JanelaRAT Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
IOC - Indicator of Compromise (12)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | IP address | Hostname | Actor | Campaigns | Identified | Type | Confidence |
---|---|---|---|---|---|---|---|
1 | 45.42.160.15 | JanelaRAT | 08/28/2023 | verified | High | ||
2 | 45.42.160.55 | JanelaRAT | 08/11/2023 | verified | High | ||
3 | 45.133.18.35 | mail.brandwholesale1.com | JanelaRAT | 08/16/2023 | verified | High | |
4 | XXX.XXX.XX.XX | xxxxxxxx.xxx | Xxxxxxxxx | 08/14/2023 | verified | High | |
5 | XXX.XXX.XX.XX | xx.xxxx.xxxxxxx.xx.xxxxxxx.xxx | Xxxxxxxxx | 08/11/2023 | verified | High | |
6 | XXX.XXX.XX.XX | xx.xxxx.xxxxxxx.xx.xxxxxxx.xxx | Xxxxxxxxx | 08/16/2023 | verified | High | |
7 | XXX.XXX.XXX.XX | Xxxxxxxxx | 11/01/2023 | verified | High | ||
8 | XXX.XX.XXX.XXX | Xxxxxxxxx | 08/14/2023 | verified | High | ||
9 | XXX.XX.XX.XX | xxx.xx.xx.xx.xxxxxxx.xxx.xx | Xxxxxxxxx | 08/14/2023 | verified | High | |
10 | XXX.XX.XX.XX | xxxxx-xxxxxxxxxxxxxxx.xxx | Xxxxxxxxx | 08/14/2023 | verified | High | |
11 | XXX.XX.XXX.XXX | xxx-xx-xxx-xxx.xxxxxxxx.xxx.xx | Xxxxxxxxx | 08/14/2023 | verified | High | |
12 | XXX.XX.XXX.XXX | xxx-xxxxxxxx.xxx.xxx.xx | Xxxxxxxxx | 08/14/2023 | verified | High |
TTP - Tactics, Techniques, Procedures (18)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (297)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /admin/general.cgi | predictive | High |
2 | File | /Admin/login.php | predictive | High |
3 | File | /admin/reminders/manage_reminder.php | predictive | High |
4 | File | /CCMAdmin/serverlist.asp | predictive | High |
5 | File | /cgi/get_param.cgi | predictive | High |
6 | File | /csms/admin/inquiries/view_details.php | predictive | High |
7 | File | /cstecgi.cgi | predictive | Medium |
8 | File | /files.md5 | predictive | Medium |
9 | File | /forum/away.php | predictive | High |
10 | File | /hrm/employeeview.php | predictive | High |
11 | File | /include/chart_generator.php | predictive | High |
12 | File | /index.php?menu=asterisk_cli | predictive | High |
13 | File | /librarian/bookdetails.php | predictive | High |
14 | File | /login | predictive | Low |
15 | File | /messageboard/view.php | predictive | High |
16 | File | /oauth/idp/.well-known/openid-configuration | predictive | High |
17 | File | /one_church/userregister.php | predictive | High |
18 | File | /out.php | predictive | Medium |
19 | File | /owa/auth/logon.aspx | predictive | High |
20 | File | /public/plugins/ | predictive | High |
21 | File | /SAP_Information_System/controllers/add_admin.php | predictive | High |
22 | File | /SASWebReportStudio/logonAndRender.do | predictive | High |
23 | File | /secure/admin/InsightDefaultCustomFieldConfig.jspa | predictive | High |
24 | File | /secure/admin/ViewInstrumentation.jspa | predictive | High |
25 | File | /SVFE2/pages/feegroups/country_group.jsf | predictive | High |
26 | File | /SystemMng.ashx | predictive | High |
27 | File | /textpattern/index.php | predictive | High |
28 | File | /upfile.cgi | predictive | Medium |
29 | File | /v2/quantum/save-data-upload-big-file | predictive | High |
