RedFoxtrot 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (755)

时间轴

语言

en652
zh84
it8
ja6
de2

国家/地区

cn142
us142
bd2
kr2
gb2

演员

RedFoxtrot21
Cobalt Strike5
IcedID3
ShadowPad1
Lodeinfo1

活动

利益

时间轴

类型

Not Defined134
Operating System120
Web Browser58
Smartphone Operating System38
Multimedia Player Software38

供应商

Not Defined130
Microsoft122
Apple86
IBM34
Oracle32

产品

Microsoft Windows54
Apple iOS22
Microsoft Internet Explorer18
Apple macOS18
Google Chrome18

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1TikiWiki tiki-register.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix9.620.01009CVE-2006-6168
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix2.030.00943CVE-2010-0966
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
4Tiki Admin Password tiki-login.php 弱身份验证8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix5.100.00936CVE-2020-15906
5Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php 权限升级7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00092CVE-2023-4873
6LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.940.00000
7WordPress SQL注入6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00467CVE-2022-21664
8SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php SQL注入7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.120.00135CVE-2023-2090
9Drupal Database Connection Error Message 信息公开5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
10Sun Java fontmanager.dll UIManager.getSystemLookAndFeelClassName 内存损坏7.87.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00000
11Citrix XenServer Web Self Service Management Interface Privilege Escalation6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00000
12WP Statistics Plugin class-wp-statistics-hits.php SQL注入8.58.4$0-$5k$0-$5kNot DefinedNot Defined0.020.30136CVE-2022-25149
13xrdp sesman Server 内存损坏7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00050CVE-2022-23613
14Liferay Portal CE JSON Payload 权限升级7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01289CVE-2019-16891
15Cisco ASA Command Line Interface EpicBanana/JetPlow 权限升级7.87.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.97507CVE-2016-6367
16Hikvision Product Message 权限升级5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97493CVE-2021-36260
17VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter 内存损坏4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2020-3971
18Mail Masta Plugin csvexport.php SQL注入8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00597CVE-2017-6095
19Apple macOS 信息公开4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00077CVE-2020-9944
20Apple tvOS 信息公开4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00077CVE-2020-9943

