Rakos 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (397)

时间轴

语言

en316
ru32
fr10
zh10
de8

国家/地区

us204
ru66
cn18
me12
gb8

演员

Rakos10
Cobalt Strike6
Locky6
TrickBot4
NjRAT3

活动

利益

时间轴

类型

Not Defined162
Content Management System20
Programming Language Software14
Database Administration Software10
Bug Tracking Software8

供应商

Not Defined114
Microsoft10
Apache8
HP8
SourceCodester6

产品

WordPress10
phpMyAdmin10
unrar-free6
Devilz Clanportal6
Apache Tomcat4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.15CVE-2010-0966
3Zyxel NAS326/NAS542 Web Server 权限升级9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000680.04CVE-2023-4473
4nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.87CVE-2020-12440
5Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.09CVE-2017-0055
6DZCP deV!L`z Clanportal browser.php 信息公开5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.84CVE-2007-1167
7MikroTik RouterOS Winbox/HTTP Interface 权限升级7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.03CVE-2023-30799
8Laravel Framework Token Encrypter.php decrypt 权限升级6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.624180.03CVE-2018-15133
9Linux Kernel fbcon vt.c KD_FONT_OP_COPY 信息公开5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-28974
10Devilz Clanportal File Upload 未知漏洞5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.06CVE-2006-6338
11Devilz Clanportal index.php SQL注入7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.00CVE-2006-3347
12Microsoft IIS IP/Domain Restriction 权限升级6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.03CVE-2014-4078
13WordPress WP_Query class-wp-query.php SQL注入8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
14SourceCodester Petrol Pump Management Software product.php 权限升级4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2058
15CKFinder File Name 权限升级7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.04CVE-2019-15862
16Elementor Plugin 权限升级5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2024-24934
17guzzlehttp psr7 Header Parser 权限升级6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.01CVE-2022-24775
18DrayTek Vigor 2960 Web Management Interface mainfunction.cgi 权限升级7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.13CVE-2023-1162
19BeCustom Plugin 跨网站请求伪造6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001220.04CVE-2022-3747
20Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.894280.03CVE-2023-20198

