Orcus RAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (517)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en296
de188
zh12
es10
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de186
us154
cn68
ru2
vn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike13
NetSupportManager RAT11
Mirai10
Raccoon10
RecordBreaker9

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined200
Content Management System38
WordPress Plugin14
Programming Language Software12
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined166
Microsoft12
Cisco10
Kunbus8
SourceCodester8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Simple DirectMedia Layer14
Kunbus PR100088 Modbus Gateway8
Binaryen6
PHP6
Frog CMS6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Cisco Web Security Appliance Decryption Policy Default Action resource consumption6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000940.00CVE-2019-1672
3Fortinet FortiOS SSH format string8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.002220.00CVE-2018-1352
4Cisco Identity Services Engine Web-based Management Interface cross site scripting5.05.0$5k-$25k$0-$5kNot DefinedNot Defined0.000660.00CVE-2019-1673
5Apple iOS Live Photos in FaceTime Local Privilege Escalation7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002440.00CVE-2019-7288
6Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
7Fortinet FortiClient NDIS Miniport Driver null pointer dereference5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2018-9190
8HelpSystems tcpcrypt memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002500.00CVE-2018-20764
9Symantec Ghost Solution Suite DLL untrusted search path5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2018-18364
10Kunbus PR100088 Modbus Gateway FTP Service XML credentials management6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2019-6549
11Kunbus PR100088 Modbus Gateway HTTP credentials management7.67.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2019-6531
12Apple iOS Foundation memory corruption7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.003390.00CVE-2019-7286
13Apple iOS IOKit memory corruption8.78.5$25k-$100k$5k-$25kHighOfficial Fix0.001250.04CVE-2019-7287
14Debian python-rdflib-tools CLI Tool code injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.004420.00CVE-2019-7653
15Emsisoft Anti-Malware ACL EPP.sys access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003210.04CVE-2019-7651
16Hotels_Server Password Storage fetchpwd.php credentials management7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.005880.00CVE-2019-7648
17Cisco Meeting Server Session Initiation Protocol input validation6.56.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001790.00CVE-2019-1676
18libming parser.c parseSWF_ACTIONRECORD memory corruption8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.010260.00CVE-2019-7581
19ThinkCMF addpost.html code injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002720.00CVE-2019-7580
20Waimai Super CMS PublicAction.class.php Time-Based sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.00CVE-2019-7585