30 | File | /wordpress/wp-admin/admin.php | predictive | High |
31 | File | 4.edu.php | predictive | Medium |
32 | File | AccountManagerService.java | predictive | High |
33 | File | account_footer.php | predictive | High |
34 | File | adclick.php | predictive | Medium |
35 | File | addlink.php | predictive | Medium |
36 | File | xxx_xxxx_xxx.xxx | predictive | High |
37 | File | xxx_xxxx_xxxx.xxx | predictive | High |
38 | File | xxxxx.xxxxxxxxxx.xxx | predictive | High |
39 | File | xxxxx.xxxxxxxxx.xxx | predictive | High |
40 | File | xxxxx/xxxxxxxxxxx.xxx | predictive | High |
41 | File | xxxxx/xxxx_xxxxxxxx.xxx | predictive | High |
42 | File | xxxxx/xxxxx.xxx | predictive | High |
43 | File | xxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
44 | File | xxxxxxxxxxxxxxxx.xxx | predictive | High |
45 | File | xxxxxxxxxxx.xxx | predictive | High |
46 | File | xxxxxxxxxxx.xxx | predictive | High |
47 | File | xxxx_xxxx_xxxxxxxx.xxx | predictive | High |
48 | File | xx_xxxxxxxxxx.xxx | predictive | High |
49 | File | xxx/xxxxxx/xxxx_xxxxxx.xxx | predictive | High |
50 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
51 | File | xxxxxxxx.xxxxxxx.xxx | predictive | High |
52 | File | xx_xxxxx_xxxxx.xxx | predictive | High |
53 | File | xx_xxxx.xxx | predictive | Medium |
54 | File | xxx_xxxxxxxxx.xxx | predictive | High |
55 | File | x:\xxxx | predictive | Low |
56 | File | xxxxxx/xxxxx/xxxxx.xxx | predictive | High |
57 | File | xxxx_xxxxxxx.xxx | predictive | High |
58 | File | xxxxxxxx.xxx | predictive | Medium |
59 | File | xxxxxxxx.xxx | predictive | Medium |
60 | File | xxx-xxx/xxxxxxxxxxxx.xxx | predictive | High |
61 | File | xxx-xxx/xxx/xxxxxxxx_xxx.xxx | predictive | High |
62 | File | xxxxxxxxxxx.xxx | predictive | High |
63 | File | xxxxx.xxxxx.xxx | predictive | High |
64 | File | xxxxx/xxxxx_xxxxxx.xxx | predictive | High |
65 | File | xxxxxxxxxx_xxxxx.xxx | predictive | High |
66 | File | xxxxx_xx_xxxxxxxxx.xxx | predictive | High |
67 | File | xxxxx_xxxx.xxx | predictive | High |
68 | File | xxxxx.xxx | predictive | Medium |
69 | File | xxx.xxx?xxx=xxxxx_xxxx | predictive | High |
70 | File | xxxx/xxxxxxxx.xx | predictive | High |
71 | File | xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx | predictive | High |
72 | File | xxxxxxx.xxx | predictive | Medium |
73 | File | xxxxxxxxxx.xxx | predictive | High |
74 | File | xxxxxxxxxxxxxxxxxxx.xx | predictive | High |
75 | File | xxxxxxxxx.xxx | predictive | High |
76 | File | xxxxxxx.xxx | predictive | Medium |
77 | File | xxxxxx.xxx | predictive | Medium |
78 | File | xxxxxx.xxx | predictive | Medium |
79 | File | xxxxxxxx.xxx | predictive | Medium |
80 | File | xxxxxxxxxx-xxxxxxxxxxxxx.xxx | predictive | High |
81 | File | xxxxxxx/xxxxx/xxxxx.x | predictive | High |
82 | File | xxxxx.xxx | predictive | Medium |
83 | File | xxxxx.xxx | predictive | Medium |
84 | File | xxxx.xxx | predictive | Medium |
85 | File | xxxxxxxx.xxx | predictive | Medium |
86 | File | xxxxxxxx.xxx | predictive | Medium |
87 | File | xxxxxxxxx.xxx | predictive | High |
88 | File | xxxxxx.xxxx | predictive | Medium |
