HiatusRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (54)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us52
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

HiatusRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Advertising Software8
Not Defined8
Document Reader Software4
Anti-Malware Software4
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Revive8
Apple6
Foxit2
Tenable2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Revive Adserver8
Foxit Reader2
Tenable Nessus2
git-hub2
Avast Premier2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Yandex Browser Security WiFi access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.001060.00CVE-2016-8501
2Cisco IOS/IOS XE DHCP Relay input validation9.89.7$25k-$100k$5k-$25kHighOfficial Fix0.051780.00CVE-2017-12240
3Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4Revive Adserver Web Installer Reflected cross site scripting4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.02CVE-2016-9472
5Apple macOS Server Web Server Timeout resource management5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.04CVE-2007-6750
6Tenable Nessus .nessus File cross site scripting4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2016-9260
7git-hub Repository URL access control8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.012050.00CVE-2016-7793
8Guacamole File Browser cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000700.00CVE-2016-1566
9HPE Financial Transaction Manager Web UI cross site scripting5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2016-5920
10Apple watchOS libarchive link following5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006250.00CVE-2016-4679
11Oracle Application Server sql injection5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.04CVE-2007-0286
12Adobe Flash Player Adobe Texture Format File memory corruption8.07.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.918010.00CVE-2017-2934
13Foxit PDF Toolkit PDF File memory corruption7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003770.00CVE-2017-7584
14mcart.xls Module mcart_xls_import.php sql injection7.17.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.004650.00CVE-2015-8356
15Google Android Mediaserver memory corruption8.78.7$25k-$100k$25k-$100kNot DefinedNot Defined0.012880.00CVE-2017-0541
16Linux Kernel vc4_gem.c vc4_get_bcl integer overflow6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2017-5576
17Ubiquiti NSM5 cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedUnavailable0.000000.00
18PHPList Edit Subscription index.php sql injection7.97.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001520.08CVE-2017-20029
19Foxit Reader TIFF Image ConvertToPdf_x86.dll CreateFXPDFConvertor memory corruption6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.027760.00CVE-2016-3740
20Avast Premier Self-Protection access control6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000420.03CVE-2017-5567

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.63.70.5745.63.70.57.vultrusercontent.comHiatusRAT08/20/2023verifiedHigh
2XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxXxxxxxxxx08/20/2023verifiedHigh
3XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx08/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ajax-files/followBoard.phppredictiveHigh
2File/categorypage.phppredictiveHigh
3File/lists/index.phppredictiveHigh
4File/xxxxxxxxx/xx-xxxxx/xxxxx.xxxpredictiveHigh
5Filexxxxx/xxxxx_xxx_xxxxxx.xxxpredictiveHigh
6Filexxxxxx/xxxxx_xxxx.xpredictiveHigh
7Filexxxxxxx/xxx/xxx/xxx/xxx_xxx.xpredictiveHigh
8Filexxxxxxxxxx/xxx.xpredictiveHigh
9Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
10Filexx-xxxxx/xxxxx.xxxpredictiveHigh
11Filexx-xxxx.xxxpredictiveMedium
12Filexxxx/xxxx_xxxx.xpredictiveHigh
13Libraryxxxxxxxxxxxx_xxx.xxxpredictiveHigh
14ArgumentxxxxxpredictiveLow
15Argumentxxxxxx/xxxxxxpredictiveHigh
16Argumentxxxxx_xx/xxxxxpredictiveHigh
17Argumentxxxxxxx_xxpredictiveMedium
18ArgumentxxxxxxxxxxxxxxxpredictiveHigh
19ArgumentxxxxxpredictiveLow
20Argumentxxx_xxxxxx_xxxxxxx_xx_xxxpredictiveHigh
21Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
22Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!