IOC - Indicator of Compromise (170)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.54.107.33Orcus RAT11/25/2023verifiedHigh
21.54.107.38Orcus RAT10/31/2023verifiedHigh
31.54.172.244Orcus RAT12/24/2023verifiedHigh
42.58.56.2422.58.56.242.powered.by.rdp.shOrcus RAT10/09/2023verifiedHigh
53.129.187.220ec2-3-129-187-220.us-east-2.compute.amazonaws.comOrcus RAT05/21/2021verifiedMedium
63.133.207.110ec2-3-133-207-110.us-east-2.compute.amazonaws.comOrcus RAT05/21/2021verifiedMedium
73.137.146.78ec2-3-137-146-78.us-east-2.compute.amazonaws.comOrcus RAT07/12/2021verifiedMedium
83.143.239.116ec2-3-143-239-116.us-east-2.compute.amazonaws.comOrcus RAT06/27/2021verifiedMedium
95.42.92.89hosted-by.yeezyhost.netOrcus RAT04/22/2024verifiedHigh
105.78.108.0static.0.108.78.5.clients.your-server.deOrcus RAT01/01/2024verifiedHigh
1113.53.37.168ec2-13-53-37-168.eu-north-1.compute.amazonaws.comOrcus RAT08/22/2021verifiedMedium
1215.235.3.1ip1.ip-15-235-3.netOrcus RAT12/28/2023verifiedHigh
1316.170.253.123ec2-16-170-253-123.eu-north-1.compute.amazonaws.comOrcus RAT11/05/2023verifiedMedium
1418.117.142.49ec2-18-117-142-49.us-east-2.compute.amazonaws.comOrcus RAT06/19/2021verifiedMedium
1518.192.31.165ec2-18-192-31-165.eu-central-1.compute.amazonaws.comOrcus RAT12/14/2023verifiedMedium
1620.89.177.186Orcus RAT05/09/2022verifiedHigh
1720.163.19.3Orcus RAT01/28/2024verifiedHigh
1820.240.201.149Orcus RAT01/29/2024verifiedHigh
1927.124.3.19Orcus RAT12/21/2023verifiedHigh
2027.124.4.200Orcus RAT10/11/2023verifiedHigh
2127.124.6.248Orcus RAT12/10/2023verifiedHigh
2231.44.184.52Orcus RAT12/14/2023verifiedHigh
2331.173.170.243Orcus RAT11/26/2023verifiedHigh
2435.157.61.186ec2-35-157-61-186.eu-central-1.compute.amazonaws.comOrcus RAT04/28/2024verifiedMedium
2539.38.245.19Orcus RAT01/28/2024verifiedHigh
2639.44.128.21Orcus RAT12/31/2023verifiedHigh
2740.113.117.114Orcus RAT02/17/2024verifiedHigh
2841.97.204.61Orcus RAT04/01/2024verifiedHigh
2942.114.153.12Orcus RAT01/18/2024verifiedHigh
3042.114.153.115Orcus RAT11/22/2023verifiedHigh
3142.117.36.184Orcus RAT02/26/2024verifiedHigh
3245.94.31.205Orcus RAT01/30/2024verifiedHigh
3345.146.253.103rs-zap868892-1.zap-srv.comOrcus RAT08/30/2021verifiedHigh
3445.157.69.156Orcus RAT03/13/2024verifiedHigh
35XX.XXX.XX.XXXxxxx Xxx01/17/2024verifiedHigh
36XX.XXX.XX.XXXXxxxx Xxx12/24/2023verifiedHigh
37XX.X.XX.XXXxxxx.xxx.xxxxxxx.xxxXxxxx Xxx01/01/2024verifiedHigh
38XX.XX.XXX.XXXXxxxx Xxx12/14/2023verifiedHigh
39XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxx Xxx04/03/2024verifiedHigh
40XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xx-xxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx10/09/2023verifiedMedium
41XX.XXX.XXX.XXXXxxxx Xxx01/24/2024verifiedHigh
42XX.XXX.XXX.XXXXxxxx Xxx04/15/2024verifiedHigh
43XX.XXX.XXX.XXXXxxxx Xxx04/28/2024verifiedHigh
44XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxx Xxx08/31/2021verifiedHigh
45XX.XX.XXX.XXxxxxxxxxxxxx.xxxxxxx.xxxXxxxx Xxx01/16/2024verifiedHigh
46XX.XXX.X.XXxxx-xx-xxx-x-xx.xxxxx.xxx.xx.xxxXxxxx Xxx07/17/2021verifiedHigh
