zgRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (268)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en216
ru20
es16
de6
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us206
ru10
es4
pl4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

zgRAT10
RedLine Stealer5
Mirai5
Cobalt Strike5
Ave Maria4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined104
Programming Language Software16
Content Management System12
Web Browser10
Forum Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined64
Google10
SourceCodester8
Microsoft6
Cisco6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome4
e-Quick Cart4
Campcodes Coffee Shop POS System4
Apache HTTP Server4
phpShop4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SourceCodester Shopping Website insert-product.php unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001110.10CVE-2023-3503
2SourceCodester Shopping Website search-result.php sql injection6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000790.00CVE-2023-3502
3AppServ Open Project denial of service7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.095990.00CVE-2005-4296
4Citrix Metaframe login.asp cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.008670.00CVE-2003-1157
5Itech Multi Vendor Script product-list.php sql injection7.57.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.003910.05CVE-2017-20132
6Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.05CVE-2009-2447
7Cutephp CuteNews Protection Feature shows.inc.php denial of service7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.029460.00CVE-2005-3010
8eClime eCommerce JE manufacturers.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.06
9ESecurityServices GPS Userdata Form allows Persistent cross site scripting5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
10Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003810.06CVE-2007-3323
11Apple Safari BMP/GIF Image memory corruption7.36.4$100k and more$0-$5kProof-of-ConceptOfficial Fix0.007210.00CVE-2008-1573
12My SMTP Contact Plugin Contact Form cross-site request forgery3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001350.00CVE-2021-29400
13Microsoft Windows Kerberos CRC32 Checksum cryptographic issues6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2011-0043
14MediaWiki Login cross-site request forgery5.55.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004130.00CVE-2010-1150
15OpenSSL SSL3 cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.008850.06CVE-2011-4576
16Oracle Database desformat File rwservlet path traversal7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.932860.03CVE-2005-2371
17Google Chrome Mousemove Event resource management10.09.0$100k and more$0-$5kProof-of-ConceptOfficial Fix0.055150.00CVE-2011-3971
18WooCommerce Plugin path traversal7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.004940.04CVE-2017-17058
19Apple Safari credentials management7.37.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003040.00CVE-2010-1383
20NetBSD IPComp Payload Decompression memory corruption5.95.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.025050.00CVE-2011-1547

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.15.156.186zgRAT01/13/2024verifiedHigh
245.81.39.182zgRAT09/28/2023verifiedHigh
345.88.66.118zgRAT05/05/2023verifiedHigh
4XX.XXX.XX.XXXXxxxx01/11/2024verifiedHigh
5XX.XXX.XX.XXXXxxxx04/22/2024verifiedHigh
6XXX.XXX.X.XXXXxxxx01/08/2024verifiedHigh
7XXX.XXX.XX.XXXXxxxx11/12/2023verifiedHigh
8XXX.XX.XXX.XXxxxx-xxx.xx.xxx.xx.xxxxxxxx.xxx.xxXxxxx10/20/2023verifiedHigh
9XXX.XXX.XXX.XXXxxxx06/27/2023verifiedHigh
10XXX.XX.XX.XXXXxxxx01/26/2024verifiedHigh
11XXX.XXX.XX.XXXxxxx03/29/2024verifiedHigh
12XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx08/23/2023verifiedHigh
13XXX.XXX.XXX.XXXXxxxx08/23/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (239)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/about.phppredictiveMedium
3File/adminpredictiveLow
4File/admin/?page=user/manage_user&id=3predictiveHigh
5File/admin/admin.phppredictiveHigh
6File/Admin/createClass.phppredictiveHigh
7File/admin/edit_product.phppredictiveHigh
8File/admin/products/manage_product.phppredictiveHigh
9File/admin/products/view_product.phppredictiveHigh
10File/config/myfield/test.phppredictiveHigh
11File/eclime/manufacturers.phppredictiveHigh
12File/forum/away.phppredictiveHigh
13File/horde/util/go.phppredictiveHigh
14File/index.phppredictiveMedium
15File/index.php?app=main&func=passport&action=loginpredictiveHigh