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
145.32.22.22045.32.22.220.vultrusercontent.comRedFoxtrot2022-10-12verified
245.32.146.17445.32.146.174.vultrusercontent.comRedFoxtrot2022-10-12verified
345.76.216.6245.76.216.62.vultrusercontent.comRedFoxtrot2022-10-12verified
445.77.178.76thematrix.devRedFoxtrot2022-10-12verified
566.42.33.21466.42.33.214.vultrusercontent.comRedFoxtrot2022-10-12verified
6XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-10-12verified
7XXX.XX.XXX.XXxxxxxxx-xxxx.xxxxxxxxxxxxxxxxXxxxxxxxxx2022-10-12verified
8XXX.XXX.XXX.XXXXxxxxxxxxx2022-10-12verified
9XXX.XXX.XXX.XXXxxxxxxxxx2022-10-12verified
10XXX.XXX.XXX.XXXxx-xxxxxxx-xxxxxx-xxxxxxxx.xxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-10-12verified
11XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-10-12verified
12XXX.XX.XXX.XXXXxxxxxxxxx2022-10-12verified
13XXX.XXX.XXX.XXxxxxxxxxx2022-10-12verified
14XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-10-12verified
15XXX.XXX.XXX.XXXXxxxxxxxxx2022-10-12verified
16XXX.XXX.XXX.XXXXxxxxxxxxx2022-10-12verified
17XXX.XXX.XXX.XXXxxxxxxxxx2022-10-12verified
18XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-10-12verified
19XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-10-12verified
20XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-10-12verified
21XXX.XXX.XXX.XXXXxxxxxxxxx2022-10-12verified
22XXX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxxxXxxxxxxxxx2022-10-12verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22, CWE-24Path Traversalpredictive
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXXCWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
21TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (192)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/maintenance/view_designation.phppredictive
2File/admin/sys_sql_query.phppredictive
3File/app/Http/Controllers/Admin/NEditorController.phppredictive
4File/cgi-bin/luci/api/wirelesspredictive
5File/cgi-bin/vitogate.cgipredictive
6File/forum/away.phppredictive
7File/getcfg.phppredictive
8File/group1/uploapredictive
9File/importexport.phppredictive
10File/inc/lists/csvexport.phppredictive
11File/server-statuspredictive
12File/sgmi/predictive
13File/system/user/resetPwdpredictive
14File/tos/index.php?editor/fileGetpredictive
15File/uncpath/predictive
16File/user/updatePwdpredictive
17File/var/log/nginxpredictive
18Fileaddentry.phppredictive
19Fileadmin-ajax.php?action=get_wdtable order[0][dir]predictive
20Fileadmin/plib/api-rpc/Agent.phppredictive
21Fileapplications/core/modules/front/system/content.phppredictive
22Fileatt_protocol.ccpredictive
23Filexxxx-xxxx.xpredictive
24Filexxxxxxxxxxxxxx.xxxpredictive
25Filexxxxx.xxxpredictive
26Filexxx.xpredictive
27Filexxxxx/xxxxxxx.xxxpredictive
28Filexxxxx.xxxpredictive
29Filexxxxxxxx.xpredictive
30Filexxxxxxxxx.xxxpredictive
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
32Filexx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxx.xxxpredictive
35Filexx_xxxxxx.xxxpredictive
36Filexxxx/xx/xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxx/xxxxxx/xxxxxx.xpredictive
39Filexxxx.xxxpredictive
40Filexxxxxxxx.xxxpredictive
41Filexxxxxxxx.xxxpredictive
42Filexx/xxxx/xxxxxxx.xpredictive
43Filexx/xxx/xxx_xxxxxxxx.xpredictive
44Filexxxxxx.xxxpredictive
45Filexxx_xxx.xxxpredictive
46Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
47Filexxxxxxxxxx.xxxpredictive
48Filexx_xxx.xxxpredictive
49Filexxx/xxxxxx.xxxpredictive
50Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
51Filexxxxx.xxxpredictive
52Filexxxxxxxxxxxxx.xxxpredictive
53Filexx/xxx/xxxxx.xxxpredictive
54Filexxxxxx.xpredictive
55Filexxxxxx/xxxxx.xpredictive
56Filexxxxxxxxxx.xxxpredictive
57Filexxxxx.xxxpredictive
58Filexxxxx.xxxpredictive
59Filexxxxxxxxxx/xxxxxxx.xpredictive
60Filexxxx-xxxxxx.xpredictive
61Filexxxxxxxx.xxxpredictive
62Filexxx/xxxxxx.xpredictive
63Filexxx.xxxpredictive
64Filexxxxxx.xpredictive
65Filexxxxxxxx.xxxpredictive
66Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
67Filexxxxxxxx.xxxpredictive
68Filexxxxxxxx.xxxpredictive
69Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
70Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