47XX.XXX.XXX.XXXxxxx Xxx11/26/2023verifiedHigh
48XX.X.XX.XXXXxxxx Xxx02/02/2024verifiedHigh
49XX.XXX.XX.XXXxxxx Xxx06/29/2021verifiedHigh
50XX.XXX.XXX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx01/27/2024verifiedHigh
51XX.XXX.XXX.XXXxxxx Xxx05/15/2021verifiedHigh
52XX.XX.XXX.XXXxxx-xxx-xx-xx.xxxxxx.xxxXxxxx Xxx05/15/2022verifiedHigh
53XX.XXX.XXX.XXXxxxx Xxx10/09/2023verifiedHigh
54XX.XX.XXX.XXXxxxx Xxx03/03/2023verifiedHigh
55XX.XXX.XXX.XXXXxxxx Xxx11/14/2021verifiedHigh
56XX.XXX.XXX.XXXxxxx Xxx11/05/2023verifiedHigh
57XX.XXX.X.XXxx.x.xxx.xx.xx-xxxx.xxxxXxxxx Xxx09/19/2023verifiedHigh
58XX.XXX.X.XXXxx-xxx-x-xxx.xxxxxx.xxXxxxx Xxx02/12/2024verifiedHigh
59XX.XXX.X.XXxx-xxx-x-xx.xxxxxx.xxXxxxx Xxx10/09/2023verifiedHigh
60XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx Xxx10/23/2023verifiedHigh
61XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxxxx.xxXxxxx Xxx02/01/2023verifiedHigh
62XX.XXX.XXX.XXXxxxx-xxxxxx.xxxx.xxxxxxxXxxxx Xxx10/11/2023verifiedHigh
63XX.XX.XXX.XXXxxxx Xxx01/01/2024verifiedHigh
64XX.XX.XXX.XXXxxxx Xxx12/29/2023verifiedHigh
65XX.XXX.XXX.XXXxxxxxxxxx.xxxXxxxx Xxx02/22/2024verifiedHigh
66XX.XXX.XXX.Xx.xxx.xxx.xx.xxx.xxxxxxxx.xxXxxxx Xxx08/21/2021verifiedHigh
67XX.XX.XXX.XXxx.xxx.xx.xx.xxx.xxxxxxxx.xxXxxxx Xxx08/21/2021verifiedHigh
68XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx02/06/2022verifiedHigh
69XX.XXX.XX.XXXXxxxx Xxx04/01/2024verifiedHigh
70XX.XXX.XX.XXXxxxx Xxx02/09/2024verifiedHigh
71XX.XXX.XX.XXXxxxx Xxx02/16/2024verifiedHigh
72XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx10/09/2023verifiedHigh
73XX.XXX.XXX.XXXXxxxx Xxx04/22/2024verifiedHigh
74XX.XXX.XXX.Xxxxxxx.x.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx Xxx06/19/2021verifiedHigh
75XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxx.xxxXxxxx Xxx04/18/2021verifiedHigh
76XXX.XXX.XX.XXXXxxxx Xxx11/08/2023verifiedHigh
77XXX.XX.XXX.XXXxxxx.xxxxx.xxxxxxXxxxx Xxx02/04/2024verifiedHigh
78XXX.XXX.XXX.XXXXxxxx Xxx04/01/2024verifiedHigh
79XXX.XXX.XXX.XXXxxxx Xxx03/06/2024verifiedHigh
80XXX.XXX.XXX.XXXXxxxx Xxx03/01/2024verifiedHigh
81XXX.XXX.XXX.XXXXxxxx Xxx03/09/2024verifiedHigh
82XXX.XXX.XXX.XXXxxxxx-xxxxxxx.xxxxxxxxxxxx.xxxXxxxx Xxx11/22/2023verifiedHigh
83XXX.XXX.XXX.XXXxxxx Xxx06/17/2022verifiedHigh
84XXX.XXX.X.XXxxxx-xxx-xxx-x-xx.xxxxxxxxxx.xxxxx.xxxXxxxx Xxx04/12/2022verifiedHigh
85XXX.XX.XXX.XXXxxxx Xxx08/15/2021verifiedHigh
86XXX.XXX.XXX.XXXXxxxx Xxx11/15/2023verifiedHigh
87XXX.XXX.XXX.XXXxxxx Xxx09/21/2023verifiedHigh
88XXX.XXX.XX.XXXxxx-xxxxxxxxx-xxx.xx.xxx.xxx.xxxxxx.xxXxxxx Xxx02/18/2022verifiedHigh
89XXX.XXX.XX.XXXXxxxx Xxx02/12/2024verifiedHigh
90XXX.XX.XX.XXXxxx-xxx-xx-xx-xxx.xxx.xxxxxxxx.xxxXxxxx Xxx11/26/2023verifiedHigh
91XXX.XXX.XX.XXXXxxxx Xxx06/20/2021verifiedHigh
92XXX.XXX.XXX.XXXXxxxx Xxx02/08/2024verifiedHigh
93XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxXxxxx Xxx05/27/2021verifiedHigh
94XXX.XXX.XX.XXXXxxxx Xxx09/15/2021verifiedHigh
95XXX.XXX.XX.XXxx-xxxx-xxxxx.xxxxxxxxxx.xxxXxxxx Xxx10/26/2023verifiedHigh
96XXX.XXX.XXX.XXXXxxxx Xxx01/12/2024verifiedHigh