16File/manage-apartment.phppredictiveHigh
17File/multi-vendor-shopping-script/product-list.phppredictiveHigh
18File/Noxen-master/users.phppredictiveHigh
19File/pages/animals.phppredictiveHigh
20File/reports/rwservletpredictiveHigh
21File/reviewer/system/system/admins/manage/users/user-update.phppredictiveHigh
22File/Service/ImageStationDataService.asmxpredictiveHigh
23File/wp-admin/options-general.phppredictiveHigh
24File/wp-content/plugins/woocommerce/templates/emails/plain/predictiveHigh
25Filead.cgipredictiveLow
26Fileadclick.phppredictiveMedium
27Fileadmin.color.phppredictiveHigh
28Fileadmin.cropcanvas.phppredictiveHigh
29Fileadmin.joomlaradiov5.phppredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx/xxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
32Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx/xxxxx-xxxxxxx-xx-xxxxxxxxxxxxxxxxxxxx-xxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxx_xxxxxx.xxxpredictiveHigh
37Filexxxxxxxxxxx.xxpredictiveHigh
38Filexx_xxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxpredictiveMedium
40Filexxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxxx.xxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxx_xxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxxxxxxxx/xxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
46Filexxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxx-xxx/xxxxxxx.xxpredictiveHigh
49Filexxxxxxx.xxx.xxxpredictiveHigh
50Filexxxxxxx/xxxxxx.xxxpredictiveHigh
51Filexxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxx/xxxx.xxxpredictiveHigh
54Filexxxxxx.xxxpredictiveMedium
55Filexxxxxx_xxxxx.xxxpredictiveHigh
56Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
57Filexxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictiveHigh
59Filexxxxxx.xxxpredictiveMedium
60Filexxxxxx.xxxpredictiveMedium
61Filexxxxxxxx.xxxpredictiveMedium
62Filexxxxxxx/xxx/x_xxxxx.xpredictiveHigh
63Filexxxxxxx.xxpredictiveMedium
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxxxx.xxx_predictiveMedium
67Filexxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxx/xxxxx.xxx.xxxpredictiveHigh
70Filexxxxxxx.xxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxxx.xxxpredictiveMedium
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxxxx-xxxxxxx.xxxpredictiveHigh
75Filexxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
76Filexxxxxx/xxxxxx/xxx_x.xxxpredictiveHigh
77Filexxxxx/xxxxx.xxxpredictiveHigh
78Filexxxx_xxxx.xxxpredictiveHigh
79Filexxxx_xxxx.xxxpredictiveHigh
80Filexxxxx.xxxpredictiveMedium
81Filexxxxx.xxxpredictiveMedium
82Filexxxxxxxx.xxpredictiveMedium
83Filexxxxxx.xxxpredictiveMedium
84Filexxxxxxx.xxxpredictiveMedium
85Filexxx_xxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxx.xxxpredictiveMedium
87Filexxxx_xxxx.xxxpredictiveHigh
88Filexxx-xxxxxxxx.xxpredictiveHigh
89Filexxx_xxxx.xxxpredictiveMedium
90Filexxxxxxxx.xxxpredictiveMedium
91Filexxxxxxxxx.xxx.xxxpredictiveHigh
92Filexxx.xxxpredictiveLow
93Filexxxxx\xxxxxx_xxxx.xxxpredictiveHigh
94Filexxxxxxx.xxxpredictiveMedium
95Filexxxxx_xxxxxx.xxxpredictiveHigh
96Filexxxxxxxxxxxxxx.xxxpredictiveHigh
97Filexxxxxxxx.xxxpredictiveMedium
98Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
99Filexxxxxxxx.xxxpredictiveMedium
100Filexxxxxxxx.xxxpredictiveMedium
101Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
102Filexxxxxxxxxxxxx.xxxpredictiveHigh
103Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
104Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
105Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
106Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
107Filexxxxxx-xxxxxx.xxxpredictiveHigh
108Filexxxxxxx.xxxpredictiveMedium
109Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
110Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
111Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
112Filexxxxxxxxxxx.xxxpredictiveHigh
113Filexxxx_xxxxxxxx.xxxpredictiveHigh
114Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
115Filexxxx_xxx.xxxpredictiveMedium
116Filexxxxxx.xxxpredictiveMedium
117Filexxxxxx_xxxxxx.xxxpredictiveHigh
118Filexxxxx_xxxxx.xxxpredictiveHigh
119Filexxxxxxxx.xxxpredictiveMedium
120Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
121Filexxxx_xxx_xxxx.xxxpredictiveHigh
122Filexxxxxxx-xxxxxx.xxxpredictiveHigh
123Filexxxx.xxxpredictiveMedium
124Filexxxxxxxxxx.xxxpredictiveHigh
125Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
126Filexxxx_xxxx.xxxpredictiveHigh
