Ekipa RAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (165)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en96
de26
ja16
es8
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us164
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ekipa RAT4
Cobalt Strike3
RedLine Stealer3
Rhadamanthys2
Ave Maria2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined78
Content Management System16
Photo Gallery Software8
Forum Software4
Network Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined46
HP6
Microsoft6
Mamboxchange6
Coinsoft Technologies4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Bludit6
HP Integrated Lights-Out4
SQuery4
Coinsoft Technologies phpCOIN4
Gallarific PHP Photo Gallery script2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Hassan Consulting Shopping Cart shop.cgi path traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.021490.06CVE-2000-0921
2Squitosoft Squito Gallery photolist.inc.php memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.04CVE-2005-2258
3PhotoPost PhotoPost vBGallery File Upload upload.php input validation6.35.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.005460.06CVE-2008-7088
4Midicart Software MidiCart PHP Shopping Cart search_list.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptUnavailable0.073380.03CVE-2005-1502
5HP Integrated Lights-Out information disclosure9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.022860.02CVE-2012-3271
6Dell EMC PowerScale OneFS master.passwd omission of security-relevant information4.14.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000440.03CVE-2022-22563
7Asternic Flash Operator Panel User Control Panel command injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002140.04CVE-2018-5694
8Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.06
9Cybernetikz Easy Social Icons Authentication admin.php cross-site request forgery6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005540.00CVE-2015-2084
10HD FLV PLayer Plugin functions.php hd_update_media sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.07CVE-2012-10011
11Franklin Fueling Systems Colibri Controller Module path traversal8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.744100.07CVE-2021-46417
12Fortinet FortiADC cross site scripting6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000700.04CVE-2022-38374
13FacileForms facileforms.frame.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018450.02CVE-2008-2990
14htmltonuke htmltonuke.php code injection7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.018490.04CVE-2006-0308
15SimpleBoard file_upload.php code injection8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.128910.00CVE-2006-3528
16Skrypty Ppa Gallery functions.inc.php memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.024290.02CVE-2005-2199
17Mamboxchange Extended Registration registration_detailed.inc.php file inclusion7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050540.04CVE-2006-5254
18EyouCMS Index.php wechat_return xml external entity reference5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2021-42194
19Sennheiser HeadSetup Certificates SennComCCKey.pem Key certificate validation5.75.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.003970.05CVE-2018-17612
20Pear Admin Think UploadService.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.005310.02CVE-2021-29377

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.208.136.130Ekipa RAT02/27/2024verifiedHigh
2146.70.87.148Ekipa RAT02/27/2024verifiedHigh
3XXX.XX.XX.XXXXxxxx Xxx02/27/2024verifiedHigh
4XXX.XX.XX.XXXXxxxx Xxx02/27/2024verifiedHigh
5XXX.XXX.XXX.XXXXxxxx Xxx02/27/2024verifiedHigh
6XXX.XXX.XXX.XXXXxxxx Xxx02/27/2024verifiedHigh
7XXX.XX.XX.XXXXxxxx Xxx02/27/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (159)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bl-plugins/backup/plugin.phppredictiveHigh
2File/cgi-bin/nightled.cgipredictiveHigh
3File/controller/Index.phppredictiveHigh
4File/etc/master.passwdpredictiveHigh
5File/etc/passwdpredictiveMedium
6File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
7File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
8File/secure/admin/RestoreDefaults.jspapredictiveHigh
9File/wmiwizard.jsppredictiveHigh
10Fileaccounts/inc/include.phppredictiveHigh
11Fileacrotxt.phppredictiveMedium
12Fileaddpost_newpoll.phppredictiveHigh
13Fileadmin.phppredictiveMedium
14Fileadmin.php/index/upload because app/common/service/UploadService.phppredictiveHigh
15Fileadmin/handlers.phppredictiveHigh
16FileadminBoards.phppredictiveHigh
17FileadminSmileys.phppredictiveHigh
18Fileakocomments.phppredictiveHigh
19Fileampie.swfpredictiveMedium
20Filexxxxxxxxxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxxxxx.xxxpredictiveHigh
22Filexxxxxxxxx/xxxxx.xxxpredictiveHigh
23Filexx-xxxxxx/xxxx/xxxxxx-xxxx.xxxpredictiveHigh
24Filexx-xxxxxx/xxxxx/xxxxxxxxxxx/xxxx-xxxxxxxx.xxxpredictiveHigh