97XXX.XX.XXX.XXXXxxxx Xxx04/23/2024verifiedHigh
98XXX.XXX.XXX.XXXxxxx Xxx11/26/2023verifiedHigh
99XXX.XXX.XXX.XXXxxxx Xxx03/13/2024verifiedHigh
100XXX.XXX.XXX.XXXXxxxx Xxx03/06/2023verifiedHigh
101XXX.XXX.X.XXXXxxxx Xxx10/25/2023verifiedHigh
102XXX.XX.XXX.XXXXxxxx Xxx04/30/2024verifiedHigh
103XXX.XXX.XXX.XXXxxxx Xxx01/28/2024verifiedHigh
104XXX.XXX.XX.XXxxxx Xxx04/24/2024verifiedHigh
105XXX.XXX.XXX.XXXxxxx Xxx03/09/2024verifiedHigh
106XXX.XXX.XXX.XXXxxxx Xxx12/28/2023verifiedHigh
107XXX.XXX.X.XXXXxxxx Xxx02/23/2024verifiedHigh
108XXX.XXX.XXX.XXXXxxxx Xxx12/31/2023verifiedHigh
109XXX.XXX.XXX.XXXXxxxx Xxx01/24/2024verifiedHigh
110XXX.XXX.XXX.XXXXxxxx Xxx11/02/2023verifiedHigh
111XXX.XXX.X.XXXXxxxx Xxx02/10/2024verifiedHigh
112XXX.XXX.XX.XXXxxxx Xxx02/12/2024verifiedHigh
113XXX.XXX.XXX.XXXXxxxx Xxx01/20/2024verifiedHigh
114XXX.XXX.XXX.XXXxxxx Xxx11/22/2023verifiedHigh
115XXX.XXX.XXX.XXXXxxxx Xxx02/26/2024verifiedHigh
116XXX.XXX.XXX.XXXxxxx Xxx11/05/2023verifiedHigh
117XXX.XXX.XXX.XXXXxxxx Xxx11/27/2023verifiedHigh
118XXX.XXX.XX.XXxxx.xxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxxx Xxx07/30/2021verifiedHigh
119XXX.X.XXX.XXXXxxxx Xxx11/05/2023verifiedHigh
120XXX.XX.XXX.XXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx Xxx10/09/2023verifiedHigh
121XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxx04/12/2024verifiedHigh
122XXX.XX.XXX.XXXxxxx-xxxx-xxxxxxxxxxx-xxx-xx-xxx-xx-xxx-xxx.xxx.xxxx.xxXxxxx Xxx03/06/2024verifiedHigh
123XXX.XX.XX.XXXxxx.xxxx.xxxXxxxx Xxx06/09/2021verifiedHigh
124XXX.XX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx04/12/2024verifiedHigh
125XXX.XXX.XXX.XXXxxxx Xxx06/24/2021verifiedHigh
126XXX.XX.XXX.XXXxxxxxxxxxxxx.xxxXxxxx Xxx09/08/2022verifiedHigh
127XXX.XX.XXX.XXXXxxxx Xxx11/09/2023verifiedHigh
128XXX.XX.XXX.XXXxxxx Xxx12/08/2023verifiedHigh
129XXX.XXX.XXX.XXXxxxx-xxxx-xxxxxxxxxxx-xxx-xx-xxx-xxx-xxx-xxx.xxx.xxxx.xxXxxxx Xxx03/03/2024verifiedHigh
130XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxx Xxx05/02/2021verifiedHigh
131XXX.XXX.XX.XXXxxxx Xxx09/10/2021verifiedHigh
132XXX.XXX.XX.XXXxxxx Xxx12/29/2023verifiedHigh
133XXX.XXX.X.XXXXxxxx Xxx10/09/2023verifiedHigh
134XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx03/05/2024verifiedHigh
135XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxXxxxx Xxx02/03/2024verifiedHigh
136XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx03/11/2024verifiedHigh
137XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxXxxxx Xxx02/05/2024verifiedHigh
138XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxXxxxx Xxx10/14/2023verifiedHigh
139XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx01/24/2024verifiedHigh
140XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx02/28/2024verifiedHigh
141XXX.XX.XXX.XXXXxxxx Xxx07/24/2021verifiedHigh
142XXX.XXX.XXX.XXXxxxx-xxxxxxx.xxxXxxxx Xxx01/11/2023verifiedHigh
143XXX.XXX.XXX.XXXXxxxx Xxx02/15/2023verifiedHigh
144XXX.XX.XXX.XXxxxxXxxxx Xxx12/29/2023verifiedHigh
145XXX.XX.XXX.XXXxxxx Xxx10/24/2023verifiedHigh
146XXX.XXX.XXX.XXXxxxx Xxx11/22/2022verifiedHigh