127Filexxxx_xxxxxxx.xxxpredictiveHigh
128Filexxx-xxxxx.xxxpredictiveHigh
129Filexxxxxxxxx.xxxpredictiveHigh
130Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
131Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
132Libraryxxxxxxxx-x.x/xxxxxxxx.xxxpredictiveHigh
133LibraryxxxxxxxxxxpredictiveMedium
134Argument$xxxx["xx"]predictiveMedium
135Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
136ArgumentxxxxxxxxxxxpredictiveMedium
137ArgumentxxxxxxpredictiveLow
138Argumentxxxxxxxxx xxxxxxpredictiveHigh
139ArgumentxxxxxxxxxpredictiveMedium
140ArgumentxxxxxxxxpredictiveMedium
141Argumentxxxx_xxxpredictiveMedium
142ArgumentxxxxxxxpredictiveLow
143ArgumentxxxxxxpredictiveLow
144Argumentxxxxxx_xxxxxpredictiveMedium
145Argumentxxx_xxxpredictiveLow
146ArgumentxxxpredictiveLow
147Argumentxxxxxxxx/xxxxxxpredictiveHigh
148Argumentxxx_xxpredictiveLow
149ArgumentxxxpredictiveLow
150Argumentxxxxx_xxpredictiveMedium
151Argumentxxxx_xxpredictiveLow
152ArgumentxxxxxxxpredictiveLow
153ArgumentxxxxxxxxxxxxpredictiveMedium
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxxxxxxxpredictiveMedium
156Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
157Argumentxxxxxxx_xxpredictiveMedium
158Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
159ArgumentxxxxxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxpredictiveMedium
161ArgumentxxpredictiveLow
162ArgumentxxxxpredictiveLow
163ArgumentxxxxxxxpredictiveLow
164ArgumentxxxxxpredictiveLow
165ArgumentxxxxxxxxpredictiveMedium
166ArgumentxxxxxpredictiveLow
167ArgumentxxxxpredictiveLow
168ArgumentxxxxxxxpredictiveLow
169Argumentxxxxxx_xxxxx_xxxpredictiveHigh
170ArgumentxxxxxpredictiveLow
171ArgumentxxxxxxxxpredictiveMedium
172Argumentxxxx/xxxxpredictiveMedium
173Argumentxxxx_xxxx_xxxxxxxpredictiveHigh
174Argumentxxxx_xxxxxx_xxpredictiveHigh
175ArgumentxxpredictiveLow
176ArgumentxxpredictiveLow
177ArgumentxxpredictiveLow
178ArgumentxxxxxxxxxpredictiveMedium
179Argumentxxx_xxxpredictiveLow
180ArgumentxxxxpredictiveLow
181ArgumentxxxxxpredictiveLow
182Argumentxxxxxxxxxxxxx_xxpredictiveHigh
183ArgumentxxxxpredictiveLow
184Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
185Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
186Argumentxxxx/xxxxxxxpredictiveMedium
187Argumentxxxx_xxpredictiveLow
188Argumentxxxxx_xxxxxxxpredictiveHigh
189Argumentxxxxx_xxxpredictiveMedium
190ArgumentxxxxxxxxpredictiveMedium
191ArgumentxxxxxxxxxpredictiveMedium
192Argumentxxxxx_xxxx_xxxxpredictiveHigh
193Argumentxxxxx_xxxxxxx_xxxxpredictiveHigh
194Argumentxxxxxxx_xxxpredictiveMedium
195ArgumentxxxpredictiveLow
196ArgumentxxxxxpredictiveLow
197ArgumentxxpredictiveLow
198ArgumentxxxxpredictiveLow
199ArgumentxxxxxxpredictiveLow
200ArgumentxxxxxxxpredictiveLow
201ArgumentxxxpredictiveLow
202ArgumentxxxpredictiveLow
203ArgumentxxxxxxxpredictiveLow
204Argumentxxxx_xxxpredictiveMedium
205Argumentxxxxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
206Argumentxxxxxx_xxxxxxpredictiveHigh
207Argumentxxxxxx_xxxxxxxxpredictiveHigh
208Argumentxxx_xxxxxxpredictiveMedium
209Argumentxxxx_xxxxpredictiveMedium
210ArgumentxxxxxxxxxpredictiveMedium
211ArgumentxxxpredictiveLow
212ArgumentxxxxxxpredictiveLow
213ArgumentxxxxxxxxxpredictiveMedium
214ArgumentxxxxxxpredictiveLow
215ArgumentxxxxxxpredictiveLow
216ArgumentxxxxxxxxpredictiveMedium
217ArgumentxxxxxpredictiveLow
218Argumentxx_xxxxxxxxxxxpredictiveHigh
219ArgumentxxxxxxxxxxxpredictiveMedium
220Argumentxxxxx/xxxxpredictiveMedium
221ArgumentxxxpredictiveLow
222ArgumentxxxxxxxxpredictiveMedium
223Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
224Argumentxxxx_xxpredictiveLow
225ArgumentxxxxpredictiveLow
226ArgumentxxxxxpredictiveLow
227Argumentxxxxx_xxxpredictiveMedium
228Argumentxx-xxxxxx_xxxxpredictiveHigh
229Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
230Input Value%xx%xx%xxxxx%xxxxx%xx%xxxxxx.xxx%xx%xxxxxxxxx%xxxxxxxxxxxx%xxxxxxx('xxx')%xxpredictiveHigh
231Input Value'xx''='predictiveLow
232Input Value-xpredictiveLow
233Input Value<xxxxxxxx>\xpredictiveMedium
234Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
235Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictiveHigh
236Input Valuex==predictiveLow
237Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
238Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
239Network Portxxx xxxxxx xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Samples (4)

The following list contains associated samples:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!