25Filexx-xxxxxx/xxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
26Filexx-xxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
27Filexx_xxxxxxxxx_xxxx.xxxpredictiveHigh
28Filexx_xxxxxxxxxx_xxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexx_xxxx.xxxpredictiveMedium
31Filexxxx_xxxxxxx.xxxpredictiveHigh
32Filexxx-xxx/xxxxxxx.xxpredictiveHigh
33Filexxx-xxx/xxxxxxxx.xxxpredictiveHigh
34Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
35Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxxxx\xxxxx.xxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxx_xxx.xxxpredictiveHigh
45Filexxxxxxxx.xxpredictiveMedium
46Filexxxxxxxx.xxx.xxxpredictiveHigh
47Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
48Filexxxxx_xxxxxx.xpredictiveHigh
49Filexxxx_xxxxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxx.xxxpredictiveHigh
53Filexxxxx_xxxxxx.xxxpredictiveHigh
54Filexxxxxxxxx.xxxpredictiveHigh
55Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
56Filexxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexxxx.xxx.xxxpredictiveMedium
59Filexxxxxxx.xxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxxxx/xxxxx.xxpredictiveHigh
61Filexxxx_xxxx.xxxpredictiveHigh
62Filexxx_xxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxx_xxxx.xxxpredictiveMedium
65Filexxxx.xxxpredictiveMedium
66Filexxxxxxxxxxxxx.xxxxpredictiveHigh
67Filexxxxxxxxx.xxxpredictiveHigh
68Filexxx_xxxxx.xxxpredictiveHigh
69Filexxxxx.xxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxxxx.xxx.xxxpredictiveHigh
71Filexxxxxxxx.xxxpredictiveMedium
72Filexxxxxxxxxxxxxxxxxxxxxxxxxxx!xxxxxxx.xxxxpredictiveHigh
73Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
74Filexxxxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
75Filexxxxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
76Filexxxxxx_xxxx.xxxpredictiveHigh
77Filexxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxx$xx.xxxpredictiveMedium
79Filexxxx.xxxpredictiveMedium
80Filexxxx.xxxpredictiveMedium
81Filexxxxxxx.xxxpredictiveMedium
82Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxxxxx.xxxxx.xxxpredictiveHigh
85Filexxxxx_xxxxx.xxxpredictiveHigh
86Filexxx-xxxxxxxxx.xxxpredictiveHigh
87Filexxxxxx.xxxpredictiveMedium
88Filexxxxxxxxx.xxxpredictiveHigh
89Filexx-xxxxx/xxxxx.xxxpredictiveHigh
90Filexxxxxx.xxxpredictiveMedium
91File_xxxxxxxxx.xxxpredictiveHigh
92File~/xxx/xxxxx.xxxpredictiveHigh
93Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
94Libraryxxxxxx.xxxxxxx('xxxxx_xxxx:/xxx/xxxxxx')predictiveHigh
95ArgumentxxxxxxpredictiveLow
96Argumentxxxx_xxxxpredictiveMedium
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxxpredictiveLow
99ArgumentxxxxxxpredictiveLow
100Argumentxxxx_xxx_xxxxpredictiveHigh
101ArgumentxxxpredictiveLow
102ArgumentxxxpredictiveLow
103ArgumentxxxxxxxxxxpredictiveMedium
104ArgumentxxxxxxxxxxpredictiveMedium
105Argumentxxxx_xxpredictiveLow
106ArgumentxxxxxxxpredictiveLow
107ArgumentxxxxxxpredictiveLow
108Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
109Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
110Argumentxxx_x_xxxpredictiveMedium
111Argumentxxxx_xxxxpredictiveMedium
112ArgumentxxxpredictiveLow
113Argumentxxx[xxx]predictiveMedium
114Argumentxx_xxxxxxxpredictiveMedium
115ArgumentxxxxxxxpredictiveLow
116ArgumentxxxxxxxpredictiveLow
117Argumentxxxxxxx_xxxxxxxpredictiveHigh
118Argumentxxxx_xxpredictiveLow
119Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveHigh
120ArgumentxxpredictiveLow
121Argumentxxxxx_xxxxpredictiveMedium
122ArgumentxxxxpredictiveLow
123ArgumentxxxxxxpredictiveLow
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxxxxpredictiveLow
126Argumentxxx_xxxx_xxxxpredictiveHigh
127Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
128Argumentxxxxxxx_xxxxpredictiveMedium
129ArgumentxxxxpredictiveLow
130Argumentxxxx_xxxxpredictiveMedium
131Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveHigh
132Argumentxxxxxx xxxxxxpredictiveHigh
133ArgumentxxxxpredictiveLow
134ArgumentxxxxxxxxxpredictiveMedium
135Argumentxxxx_xxxx/xxxxx_xxxxpredictiveHigh
136Argumentxxxxxxxxxx[x]predictiveHigh
137ArgumentxxxxxxpredictiveLow
138ArgumentxxxxxpredictiveLow
139ArgumentxxxxxxxxxxxpredictiveMedium
140ArgumentxxxpredictiveLow
141ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
142ArgumentxxxxxxxxxxxxpredictiveMedium
143Argumentxxxx$xx.xxxpredictiveMedium
144ArgumentxxxxpredictiveLow
145Argumentxxxx_xxxxx_xxpredictiveHigh
146Argumentxxxx_xxxxpredictiveMedium
147Argumentxxxxx_xxxxpredictiveMedium
148ArgumentxxxxxxpredictiveLow
149ArgumentxxxxxxpredictiveLow
150ArgumentxxxxxxxxxxpredictiveMedium
151ArgumentxxxxxxxxpredictiveMedium
152ArgumentxxxxpredictiveLow
153Argumentxxxxxxxxxxxxx.xxxxxxxxxxpredictiveHigh
154ArgumentxxxxxxxxpredictiveMedium
155Argumentxxxx_xxpredictiveLow
156Argumentx-xxxxxxxxx-xxxpredictiveHigh
157Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
158Argument_xxxx[_xxx_xxxx_xxxx]predictiveHigh
159Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!