147XXX.XXX.XX.XXXXxxxx Xxx11/10/2023verifiedHigh
148XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxx.xx.xxXxxxx Xxx02/19/2024verifiedHigh
149XXX.XXX.XX.XXXXxxxx Xxx03/06/2024verifiedHigh
150XXX.XXX.XX.XXXXxxxx Xxx02/26/2024verifiedHigh
151XXX.XXX.XX.XXXXxxxx Xxx02/12/2024verifiedHigh
152XXX.XXX.XXX.XXXxxxx Xxx12/30/2023verifiedHigh
153XXX.XXX.XXX.XXXxxxx Xxx01/24/2024verifiedHigh
154XXX.XXX.XXX.XXXxxxx Xxx01/26/2024verifiedHigh
155XXX.XXX.XXX.XXXXxxxx Xxx04/22/2024verifiedHigh
156XXX.XXX.XXX.XXXxxxx Xxx10/09/2023verifiedHigh
157XXX.XXX.XXX.XXXXxxxx Xxx09/06/2021verifiedHigh
158XXX.XX.XX.XXXXxxxx Xxx10/09/2023verifiedHigh
159XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxx.xxXxxxx Xxx12/28/2023verifiedHigh
160XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxx.xxXxxxx Xxx12/27/2023verifiedHigh
161XXX.XX.XXX.XXXXxxxx Xxx02/26/2023verifiedHigh
162XXX.XX.XXX.XXXXxxxx Xxx02/26/2023verifiedHigh
163XXX.XX.XXX.XXXXxxxx Xxx03/12/2023verifiedHigh
164XXX.XX.XXX.XXXXxxxx Xxx02/26/2023verifiedHigh
165XXX.X.XXX.Xxxxxxxxxxxxx.xxxxxxx.xxxXxxxx Xxx10/09/2023verifiedHigh
166XXX.XX.XXX.XXXxxxxxx-xxxxxxxxx-xxxxxx-xxx-xx-xxx-xxx.xxxxxx.xxx.xxXxxxx Xxx01/14/2024verifiedHigh
167XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxx Xxx03/03/2024verifiedHigh
168XXX.XXX.XXX.XXXXxxxx Xxx12/14/2023verifiedHigh
169XXX.XXX.XX.XXXXxxxx Xxx09/08/2021verifiedHigh
170XXX.XXX.XX.XXXxxxx Xxx02/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (270)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?Key=PhoneRequestAuthorizationpredictiveHigh
2File/admin/accesspredictiveHigh
3File/admin/index.htmlpredictiveHigh
4File/api/RecordingList/DownloadRecord?file=predictiveHigh
5File/apply.cgipredictiveMedium
6File/bin/loginpredictiveMedium
7File/configs/application.inipredictiveHigh
8File/etc/gsissh/sshd_configpredictiveHigh
9File/film-rating.phppredictiveHigh
10File/homepredictiveLow
11File/index.phppredictiveMedium
12File/librarian/bookdetails.phppredictiveHigh
13File/php/ping.phppredictiveHigh
14File/publicpredictiveLow
15File/rapi/read_urlpredictiveHigh
16File/scripts/unlock_tasks.phppredictiveHigh
17File/student/bookdetails.phppredictiveHigh
18File/SysInfo1.htmpredictiveHigh
19File/sysinfo_json.cgipredictiveHigh
20File/system/user/modules/mod_users/controller.phppredictiveHigh
21File/whbs/?page=manage_accountpredictiveHigh
22File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
23Fileaccount.asppredictiveMedium
24Fileadmin.phppredictiveMedium
25Fileadmin.php/comments/batchdel/predictiveHigh
26Fileadmin.php/User/del/ucode/predictiveHigh
27Fileadmin.php?c=a_adminuser&a=add&run=1predictiveHigh
28Fileadmin.php?m=Member&a=adminaddsavepredictiveHigh
29Fileadmin/?/layout/edit/1predictiveHigh
30Fileadmin/?/page/edit/1predictiveHigh
31Fileadmin/?/plugin/file_managerpredictiveHigh
32Fileadmin/?/snippet/edit/1predictiveHigh
33Fileadmin/establishment/manage.phppredictiveHigh
34Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxxx&x=xxxxxxxx&xxxxxx=<?xxxpredictiveHigh
35Filexxxxx/xxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxx/xxxxx/xxxpredictiveHigh
