CetaRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en878
zh48
de18
ar12
ru10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

nl962
us38

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer6
Domestic Kitten3
Dorkbot3
Emotet2
Charming Kitten2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined222
Operating System138
Content Management System42
Firewall Software38
Web Server30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined212
Microsoft144
Cisco38
Linux32
Apache30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows100
Linux Kernel32
Google Android20
WordPress16
Apache HTTP Server16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.97CVE-2020-12440
3Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
4Microsoft Windows WPAD access control8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
5Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.067840.00CVE-2021-34530
6Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.05CVE-2021-34487
7Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
8Cisco Secure Email and Web Manager Web-based Management Interface improper authentication9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003370.04CVE-2022-20798
9nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.05CVE-2016-1247
10Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
11Microsoft .NET Core/Visual Studio denial of service6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001920.09CVE-2021-26423
12Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k and more$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
13Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.004880.00CVE-2021-26425
14Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
15Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
16Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.04CVE-2021-34536
17Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.067840.03CVE-2021-34533
18Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011030.03CVE-2021-36926
19Microsoft ASP.NET Core/Visual Studio information disclosure4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-34532
20Microsoft Windows Services for NFS ONCRPC XDR Driver information disclosure6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011030.00CVE-2021-36933

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1109.236.85.152customer.worldstream.nlCetaRAT09/07/2021verifiedHigh
2XXX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh
3XXX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh
4XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh
5XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxx09/07/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (224)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.travis.ymlpredictiveMedium
2File/.envpredictiveLow
3File/admin.phppredictiveMedium
4File/admin/subnets/ripe-query.phppredictiveHigh
5File/apply.cgipredictiveMedium
6File/core/conditions/AbstractWrapper.javapredictiveHigh
7File/debug/pprofpredictiveMedium
8File/exportpredictiveLow
9File/file?action=download&filepredictiveHigh
10File/hardwarepredictiveMedium
11File/librarian/bookdetails.phppredictiveHigh
12File/medical/inventories.phppredictiveHigh
13File/monitoringpredictiveMedium
14File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
15File/plugin/LiveChat/getChat.json.phppredictiveHigh
16File/plugins/servlet/audit/resourcepredictiveHigh
17File/plugins/servlet/project-config/PROJECT/rolespredictiveHigh
18File/replicationpredictiveMedium
19File/RestAPIpredictiveMedium
20File/tmp/speedtest_urls.xmlpredictiveHigh
21File/tmp/zarafa-vacation-*predictiveHigh
22File/uncpath/predictiveMedium
23File/uploadpredictiveLow
24File/user/loader.php?api=1predictiveHigh
25File/var/log/nginxpredictiveHigh
26File/xxx/xxx/xxxxxxxx.xxxpredictiveHigh
27File/xxxxxx/xxxxxx.xxxxpredictiveHigh
28File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveHigh
29Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxx.xxxpredictiveMedium
34Filexxx/xxx/xxxx-xxxpredictiveHigh
35Filexxx/xx/xxxxxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveHigh
39Filexxxx-xxxx.xpredictiveMedium
40Filexxxx/xxxxxxx.xxxpredictiveHigh
41Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
42Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
43Filexxx-xxx/xx.xxxpredictiveHigh
44Filexxx/xxxxxxx.xxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxx_xxxxxx.xxxpredictiveHigh
48Filexxx.xxxpredictiveLow
49Filexxxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxpredictiveMedium
51Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
52Filex_xxxxxxpredictiveMedium
53Filexxxxxx.xxxpredictiveMedium
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxx/xxxxx/xxxxxx.xpredictiveHigh
56Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveHigh
57Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHigh
58Filexxxx_xxxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
61Filexxxxxxxx.xpredictiveMedium
62Filexx/xxxxxxxxx.xpredictiveHigh
63Filexx/xxxxx.xpredictiveMedium
64Filexx/xxxxx/xxxxxxx.xpredictiveHigh
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxpredictiveHigh
67Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
68Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxx-xxxxx.xpredictiveHigh
70Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
71Filexxxxx-xxxxxxxxxx.xpredictiveHigh
72Filexxxxxxx/xxxx.xxxpredictiveHigh
73Filexxxxx.xxxpredictiveMedium
74Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictiveHigh
75Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
76Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
77Filexxxx_xxxxxx.xxpredictiveHigh
78Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
79Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictiveHigh
