KHRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (217)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en160
ru38
zh12
es4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us90
ru70
cn28
gb26
cf2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TrickBot11
RedLine Stealer5
Conti4
DCRat2
Mirai2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined82
Content Management System10
Operating System8
Application Server Software8
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined72
Microsoft10
Oracle8
Apache8
F54

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
F5 BIG-IP4
OpenSSL4
WordPress4
Jitsi Meet4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
3Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.04CVE-2022-27228
4jQuery html cross site scripting5.85.1$0-$5k$0-$5kNot DefinedOfficial Fix0.019000.00CVE-2020-11023
5ILIAS Cloze Test Text gap Persistent cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.06CVE-2019-1010237
6Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.020740.05CVE-2022-46463
7Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.001960.03CVE-2020-11878
8nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.88CVE-2020-12440
9WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.00CVE-2022-3590
10Bitrix24 server-side request forgery8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.005210.02CVE-2020-13484
11Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$5k-$25kHighOfficial Fix0.971640.05CVE-2022-40684
12Apache Tomcat HTTP Digest Authentication Implementation improper authentication8.27.1$5k-$25k$0-$5kUnprovenOfficial Fix0.003420.02CVE-2012-5887
13TEM FLEX-1080/FLEX-1085 Log log.cgi information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.001500.09CVE-2022-1077
14F5 BIG-IP iControl REST Authentication bash missing authentication9.89.6$5k-$25k$0-$5kHighOfficial Fix0.974790.05CVE-2022-1388
15Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974490.00CVE-2022-22954
16Apache Groovy MethodClosure.java MethodClosure injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.022890.00CVE-2015-3253
17LightCMS External Image NEditorController.php Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006750.00CVE-2021-27112
18phpPgAds adclick.php unknown vulnerability5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003170.65CVE-2005-3791
19E-topbiz Viral DX 1 adclick.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000870.05CVE-2008-2867
20Huawei Toronto-TL10 information disclosure4.44.4$5k-$25k$0-$5kNot DefinedNot Defined0.000660.00CVE-2018-7907

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Cambodia Attacks

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1194.87.94.61ptr.ruvds.comKHRATCambodia Attacks08/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (104)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/login.phppredictiveHigh
2File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
3File/mgmt/tm/util/bashpredictiveHigh
4File/mifs/c/i/reg/reg.htmlpredictiveHigh
5File/secure/ViewCollectorspredictiveHigh
6File/SessionpredictiveMedium
7File/usr/bin/pkexecpredictiveHigh
8File/xAdmin/html/cm_doclist_view_uc.jsppredictiveHigh
9Fileadclick.phppredictiveMedium
10Fileadd_comment.phppredictiveHigh
11Fileadmin/content.phppredictiveHigh
12Filecgi-bin/awstats.plpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
16Filex_xxxxxxpredictiveMedium
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx_xxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxx_xxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxxx.xpredictiveHigh
24Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxxxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxx.xxx/xxxxxxx/xxxxxpredictiveHigh
29Filexxxxx.xxpredictiveMedium
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
33Filexxx.xxxpredictiveLow
34Filexxxxx-xxxx-xxxx.xxxpredictiveHigh
35Filexxx_xxxxx_xxxx.xpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
38Filexxx_xxxxxx.xxxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
43Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxx.xxpredictiveMedium
45Filexxxxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxx.xxpredictiveLow
49Filexxxxxxxx_xxxx.xxxpredictiveHigh
50Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxxx.xxxpredictiveHigh
53Filexxxxx.xpredictiveLow
54Filexxx-xxx/predictiveMedium
55Filexxxxxxx/xxx/xxxxxxxpredictiveHigh
56Filexx-xxxx.xxxpredictiveMedium
57Filexx-xxxxxxxxx.xxxpredictiveHigh
58Argument*xxxxpredictiveLow
59ArgumentxxpredictiveLow
60ArgumentxxxxxxxxxxxxpredictiveMedium
61ArgumentxxxxxxpredictiveLow
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65Argumentxxx_xxpredictiveLow
66Argumentxxxxxx_xxpredictiveMedium
67ArgumentxxxxxxpredictiveLow
68Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
69ArgumentxxxxpredictiveLow
70ArgumentxxxpredictiveLow
71ArgumentxxxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxpredictiveLow
73Argumentxx_xxxx/xxxxx/xxxpredictiveHigh
74Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
75ArgumentxxxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77Argumentxxxxxx_xxxxx_xxxpredictiveHigh
78ArgumentxxxxpredictiveLow
79Argumentxxxx_xxxxxpredictiveMedium
80ArgumentxxpredictiveLow
81ArgumentxxxxxxpredictiveLow
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
86ArgumentxxxxxxxxxpredictiveMedium
87Argumentxxxxxxxx_xxpredictiveMedium
88Argumentxxxxxxx xxxxxpredictiveHigh
89ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
90ArgumentxxxxxxpredictiveLow
91ArgumentxxxxxxpredictiveLow
92Argumentxxxxxx_xxxpredictiveMedium
93ArgumentxxxxxxpredictiveLow
94Argumentxx_xxpredictiveLow
95Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
96ArgumentxxxxxpredictiveLow
97ArgumentxxpredictiveLow
98ArgumentxxxxxxpredictiveLow
99Argument_xxxxxx[xxxxxxxx_xxxx]predictiveHigh
100Input Value/xxxxxx/..%xxpredictiveHigh
101Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
102Pattern__xxxxxxxxx=predictiveMedium
103Network PortxxxxpredictiveLow
104Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!