37Filexxxxx/xxxxx/xxx/xxxpredictiveHigh
38Filexxxxx_xxxxxx.xxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxx/xxxx.xxxpredictiveHigh
41Filexxxxx/xxx_xxxx.xpredictiveHigh
42Filexx_xxxxx_xxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxx_xxxx.xxxpredictiveHigh
46Filexxxxx.xxxxx.xxxpredictiveHigh
47Filexxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxx/xxx.xpredictiveMedium
49Filexxx/xxxxxx/xx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
50Filexxxxxx.xxx.xxxpredictiveHigh
51Filexxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
52Filexxxx/xxxxxxxx.xpredictiveHigh
53Filexxxx/xxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxx.xxx.xxxpredictiveHigh
55Filexxxxx/xxxxx.xxxpredictiveHigh
56Filexxxx_xxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxxxxxx.xxxpredictiveMedium
59Filexxxxxx.xxxpredictiveMedium
60Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxxxxxx.xxxpredictiveMedium
62Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
63Filexxxxx_xxxxxxxx.xpredictiveHigh
64Filexxx/xxxx/xxxx.xpredictiveHigh
65Filexxx/xxxxxxxx/xxx_xxxxxxx.xpredictiveHigh
66Filexxxxx/xxx_xxx_xxxxxx_xxxx.xxpredictiveHigh
67Filexx/xxxx.xpredictiveMedium
68Filexx/xx-xx.xpredictiveMedium
69Filexxxxxxx.xxxpredictiveMedium
70Filexxx/xxxx_xxxx.xpredictiveHigh
71Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
72Filexxxxxx/xxxxxxxxxxxpredictiveHigh
73Filexxxx_xxxxxx.xpredictiveHigh
74Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
75Filexxxxxx.xxxpredictiveMedium
76Filexxxx.xxxpredictiveMedium
77Filexxxx/xxxxxxx.xpredictiveHigh
78Filexxxxxx/predictiveLow
79Filexxxxx_xxxxxx.xxxpredictiveHigh
80Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
81Filexxxxxxx.xxxpredictiveMedium
82Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
83Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
84Filexxxxx.xxxpredictiveMedium
85Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
86Filexxxxx.xxx?xxx=xxxxxpredictiveHigh
87Filexxxxx.xxx?x=xxxxx&x=xxxx&x=xxx_xxxxpredictiveHigh
88Filexxxxx.xxx?x=xxx&x=xxxxx&x=xxxxxpredictiveHigh
89Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
90Filexxxxxxx.xxxpredictiveMedium
91Filexxxxxxx/xxxxxx-xxxxx.xxxpredictiveHigh
92Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
93Filexxxxxxx/xxxxxx.xxxpredictiveHigh
94Filexxxxxxxxxx.xxxpredictiveHigh
95Filexxxx_xxxx.xxxpredictiveHigh
96Filexxxx.xxxpredictiveMedium
97Filexxxxxx/xxxx_xxxxx.xpredictiveHigh
98Filexxxxxxx/xxx_xxxxxxxx.xpredictiveHigh
99Filexxxxx.xxxpredictiveMedium
100Filexxxxx.xxxpredictiveMedium
101Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
102Filexxxx/xxxxxxx_xxxx.xpredictiveHigh
103Filexxx/xxx.xxxpredictiveMedium
104Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
105Filexxx_xxxxxxxx.xxxpredictiveHigh
106Filexxxx-xxxxxx.xxxpredictiveHigh
107Filexxxxxxxx.xxxpredictiveMedium
108Filexxxxx.xxxpredictiveMedium
109Filexxxxxx/xxxxxxxx.xpredictiveHigh
110Filexxxxxxx-xxxxxxxx.xxpredictiveHigh
111Filexxxxxxxx.xxxpredictiveMedium
112Filexxxxxx/xxxxx_xxxxxxxx/xxxxxxx.xxxxpredictiveHigh