71Filexx_xxxx.xxpredictive
72Filexxxxxxxx.xxxpredictive
73Filexxxxxxx.xxxpredictive
74Filexxxxx.xxxpredictive
75Filexxxx-xxxxxx.xpredictive
76Filexxxx_xxxxxx_xxxxxx.xxxpredictive
77Filexxxxxx.xxpredictive
78Filexxx/xxxxxxxx/xxxx_xxxxxx.xpredictive
79Filexxxxxx.xxxpredictive
80Filexxxxxx/xxxxxxx/xxxxxx/xxxxxxxx.xxxpredictive
81Filexxxxxx/xxxxxxx/xx-xx/xxxx/xxxxx.xxxpredictive
82Filexxxxxx/xxxxxxxxx/xxxxxxx.xpredictive
83Filexxxx-xxxxx.xxxpredictive
84Filexxxx-xxxxxxxx.xxxpredictive
85Filexxxxxxxx.xxxpredictive
86Filexxxxx/xxxxxx.xpredictive
87Filexxx.xxxpredictive
88Filexxxxx/xxxxxxxx.xxxpredictive
89Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
90Filexxxxxxx.xxxpredictive
91Filexxxxxxx.xxxpredictive
92Filexxxxxx.xxxpredictive
93Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
94Filexx-xxxxx/xxxxx.xxxpredictive
95Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
96Filexx-xxxxxxxx/xxxxx.xxxpredictive
97File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxx.xxxpredictive
98Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictive
99Libraryxxxxxxxxxxx.xxxpredictive
100Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictive
101Libraryxxxxxxxx.xxxpredictive
102Libraryxxxxxxxxxxx.xxxpredictive
103Libraryxxxxx.xxxpredictive
104Libraryxxxxxxxxxxxxxxxx.xxxpredictive
105Libraryxxx.xxxpredictive
106Libraryxxxxxxx.xxxpredictive
107Libraryxxxxxxx.xxxpredictive
108Libraryxxxxxx.xxxpredictive
109Libraryxxx xxxxxxxxxpredictive
110Libraryxxxxxx/x/xxxxxxxxpredictive
111Argument$_xxx['xxxx']predictive
112Argument-xpredictive
113Argumentxxxxxxxxxxpredictive
114Argumentxxxpredictive
115Argumentxxxxxxxxxxxxxxpredictive
116Argumentxxxxxxxxpredictive
117Argumentxxxxxxpredictive
118Argumentxxxxxxx_xxpredictive
119Argumentxxxxxxxxxxpredictive
120Argumentxxxxxxx_xxxxxpredictive
121Argumentxxxxxxxxxxxpredictive
122Argumentxxxxxxpredictive
123Argumentxxxx/xxxxpredictive
124Argumentxxxxxxxxxxxxxpredictive
125Argumentxxxxxpredictive
126Argumentxxxxpredictive
127Argumentxxxxxxxxpredictive
128Argumentxxxxxxxxpredictive
129Argumentxxxx:predictive
130Argumentxxpredictive
131Argumentxxpredictive
132Argumentxxxxxxxxxpredictive
133Argumentxxpredictive
134Argumentxxxx_xxpredictive
135Argumentxxxxx[xxxxxxx]predictive
136Argumentxxxxpredictive
137Argumentxxxxxxxxxxxpredictive
138Argumentxxxpredictive
139Argumentxxxxx/xxxxpredictive
140Argumentxxxxxxx/xxxxxpredictive
141Argumentxxxxxxpredictive
142Argumentxxxx_xxxpredictive
143Argumentxxxxxx_xxxxpredictive
144Argumentxxxxxxx xxxxxxpredictive
145Argumentxxx_xxpredictive
146Argumentxxxx_xxxxpredictive
147Argumentxxxxxxxxxxpredictive
148Argumentxxxxxxpredictive
149Argumentxxxxxxxxxxpredictive
150Argumentxxxxxx_xxpredictive
151Argumentxxxxxxxxpredictive
152Argumentxxxpredictive
153Argumentxxxxxxxxxxpredictive
154Argumentxxxpredictive
155Argumentxxxpredictive
156Argumentxxxxxxxxxxpredictive
157Argumentxxxxxxxxxxxpredictive
158Argumentxxxxxx xxxxxxpredictive
159Argumentxxxpredictive
160Argumentxxxpredictive
161Argumentxxxx-xxxxxxxxpredictive
162Argumentxxxxxxxx/xxxxpredictive
163Argumentxxxxpredictive
164Argumentxxxxx/xxxxx/xxxxx/xxxx/xxxxxxpredictive
165Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
166Input Value../../predictive
167Input Value/xxxxxx/..%xxpredictive
168Input Value::$xxxxx_xxxxxxxxxxpredictive
169Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
170Input Valuexxxxxxpredictive
171Pattern+|xx xx xx xx xx xx xx|predictive
172Pattern/xxxxx/xxxxxxx.xxxpredictive
173Pattern/xxxxxxxxxx/predictive
174Patternxxxx|xx|predictive
175Patternxxxxpredictive
176Patternxxxpredictive
177Patternxxxxxxxxxxxpredictive
178Patternxxxxxxx|xx xx xx xx xx|predictive
179Patternxxxxpredictive
180Patternxxxxpredictive
181Patternxxxxxxxxx|xx|predictive
182Patternxxxxpredictive
183Patternx|xx|x|xx|_|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|x|xx|predictive
184Patternxxxxxx.xxxxxxpredictive
185Patternxxxxx/xxxxxxxxxpredictive
186Pattern|xx xx xx xx|predictive
187Pattern|xx xx|predictive
188Pattern|xx xx xx xx|<|xx xx xx|xxxxpredictive
189Pattern|xx|x|xx xx|predictive
190Network Portxxx/xxpredictive
191Network Portxxx/xxxx (xxx)predictive
192Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!