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
15.34.180.64vds-merkyl-88517.itldc-customer.netRakos2021-05-31verified
25.34.183.231vds-454576.hosted-by-itldc.comRakos2021-05-31verified
346.8.44.55Rakos2021-05-31verified
4XXX.XX.XX.XXxxx.xxxxxxx.xxxXxxxx2021-05-31verified
5XXX.XX.XX.XXxxxxxxx-xxxxxx.xxxxxx-xx.xxxxx.xxxXxxxx2021-05-31verified
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxx-xxxXxxxx2021-05-31verified
7XXX.XX.XXX.XXXxxxxx-xxxxxxxxxxxxxxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx2021-05-31verified
8XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxx2021-05-31verified
9XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxx2021-05-31verified
10XXX.XX.XXX.XXxxxxxxx.xxxXxxxx2021-05-31verified
11XXX.XX.XXX.XXxx.xxxxx-xxxxxxxx.xxxXxxxx2021-05-31verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-23Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (208)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File//proc/kcorepredictive
2File/addWhiteListDomain.imsspredictive
3File/admin/app/product.phppredictive
4File/anony/mjpg.cgipredictive
5File/cgi-bin/wlogin.cgipredictive
6File/cobbler-apipredictive
7File/customer_support/index.phppredictive
8File/forum/away.phppredictive
9File/inc/parser/xhtml.phppredictive
10File/include/makecvs.phppredictive
11File/index.phppredictive
12File/login/index.phppredictive
13File/preview.phppredictive
14File/protocol/index.phppredictive
15File/requests.phppredictive
16File/search-result.phppredictive
17File/secret_coder.sqlpredictive
18File/shop.phppredictive
19File/uncpath/predictive
20File/view_order.phppredictive
21File/wp-admin/admin.php?page=wp_file_manager_propertiespredictive
22Fileadd.phppredictive
23Fileadminer.phppredictive
24Fileadm_config_report.phppredictive
25Filexxxxx.xxxpredictive
26Filexxx/xx-xxxxx-xxxxxxx/xxx-xx-xxxxx-xxxxxxx.xxxpredictive
27Filexxxx-xxxx.xpredictive
28Filexxx.xxxpredictive
29Filexxxxx.xxxxxxxxx.xxxpredictive
30Filexxxxxxxxxx.xxxpredictive
31Filexxxxxxxxx.xxxpredictive
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
33Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictive
34Filexxxxxx/xx/xx_xxxxx.xpredictive
35Filexxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:xpredictive
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
37Filexxxxxxx.xxxpredictive
38Filexxxxxx.xxxpredictive
39Filexxxx_xxxx.xxxpredictive
40Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictive
41Filexxxxxxx/xxx/xx/xx.xpredictive
42Filexxxxxxxxxxxx.xxxpredictive
43Filexxxx.xxxpredictive
44Filexxxxx.xxxpredictive
45Filexxxxxxxx_xxx_xxx_xxxx.xxxpredictive
46Filexxxxxx.xxxpredictive
47Filexxxxxxxxxxxxxxxxxxxx.xxxpredictive
48Filexxxxxxxxxxxx.xxxpredictive
49Filexxxxxxxxxx.xxxpredictive
50Filexxxxxxxxx.xxxpredictive
51Filexxxx.xxxpredictive
52Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictive
53Filexx_xxxxxxx.xpredictive
54Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictive
55Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictive
56Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictive
57Filexxxxxxxxxx.xx/xxx-xxxxx.xxxpredictive
58Filexxx/xxxxxx.xxxpredictive
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
60Filexxxxx.xxxpredictive
61Filexx.xxxpredictive
62Filexxxxxx.xpredictive
63Filexxxx.xxxpredictive
64Filexx.xxxpredictive
65Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
66Filexxxxx_xx.xxxxpredictive
67Filexxxxxx.xxxpredictive
68Filexxxxxxxxxxxxx.xxxpredictive
69Filexxxxxxxxxxxx.xxxpredictive
70Filexxxxxxxx_xxxxxxx.xxxpredictive
71Filexxxx.xxxpredictive
72Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
73Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxxx.xxxpredictive
74Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictive
75Filexxxxxxxxxx_xxxxxxx.xxxpredictive
76Filexxxxxxx-xxxxx.xxpredictive
77Filexxxxx_xxxxxxxx.xxxpredictive
78Filexxxx/xxxxxxx/xxxxx.xxxpredictive
79Filexxxxx.xxxpredictive
80Filexxxxxxx.xxxpredictive
81Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictive
82Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictive
83Filexxxx.xxxpredictive
84Filexxxxxxx/xxxxxx.xxxxxxx/xxxxxxxxxxxxxx.xxxpredictive
85Filexxxxx.xxxpredictive
86Filexxxxx-xxxx.xxxpredictive
87Filexxxxxxx.xxxpredictive