113Filexxxxx/xxxxxxx.xxxpredictiveHigh
114Filexxxxxxx.xxxpredictiveMedium
115Filexxxxx.xxxpredictiveMedium
116Filexxxxxx.xpredictiveMedium
117Filexxxx.xxxpredictiveMedium
118Filexxxxx.xxxpredictiveMedium
119Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
120Filexxxxxxx.xpredictiveMedium
121Filexxxxxxxx.xxxpredictiveMedium
122Filexxxxxxxx.xxxxpredictiveHigh
123Filexxxxxxxx.xxxpredictiveMedium
124Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
125Filexxxxxx.xxxpredictiveMedium
126Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
127Filexxxx.xxxpredictiveMedium
128Filexxxxx/xxxxx.xxxpredictiveHigh
129Filexxxxx.xxxpredictiveMedium
130Filexxxxx_xxxxx.xxxpredictiveHigh
131Filexxxxxxxx.xxxpredictiveMedium
132Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
133Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
134Filexxxxx-xxxx.xxxpredictiveHigh
135Filexxxxxxx?xxxxxxpredictiveHigh
136Filexxxxxxxxx.xxxpredictiveHigh
137Filexxxxxx.xxxpredictiveMedium
138Filexxxxxxxxx.xxxpredictiveHigh
139Filexxxx/xxxxxx.xpredictiveHigh
140Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
141Filexxxx/xxxx.xpredictiveMedium
142Filexxxxx/xxx_xxxx_x.xpredictiveHigh
143Filexxxxx/xxx_xxxxxx.xpredictiveHigh
144Filexxxxx/xxx_xxxxxxx.xpredictiveHigh
145Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
146FilexxxxxxxxxxpredictiveMedium
147Filexxxxxxx.xxxpredictiveMedium
148Filexxxx_xxxx.xxxpredictiveHigh
149Filexxxx_xxxxxxx.xxxpredictiveHigh
150Filexxxxxxx/xxxxx.xxxpredictiveHigh
151Filexxx.xxxpredictiveLow
152Filexxxx-xxxxxx.xxxpredictiveHigh
153Filexxxx-x-xxxxxx.xxxpredictiveHigh
154Filexxx/xxxxxxx.xxxpredictiveHigh
155Filexxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
156Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxx-xxxxxxxpredictiveHigh
157Filexxxxxx.xxxpredictiveMedium
158Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
159Libraryxxx.xxxpredictiveLow
160Libraryxxx/xxxxx.xxxxx.xxxpredictiveHigh
161Libraryxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
162Libraryxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
163ArgumentxxxpredictiveLow
164ArgumentxxxxxxpredictiveLow
165ArgumentxxxxxpredictiveLow
166Argumentxxxxxxx_xxxxpredictiveMedium
167Argumentxxxxxx_xxxxpredictiveMedium
168ArgumentxxxxxxxxpredictiveMedium
169Argumentxxxx_xxxpredictiveMedium
170ArgumentxxxxpredictiveLow
171Argumentxxx_xxxpredictiveLow
172ArgumentxxxpredictiveLow
173ArgumentxxxxpredictiveLow
174Argumentxxx_xxpredictiveLow
175ArgumentxxxpredictiveLow
176ArgumentxxxpredictiveLow
177Argumentxxxx_xxpredictiveLow
178ArgumentxxxxxpredictiveLow
179ArgumentxxxxxxxpredictiveLow
180ArgumentxxxxxxpredictiveLow
181ArgumentxxxxxxxxxxpredictiveMedium
182Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
183Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
184ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
185ArgumentxxxxxpredictiveLow
186Argumentxxxxxxxx_xxxxpredictiveHigh
187Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
188Argumentxx_xxxxpredictiveLow
189Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
190Argumentxxxxxx_xxpredictiveMedium
