ZuoRAT 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (125)

语言

en	100
zh	24
sv	2

国家/地区

cn	84
us	40
tw	2

演员

ZuoRAT	3
Cobalt Strike	2
APT29	1
ShadowPad	1
APT10	1

利益

类型

Not Defined	48
Firewall Software	8
Content Management System	8
Database Software	6
Groupware Software	6

供应商

Not Defined	24
Microsoft	12
Fortinet	10
Zoho ManageEngine	8
Cisco	6

产品

Oracle Database Server	4
Mail2000	4
Zoho ManageEngine ADSelfService Plus	4
Microsoft Windows	4
WordPress	4

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	QNAP QTS Photo Station 权限升级	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96341	0.00	CVE-2019-7192
2	Deltek Vision RPC over HTTP SQL SQL注入	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00576	0.02	CVE-2018-18251
3	Mail2000 Login portal 跨网站脚本	5.2	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00334	0.04	CVE-2019-15072
4	Zoho ManageEngine ADSelfService Plus 权限升级	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00562	0.00	CVE-2020-11518
5	RuoYi edit SQL注入	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00076	0.00	CVE-2023-49371
6	BDCOM 1704-WGL Backup File param.file.tgz 信息公开	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00120	0.00	CVE-2023-0659
7	Shopro Mall System SQL注入	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.07	CVE-2022-35154
8	wix-embedded-mysql com.wix.mysql.distribution.Setup.apply 权限升级	7.6	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00128	0.00	CVE-2023-39021
9	Blueriver Sava CMS fileManager.cfc 目录遍历	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03023	0.04	CVE-2010-3468
10	Mura CMS Draggable Feeds readRSS.cfm XML External Entity	6.4	5.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01204	0.00	CVE-2017-15639
11	Gibbon 权限升级	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02842	0.09	CVE-2023-34598
12	Slider Revolution Plugin Image File 权限升级	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00097	0.04	CVE-2023-2359
13	Essential Grid Plugin 权限升级	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02	CVE-2023-47771
14	Citrix ShareFile StorageZones Controller 权限升级	9.8	9.6	$5k-$25k	$5k-$25k	High	Official Fix	0.97420	0.04	CVE-2023-24489
15	HPE ArubaOS AirWave Client Service 内存损坏	9.8	9.6	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00187	0.03	CVE-2023-45616
16	VMware Workspace ONE UEM Console SAML Response Redirect	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.05	CVE-2023-20886
17	D-Link D-View coreservice_action_script Remote Code Execution	9.8	9.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00065	0.00	CVE-2023-44414
18	Citrix XenMobile Server 权限升级	5.5	5.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00248	0.00	CVE-2022-26151
19	y_project RuoYi GenController SQL注入	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00133	0.07	CVE-2022-4566
20	VMware Horizon Server 信息公开	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00046	0.03	CVE-2023-34038

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	59.124.6.0	59-124-6-0.hinet-ip.hinet.net	ZuoRAT	2022-07-05	verified	高
2	82.157.69.219		ZuoRAT	2022-07-01	verified	高
3	XXX.XXX.XXX.XXX		Xxxxxx	2022-07-01	verified	高
4	XXX.XX.XXX.XXX		Xxxxxx	2022-07-01	verified	高
5	XXX.XX.XXX.XX		Xxxxxx	2022-07-01	verified	高
6	XXX.XX.XXX.X	xxxxxxxxxxx-xxx-xx-xxx-x.xxxx-xxxxxxx.xxxxxxx.xx.xxxxxxxxxx.xxx	Xxxxxx	2022-07-05	verified	高
7	XXX.XXX.XX.XX		Xxxxxx	2022-07-01	verified	高

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	分类	漏洞	访问向量	类型	可信度
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	高
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
4	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	高
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	高
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
10	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
11	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	高
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
13	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	高
14	TXXXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
15	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高
16	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	.kdbgrc	predictive	低
2	File	/../../conf/template/uhttpd.json	predictive	高
3	File	/cgi-bin/go	predictive	中
4	File	/cgi-bin/portal	predictive	高
5	File	/etc/shadow	predictive	中
6	File	/etc/sudoers	predictive	中
7	File	/xxxxx.xxxx.xxx	predictive	高
8	File	/xxxxxxxxx//../	predictive	高
9	File	/xxxxxx/xxxx/xxxx	predictive	高
10	File	/xxxxxxx/	predictive	中
11	File	xxx-xxx/xxxxxxxxxxxx.xxx/xxxxxxxxxxxx	predictive	高
12	File	xxx/xxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxx	predictive	高
13	File	xxxx/xxxxxxxxxxxxx.xxx	predictive	高
14	File	xxxxxxxxxxx.xxx	predictive	高
15	File	xxxxxxxx/xxxxxx/xxxxx.xxx	predictive	高
16	File	xxxxxx/xxxxxxxxxxxx	predictive	高
17	File	xxx/xxxxxx.xxx	predictive	高
18	File	xxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxx	predictive	高
19	File	xxxxx.xxx	predictive	中
20	File	xxxxxxxxxxx-xxxx.xx	predictive	高
21	File	xxxxxxx.xxx	predictive	中
22	File	xxxxx_xxxxxx_xxxxxxxx.xxx	predictive	高
23	File	xxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxx	predictive	高
24	File	xxx.x	predictive	低
25	File	xxxx.xx.xx	predictive	中
26	File	xxxxxx.xxx	predictive	中
27	File	xxxxx/xxxx/xxxxxxx.xxx	predictive	高
28	File	xxxxxx/xxxxxxxxxxx/xxxx_xxxxxxx.xxx	predictive	高
29	File	xxxxxxxx.xxx	predictive	中
30	Library	xxxxxxx.xxx	predictive	中
31	Argument	xxxxxx	predictive	低
32	Argument	xxxx_xxxxxxx	predictive	中
33	Argument	xxxxxxxx	predictive	中
34	Argument	xxx_xxxxxx_x	predictive	中
35	Argument	xxxxxxxxxxx	predictive	中
36	Argument	xxxxxxxxxx	predictive	中
37	Argument	xxxxxx	predictive	低
38	Argument	xxxxxx_xxxxx_xxx	predictive	高
39	Argument	xx	predictive	低
40	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	高
41	Argument	xxx	predictive	低
42	Argument	xxxxxxxx	predictive	中
43	Argument	xxxxx	predictive	低
44	Input Value	xxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxx	predictive	高
45	Input Value	\x	predictive	低
46	Network Port	xxxxx	predictive	低
47	Network Port	xxx/xx (xxx)	predictive	中

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!