88Filexxxxxxxx.xxxpredictive
89Filexxxxxxx_xxxx.xxxpredictive
90Filexxxxxxx.xxxpredictive
91Filexxxxx.xxxpredictive
92Filexxxxxxxx.xxxpredictive
93Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
94Filexxxx.xxpredictive
95Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictive
96Filexxxxxxxxxxxxxxxx.xxpredictive
97Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
98Filexxx/xxxxxx_xxx.xxxpredictive
99Filexxxxxxxxxxxx.xxxpredictive
100Filexxxxx.xpredictive
101Filexxxxxxxxxxx.xxxpredictive
102Filexxxxxxxx/xxxxxxxxpredictive
103Filexxxxxxxx.xxxpredictive
104Filexxxxxxxxxx.xxxpredictive
105Filexxxxxxx.xxxpredictive
106Filexx_xxxxxxxx.xxxpredictive
107Filexxxxx.xxxpredictive
108Filexxxxxxxx.xxxpredictive
109Filexx-xxxxx/xxxxxxx.xxxpredictive
110Filexx-xxxxxx.xxxpredictive
111Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
112Filexx-xxxxxxxx/xxxx.xxxpredictive
113Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
114Filexx-xxxxxxxx.xxxpredictive
115File~/xxxxxxxxx/predictive
116Libraryxxxxxxx.xxxpredictive
117Libraryxxxxxxxxxxxx.xxxpredictive
118Libraryxxxx.xxx.xxxpredictive
119Libraryxxxxxx.xxxpredictive
120Libraryxxxxxxxxxxx.xxxpredictive
121Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictive
122Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictive
123Libraryxxx/xx_xxx.xpredictive
124Libraryxxxxxxxx.xpredictive
125Argumentxx/xxpredictive
126Argumentxx_xxxxx_xxx_xxxxpredictive
127Argumentxxxxxxpredictive
128Argumentxxxxxxxxxxxxxxxxxxxxxpredictive
129Argumentxxxxxxxxpredictive
130Argumentxxxpredictive
131Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictive
132Argumentxxxxxx[xxxx]predictive
133Argumentxxxxxxxxxxx(xxxxxx)predictive
134Argumentxxxx/xxxxxx/xxxpredictive
135Argumentxxxxxxpredictive
136Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictive
137Argumentxxxxx xxxxxpredictive
138Argumentxxxxxpredictive
139Argumentxxxxpredictive
140Argumentxxxxxxxxpredictive
141Argumentxxxxxx_xxxxxx_xxpredictive
142Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxx/xxxxxxxpredictive
143Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxpredictive
144Argumentxxxxxxxxxxxxpredictive
145Argumentxxxxxxxxxxxxxx($xxx)predictive
146Argumentxxxxx_xxpredictive
147Argumentxxx_xxxxpredictive
148Argumentxxxxpredictive
149Argumentxxxx xxxxxxxpredictive
150Argumentxxxx_xxxxpredictive
151Argumentxxxxpredictive
152Argumentxxxxpredictive
153Argumentxxpredictive
154Argumentxxpredictive
155Argumentxxxxxpredictive
156Argumentxxxxxpredictive
157Argumentxxxxxxpredictive
158Argumentxxxxpredictive
159Argumentxxxxxxpredictive
160Argumentxxxxpredictive
161Argumentxxxxxxpredictive
162Argumentxxxxx[xxxxx][xx]predictive
163Argumentxxxxxpredictive
164Argumentxx/xx/xx/xx/xpredictive
165Argumentxxxxpredictive
166Argumentxxxxxxxxpredictive
167Argumentxxxx_xxxxpredictive
168Argumentxxxxxxpredictive
169Argumentxxxxpredictive
170Argumentxxxx_xxxxpredictive
171Argumentxxxxxxxxpredictive
172Argumentxxxxxxpredictive
173Argumentxxxxpredictive
174Argumentxxxxxxxxpredictive
175Argumentxxxxxpredictive
176Argumentxxxxxxx_xxpredictive
177Argumentxxxxxxx_xxxxxpredictive
178Argumentxxxpredictive
179Argumentxxx=xxxxpredictive
180Argumentxxxxxxxxpredictive
181Argumentxxxxxx_xxxxpredictive
182Argumentxxxxxxxxxxpredictive
183Argumentxxxxxxpredictive
184Argumentxxxxxxxx/xxxxxxxxxpredictive
185Argumentxxxxxxpredictive
186Argumentxxxxxxxx_xxxxpredictive
187Argumentxxxxxxxxxx_xxxxpredictive
188Argumentxxxpredictive
189Argumentxxxpredictive
190Argumentxxxx-xxxxxpredictive
191Argumentxxxxxxxxxpredictive
192Argumentxxxxxxxx/xxxxxxxxpredictive
193Argumentxxxxxxxx:xxxxxxxxpredictive
194Argumentxxxx_xxxxxpredictive
195Argumentxxxxpredictive
196Argumentx-xxxx-xxxxxpredictive
197Argumentxxxxx_xxxxxxxxxx_xxxxxpredictive
198Input Value../predictive
199Input Value>><xxx/xxx/xxxxxxx=xxxxx(x)>predictive
200Input Valuexxxx.xxx"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx);</xxxxxx>)predictive
201Input Valuexxxxxxxpredictive
202Input Valuexxxxxxxxx:xxxxxxxxpredictive
203Pattern|xx xx xx|predictive
204Network Portxxxpredictive
205Network Portxxx/xx (xxxxxx)predictive
206Network Portxxx/xxxxxpredictive
207Network Portxxx/xxxxxpredictive
208Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!