191Argumentxxxx_xxxxxxxxpredictiveHigh
192ArgumentxxxxxpredictiveLow
193Argumentxxxxx[]predictiveLow
194Argumentxxxxx_xxxxxxxxxxpredictiveHigh
195ArgumentxxxxxpredictiveLow
196ArgumentxxxxxxxpredictiveLow
197ArgumentxxxxxxxxpredictiveMedium
198ArgumentxxxxxxpredictiveLow
199Argumentxx_xxxxpredictiveLow
200ArgumentxxxxxxxpredictiveLow
201ArgumentxxpredictiveLow
202ArgumentxxxxxxxxpredictiveMedium
203ArgumentxxxxpredictiveLow
204ArgumentxxxxpredictiveLow
205ArgumentxxpredictiveLow
206ArgumentxxpredictiveLow
207Argumentxxxxx/xxxxpredictiveMedium
208Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
209ArgumentxxxxpredictiveLow
210ArgumentxxxxpredictiveLow
211Argumentxxxxxxxx[xx]predictiveMedium
212ArgumentxxxxxxxpredictiveLow
213ArgumentxxxxpredictiveLow
214Argumentxxxx_xxxxpredictiveMedium
215Argumentxxxxx_xxxxpredictiveMedium
216Argumentxxx_xxxxxxx_xxxpredictiveHigh
217Argumentxxxx/xxxxxxxxx/xxxxxx/xxxxxpredictiveHigh
218Argumentxxx_xxxxpredictiveMedium
219Argumentxx_xxxxxxxxpredictiveMedium
220Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
221Argumentxxx_xxxxpredictiveMedium
222Argumentxxxx/xxxxxxxxxxpredictiveHigh
223ArgumentxxxxxpredictiveLow
224ArgumentxxxxpredictiveLow
225ArgumentxxxxxpredictiveLow
226ArgumentxxxxxxxxpredictiveMedium
227Argumentxxxx_xx_xx_xxxpredictiveHigh
228Argumentxxxxx_xxxx_xxxxpredictiveHigh
229ArgumentxxxxxpredictiveLow
230ArgumentxxxxxxxxpredictiveMedium
231Argumentxxxxxxx_xxpredictiveMedium
232ArgumentxxxxxxxxxxxpredictiveMedium
233Argumentxxxxxxx/xxxxxpredictiveHigh
234Argumentxxxxxx xxxxxxxxxxxpredictiveHigh
235ArgumentxxxxxxxxpredictiveMedium
236ArgumentxxxxxxxxpredictiveMedium
237ArgumentxxxpredictiveLow
238ArgumentxxxxxxpredictiveLow
239Argumentxxxxxx_xxxpredictiveMedium
240ArgumentxxxpredictiveLow
241Argumentxxxx_xxpredictiveLow
242ArgumentxxxxxpredictiveLow
243Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
244ArgumentxxxxxxxxxxpredictiveMedium
245Argumentx_xxxx_xxpredictiveMedium
246ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
247Argumentxxxx_xxpredictiveLow
248ArgumentxxxpredictiveLow
249ArgumentxxxxpredictiveLow
250ArgumentxxxxxxxxpredictiveMedium
251Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
252Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
253Argumentxxxx/xx/xxxx/xxxpredictiveHigh
254ArgumentxxpredictiveLow
255Argumentxxxx->xxxxxxxpredictiveHigh
256Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
257Input Value'xx''='predictiveLow
258Input Value-xpredictiveLow
259Input Value.%xx.../.%xx.../predictiveHigh
260Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
261Input Valuexxxxxxxxx$$predictiveMedium
262Input Valuexxxxxxx -xxxpredictiveMedium
263Input ValuexxxxxxxxxxpredictiveMedium
264Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
265Network PortxxxxpredictiveLow
266Network PortxxxxpredictiveLow
267Network Portxxxx xxxxpredictiveMedium
268Network Portxxx/xxxpredictiveLow
269Network Portxxx/xxxxpredictiveMedium
270Network Portxxx/xxxxpredictiveMedium

References (67)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!