14Filexxx_xxxxx_xxxx.xpredictive
15Filexxxxxxxx_xxxxxx.xxxpredictive
16Filexxxxxxxxxx/xxxxxxxx.xxxpredictive
17Filexxxxxxxxx.xpredictive
18Filexxxxx/xxxxx.xxpredictive
19Filexxxxxxxxxxxxx.xxxxpredictive
20Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxxpredictive
21Argumentxxxxpredictive
22Argumentxxxxxxxxxxxxxpredictive
23Argumentxxxxxxxxxxxxpredictive
24Argumentxxxxxxxxpredictive
25Argumentxx_xxxxxxxxpredictive
26Argumentxxxxxxxxxpredictive
27Argumentxxxx_xxxxx/xxxx_xxxxxxxxpredictive
28Argumentxxxxxxx.xxx_xxxxxxxxxxpredictive
29Argumentxxxxxpredictive
30Argumentxxxpredictive
31Argumentxxxxxxxxpredictive
32Argumentxxxx xxxxpredictive
33Input Value%xx%xx%xxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!