80Filexxxxxxx/xx_xxx.xpredictiveHigh
81Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
82Filexxxx.xxxpredictiveMedium
83Filexxxxx.xxxpredictiveMedium
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxxxxx/xxx.xpredictiveHigh
86Filexxxx.xpredictiveLow
87Filexxxx.xxxpredictiveMedium
88Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
89Filexxxxxxxxxxxxxxxx.xpredictiveHigh
90Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
91Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
92Filexxxx.xxxpredictiveMedium
93Filexxx_xxxxxxx.xpredictiveHigh
94Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
95Filexxx_xx.xpredictiveMedium
96Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
97Filexxxxxxxxx.xxx.xxxpredictiveHigh
98Filexxxxxxx.xxxpredictiveMedium
99Filexxxxxxxx.xxxxpredictiveHigh
100Filexxxxxxxxxxxxx.xxxxpredictiveHigh
101Filexxxxxx.xpredictiveMedium
102Filexxxxx.xxxpredictiveMedium
103Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
104Filexxxxxxxx.xxxpredictiveMedium
105Filexxxxxxx.xpredictiveMedium
106Filexxxxxxx.xxxpredictiveMedium
107Filexxxxx.xxxpredictiveMedium
108Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
109Filexxxxxxx.xpredictiveMedium
110Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
111Filexxxx_xxx_xx.xpredictiveHigh
112Filexx_xxx.xpredictiveMedium
113Filexxx.xpredictiveLow
114Filexxxxxx.xpredictiveMedium
115Filexxxxx.xxxpredictiveMedium
116Filexxxx-xxxxxx.xpredictiveHigh
117Filexxxxxxx.xpredictiveMedium
118Filexxx/xxx_xxxxx.xpredictiveHigh
119Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
120Filexxxxxx.xxxpredictiveMedium
121Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveHigh
122Filexxxx.xxxxxxxxx.xxxpredictiveHigh
123Filexxxx_xxxx.xxxpredictiveHigh
124Filexxxxxx.xxxpredictiveMedium
125Filexxx.xxxpredictiveLow
126Filexxxxxx/xx/xxxx.xxxpredictiveHigh
127Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
128Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
129Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
130Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
131Filexx/xx/xxxxxpredictiveMedium
132Filexx_xxxxxxx.xpredictiveMedium
133File_xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
134File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveHigh
135Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
136Libraryxxxxxxxx.xxxpredictiveMedium
137Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
138Libraryxxxxxxxx.xxxpredictiveMedium
139Libraryxxxxxxxxx.xxxpredictiveHigh
140Libraryxxxxxxxx.xxxpredictiveMedium
141Libraryxxxxxx.xxx.xxx.xxxpredictiveHigh
142Libraryxxxxxxxx.xxxpredictiveMedium
143Libraryxxxxxxxx.xxxpredictiveMedium
144Argument-xpredictiveLow
145Argumentxxxxxx_xxxxpredictiveMedium
146ArgumentxxxpredictiveLow
147ArgumentxxxxxpredictiveLow
148Argumentxxx_xxpredictiveLow
149ArgumentxxxxxxxxxxxxxxxpredictiveHigh
150ArgumentxxxxxxpredictiveLow
151Argumentxxxxxxx xxxxpredictiveMedium
152ArgumentxxxxxxxxxxpredictiveMedium
153ArgumentxxxxxxxpredictiveLow
154Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHigh
155ArgumentxxxxpredictiveLow
156ArgumentxxxxxxxxxxxpredictiveMedium
157Argumentxxxxxx_xxxxpredictiveMedium
158ArgumentxxxxpredictiveLow
159ArgumentxxpredictiveLow
160ArgumentxxpredictiveLow
161ArgumentxxxxxxxxxxxxxxpredictiveHigh
162ArgumentxxxxxxxpredictiveLow
163Argumentxxxxx[xxxxx][xx]predictiveHigh
164Argumentxxxx_xxxxxx_xxxxpredictiveHigh
165Argumentxxxx x xxxxpredictiveMedium
166Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
167ArgumentxxxpredictiveLow
168Argumentxx_xxxxpredictiveLow
169ArgumentxxxxpredictiveLow
170ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
171ArgumentxxpredictiveLow
172Argumentxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
173ArgumentxxxxxpredictiveLow
174Argumentxxxxx/xxxxxxpredictiveMedium
175ArgumentxxxxpredictiveLow
176Argumentxxxx_xxxxpredictiveMedium
177ArgumentxxxxxxxxpredictiveMedium
178ArgumentxxxxxxxxpredictiveMedium
179ArgumentxxxxxxxxpredictiveMedium
180ArgumentxxxxxxxxxpredictiveMedium
181Argumentxxx_xxxpredictiveLow
182ArgumentxxxxxxpredictiveLow
183ArgumentxxxxxxpredictiveLow
184Argumentxx_xxxxxxx_xxxxxxxpredictiveHigh
185ArgumentxxxxxxxxxxxxxpredictiveHigh
186ArgumentxxxxxpredictiveLow
187Argumentxxxxxxx_xxxpredictiveMedium
188ArgumentxxxxpredictiveLow
189ArgumentxxxxxxxpredictiveLow
190ArgumentxxxxxxpredictiveLow
191Argumentxxxxxxxx_xxxxxpredictiveHigh
192ArgumentxxxpredictiveLow
193ArgumentxxxxxxxxxxxxpredictiveMedium
194ArgumentxxxxxxpredictiveLow
195ArgumentxxxxxxxxxpredictiveMedium
196ArgumentxxxpredictiveLow
197ArgumentxxxxxxpredictiveLow
198ArgumentxxxpredictiveLow
199Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
200ArgumentxxxpredictiveLow
201ArgumentxxxxpredictiveLow
202ArgumentxxxxxxxxpredictiveMedium
203ArgumentxxxxxxxpredictiveLow
204Argumentxxxx->xxxxxxxpredictiveHigh
205Argumentx-xxxxxxxxx-xxxpredictiveHigh
206ArgumentxxxpredictiveLow
207Argument\xxxxxx\predictiveMedium
208Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
209Argument_xxx_xxxxxxxxxxx_predictiveHigh
210Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
211Input Value.%xx.../.%xx.../predictiveHigh
212Input Value//predictiveLow
213Input Valuexxx xxxxxxxxpredictiveMedium
214Input ValuexxxxxxxxpredictiveMedium
215Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHigh
216Input ValuexxxxxpredictiveLow
217Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveHigh
218Input Value\xpredictiveLow
219Input Value….//predictiveLow
220Pattern|xx|predictiveLow
221Network PortxxxxxpredictiveLow
222Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
223Network Portxxx/xx (xxxxxx)predictiveHigh
224Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!