RapperBot Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (113)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en80
de32
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us62
de32
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mirai4
RedLine Stealer4
Nanocore RAT4
Cobalt Strike4
Bashlite3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined52
Content Management System10
Web Server2
Hosting Control Software2
Multimedia Player Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Huawei4
PineApp4
Philips2
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
Philips Engage Software2
IBOS2
IdeaBox2
Microsoft IIS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1e107 CMS secure_img_render.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.023370.04CVE-2004-2041
2ampleShop category.cfm sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.02CVE-2006-2038
3Veritas Backup Exec Ressource memory allocation6.25.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.025800.00CVE-2006-1297
4Mozilla Firefox smb/sftp Protocol access control7.56.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.019120.00CVE-2007-5338
5PHPOutsourcing IdeaBox include.php code injection7.36.4$0-$5k$0-$5kUnprovenUnavailable0.174100.04CVE-2008-5199
6Mambo mod_mainmenu.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.04
7Alt-N MDaemon Attachment Virus path traversal5.44.7$5k-$25k$0-$5kUnprovenOfficial Fix0.000000.00
8myPHPCalendar admin.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.025760.04CVE-2006-6812
9dotProject vw_files.php file inclusion7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03
10Zentrack index.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
11Mozilla Firefox Javascript focus resource management5.95.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.960460.04CVE-2006-1993
12phpforum mainfile.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005130.03CVE-2003-0559
13Ibrow News Desk newsdesk.cgi path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.165160.04CVE-2001-0231
14CCBill whereami.cgi privileges management6.35.8$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
15Apple QuickTime FPX File memory corruption8.68.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.130690.04CVE-2013-0988
16Apple QuickTime MVHD Atom memory corruption8.68.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.062600.00CVE-2013-1022
17Zentrack index.php path traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.08
18WEBInsta Mailing Manager initdb.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptUnavailable0.011940.02CVE-2005-0748
19SourceCodester Food Ordering System PHP File ajax.php unrestricted upload7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.003070.00CVE-2023-24646
20Linux Kernel capsule-loader.c use after free4.64.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2022-40307

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.58.149.116RapperBot10/10/2022verifiedHigh
231.44.185.235RapperBot10/10/2022verifiedHigh
3XXX.XXX.XXX.XXXXxxxxxxxx02/03/2023verifiedHigh
4XXX.XXX.XX.XXXXxxxxxxxx11/21/2022verifiedHigh
5XXX.XXX.XX.XXXXxxxxxxxx10/10/2022verifiedHigh
6XXX.XX.XX.XXXXxxxxxxxx10/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?r=email/api/mark&op=delFromSendpredictiveHigh
2File/fos/admin/ajax.phppredictiveHigh
3File/include/chart_generator.phppredictiveHigh
4File/index.phppredictiveMedium
5File/modules/projects/vw_files.phppredictiveHigh
6Fileadmin.phppredictiveMedium
7Fileaffich.phppredictiveMedium
8Filealbum_portal.phppredictiveHigh
9Filecategory.cfmpredictiveMedium
10Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
11Filexxx.xxxpredictiveLow
12Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictiveHigh
13Filexxxxx_xxxxxxxx.xxxxpredictiveHigh
14Filexxxxxx.xpredictiveMedium
15Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
16Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
17Filexxxxx_xxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxx.xxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
25Filexxx_xxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxxxx_xxxx.xxxpredictiveHigh
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxxxx-xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
32Filexxxxx_xxxxx.xxxpredictiveHigh
33Filexxxx_xxx.xxxpredictiveMedium
34Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
37Libraryxxx/xxxxxxxxxxx.xxxpredictiveHigh
38Libraryxx/xxx.xxx.xxxpredictiveHigh
39Libraryxxx/xxx/xxxx/xxx/xxxx.xxxpredictiveHigh
40Argumentxxxxxxxx_xxxxpredictiveHigh
41ArgumentxxxxpredictiveLow
42Argumentxxx_xxxpredictiveLow
43ArgumentxxxpredictiveLow
44ArgumentxxxxxxxxxxpredictiveMedium
45Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
46ArgumentxxxxxxxxxxxxxpredictiveHigh
47Argumentxxx_x_xxxpredictiveMedium
48Argumentxxxx_xxxxpredictiveMedium
49Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxxx/xxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
54ArgumentxxxxxpredictiveLow
55Argumentxxxx_xxxxpredictiveMedium
56Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxpredictiveLow
59Argumentxxxxx_xxxx_xxxxpredictiveHigh
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxx_xxxxpredictiveLow
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxxpredictiveLow
64ArgumentxxxpredictiveLow
65Argumentxxxxxx_xxxpredictiveMedium
66Argumentxxxxxxx_xxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68Argumentxxxxxxxx/xxxxx xxxxxxx/xxxxxxxxpredictiveHigh
69ArgumentxxpredictiveLow
70Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!