RogueRaticate Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en582
zh154
de140
es22
sv20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us708
de132
es12
sv10
it8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

ElectrumDosMiner1
SocGholish1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined68
Content Management System20
WordPress Plugin14
Programming Language Software10
Forum Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined58
Google6
SmartISoft2
Joomla2
Cisco2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
Google Android4
Pligg4
SmartISoft phpBazar2
Vertical Scroll Recent Post Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.72CVE-2007-0354
3Microsoft Exchange Server ChainedSerializationBinder deserialization7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000000.03
4Squid Web Proxy Gopher Gateway null pointer dereference6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.003740.02CVE-2023-46728
5Fortinet FortiOS prof-admin Profile improper authorization7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.03CVE-2023-41841
6Oracle Java SE Windows DLL access control8.38.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.002570.02CVE-2018-2942
7WordPress wp-trackback.php sql injection7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.046510.07CVE-2007-0233
8OpenSSL DH Key dh_check.c DH_check denial of service5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001300.02CVE-2023-3817
9WordPress wp-trackback.php mb_convert_encoding cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.033580.00CVE-2009-3622
10Microsoft Office/Office LTSC/OneNote unknown vulnerability4.54.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2023-36769
11DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.34CVE-2010-0966
12Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889
13JD-WordPress wp-trackback.php privileges management5.35.0$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000000.02
14Matt Wright Matt Wright Guestbook guestbook.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.009910.05CVE-2006-1697
15Icewarp Webclient HTTP POST Request Persistent cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000660.02CVE-2010-5338
16Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.19CVE-2005-4222
17esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2010-4996
18SignKorn Guestbook admin.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
19PC Keyboard Server missing authentication9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.003610.00CVE-2022-45479
20Flat PHP Board path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.01

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1178.159.37.25free.uaunit.comRogueRaticate10/29/2023verifiedHigh
2XXX.XXX.XX.XXxxxx.xxxxxx.xxxXxxxxxxxxxxxx10/29/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80, CWE-84Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit_member.phppredictiveHigh
2File/backend/register.phppredictiveHigh
3File/cgi-binpredictiveMedium
4File/cgi-bin/ExportAllSettings.shpredictiveHigh
5File/forum/away.phppredictiveHigh
6File/include/comm_post.inc.phppredictiveHigh
7File/magnoliaPublic/travel/members/login.htmlpredictiveHigh
8File/register.dopredictiveMedium
9File/secure/EditSubscription.jspapredictiveHigh
10File/spip.phppredictiveMedium
11Fileaddentry.phppredictiveMedium
12Fileadmin.phppredictiveMedium
13Fileadmin/admin.guestbook.phppredictiveHigh
14Fileadmin/admin.phppredictiveHigh
15Fileadmin/conf_users_edit.phppredictiveHigh
16Fileadmin/index.phppredictiveHigh
17FileAppCompatCache.exepredictiveHigh
18Filexxxxxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxpredictiveMedium
20Filexxx/xxx.xxxpredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xpredictiveMedium
23Filexx-xxxxxxxxx.xxxpredictiveHigh
24Filexxxx_xx.xxpredictiveMedium
25Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
26Filexxxxx-xxxxxx-xxxxx-xx.xxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx/xx/xx_xxxxx.xpredictiveHigh
30Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxxx.xxpredictiveMedium
38Filexxx/xxxxxx.xxxpredictiveHigh
39Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxx_xx.xxxpredictiveMedium
43Filexxxx.xxxpredictiveMedium
44Filexxxxxx_xxxxxxxxx.xxpredictiveHigh
45Filexxx_xxx_xxxx.xxxpredictiveHigh
46Filexx/xxxxxx.xpredictiveMedium
47Filexxxxxxx/xxx/xxx_xxxxxxx.xpredictiveHigh
48Filexxx_xxxxx.xxxpredictiveHigh
49Filexxxxxxxxx.xxxpredictiveHigh
50Filexxx_xxxx.xxxpredictiveMedium
51Filexxxxxxx.xxxpredictiveMedium
52Filexxx_xxxx_xx_xxxxxx.xxxpredictiveHigh
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxxx.xxxpredictiveHigh
56Filexxx_xxxxxxxx.xxxpredictiveHigh
57Filexxx_xxx_xxxx_xxx.xxxpredictiveHigh
58Filexxxx.xxxpredictiveMedium
59Filexxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
62Filexxxxxxxx-xxxxxx_xxxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxx/xxxxxx.xxxpredictiveHigh
67Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
68Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
69Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
70Filexxxxxxxx.xxxxx.xxxpredictiveHigh
71Filexxxx-xxxxx.xxxpredictiveHigh
72Filexxxx-xxxxx.xxxpredictiveHigh
73Filexxxx-xxxxxxxx.xxxpredictiveHigh
74Filexxxxxxxxx.xxxpredictiveHigh
75Filexxxxxxx/xxxxx/predictiveHigh
76Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
77Filexx-xxxxx-xxxxx-xxxxxxxxxxxxx.xxxpredictiveHigh
78Filexx-xxxxxxxxx.xxxpredictiveHigh
79Filexxxx.xxpredictiveLow
80Libraryxxxx/xxx/xxxxxx.xxxpredictiveHigh
81Libraryxxxxxxxxxx.xxxpredictiveHigh
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxpredictiveLow
84ArgumentxxxxxxpredictiveLow
85ArgumentxxxpredictiveLow
86ArgumentxxxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxxxx[xxxx]predictiveMedium
89Argumentxxxxxxxxx[x]predictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92Argumentxxx/xxxxxxxpredictiveMedium
93Argumentxxx_xxxxpredictiveMedium
94ArgumentxxxxxxxpredictiveLow
95ArgumentxxxxxpredictiveLow
96Argumentxx_xxxxx_xxpredictiveMedium
97Argumentxxxxx_xxxpredictiveMedium
98Argumentxxxxx_xx/xxxx_xxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxpredictiveHigh
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxxpredictiveLow
101Argumentxx_xxpredictiveLow
102ArgumentxxxxpredictiveLow
103Argumentxxxxx_xxpredictiveMedium
104Argumentxxxxxxxxx/xxxxxxpredictiveHigh
105ArgumentxxxxxxxpredictiveLow
106Argumentxxxxxxx[xxxxx_xxxx]predictiveHigh
107ArgumentxxpredictiveLow
108Argumentxxx_xxxxxxxxpredictiveMedium
109ArgumentxxxxxxxpredictiveLow
110Argumentxxxxxxxx_xxxpredictiveMedium
111Argumentxxx_xxxx_xxxxxxxpredictiveHigh
112ArgumentxxxxpredictiveLow
113ArgumentxxxxxxxxxxpredictiveMedium
114Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxxxpredictiveLow
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119ArgumentxxxxpredictiveLow
120Argumentxxxxxxx_xxxxx_xxxxpredictiveHigh
121ArgumentxxxxxxpredictiveLow
122ArgumentxxxxxpredictiveLow
123ArgumentxxxpredictiveLow
124ArgumentxxxxxpredictiveLow
125ArgumentxxxxxxpredictiveLow
126ArgumentxxxpredictiveLow
127Argumentxx_xxpredictiveLow
128ArgumentxxxpredictiveLow
129ArgumentxxxxxpredictiveLow
130ArgumentxxxxxxxxxpredictiveMedium
131ArgumentxxxpredictiveLow
132ArgumentxxxxpredictiveLow
133ArgumentxxxxxxxxpredictiveMedium
134Argumentx-xxxxxxxxx-xxxpredictiveHigh
135Argument_xxx[xxxxxxx][xxxxxx]predictiveHigh
136Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!