89 | File | xxxx.xxx | predictive | Medium |
90 | File | xxxx.xxx | predictive | Medium |
91 | File | xxxxxxxxx.xxx | predictive | High |
92 | File | xxxxxxxxx.xx | predictive | Medium |
93 | File | xxxxxxxxxx.xxx | predictive | High |
94 | File | xxxxx_xxxxxx.xxx | predictive | High |
95 | File | xxxxxxxxx.xxx | predictive | High |
96 | File | xxx/xxxxxxxx.xxx | predictive | High |
97 | File | xxx/xxxxxx.xxx | predictive | High |
98 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | High |
99 | File | xxx/xxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
100 | File | xxxxxxx.xxx | predictive | Medium |
101 | File | xxxxxxx/xxxx.xxx | predictive | High |
102 | File | xxxxxxxx/xxxx.xxx | predictive | High |
103 | File | xxxxx.xxx | predictive | Medium |
104 | File | xxxx.xxxx | predictive | Medium |
105 | File | xxxxxxxxxxxxx.xxx | predictive | High |
106 | File | xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx | predictive | High |
107 | File | xxxx_xxxx.xxx | predictive | High |
108 | File | xxx_xxxxxxxxx.xxx | predictive | High |
109 | File | xxx.xxxx | predictive | Medium |
110 | File | xxxxxx/xxxxxx/xxxxxx-xx.x | predictive | High |
111 | File | xxxxxx.xxx | predictive | Medium |
112 | File | xxxxx.xxxx | predictive | Medium |
113 | File | xxxxx.xxx | predictive | Medium |
114 | File | xxxxx.xxxx | predictive | Medium |
115 | File | xxxxx_xxxxxxx.xxx | predictive | High |
116 | File | xxx_xxxxxxxx.xxx | predictive | High |
117 | File | xxx/xxxx_xxx.xxx | predictive | High |
118 | File | xxxxxxx.xxx | predictive | Medium |
119 | File | xxxxxxx/xxx.xxx | predictive | High |
120 | File | xxx/xxxxxxxxx/xx_xxx_xxxxxx.x | predictive | High |
121 | File | xxx.xxx | predictive | Low |
122 | File | xxxxxx_xx.xxx | predictive | High |
123 | File | xxx/xxxxx.xxxx | predictive | High |
124 | File | x-xxxx.xxx | predictive | Medium |
125 | File | xxxx.xxxxxxxxx.xxx | predictive | High |
126 | File | xxxxxxxxx.xxx.xxx | predictive | High |
127 | File | xxxxxx.xxx | predictive | Medium |
128 | File | xxxx.xxx | predictive | Medium |
129 | File | xxxx.xxx | predictive | Medium |
130 | File | xxxxxxxxx/xxxxxxxxxxxxxx.xxxx | predictive | High |
131 | File | xxx.xxxxx.xxx | predictive | High |
132 | File | xxxxx.xxx | predictive | Medium |
133 | File | xxxxx.xxx | predictive | Medium |
134 | File | xxxxxxxx.xxx | predictive | Medium |
135 | File | xxxxxxxxxx.xxx | predictive | High |
136 | File | xxxxxxxx.xxx | predictive | Medium |
137 | File | xxxxxxxx.xxx | predictive | Medium |
138 | File | xxxxxxxx_xxxx.xxx | predictive | High |
139 | File | xxxxxxxxxxxx_xxxxxxxx.xxx.xxx | predictive | High |
140 | File | xxxxxx.xxx | predictive | Medium |
141 | File | xxxxxxxx.x | predictive | Medium |
142 | File | xx_xxxx.x | predictive | Medium |
143 | File | xxxx_xxxx_xxxxxx.xxx | predictive | High |
144 | File | xxxxxx.xxx | predictive | Medium |
145 | File | xxxxxx.xxx | predictive | Medium |
146 | File | xxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxx | predictive | High |
147 | File | xxxxxx.xxxx | predictive | Medium |
148 | File | xxxxxxxx-xxxxxx_xxxxx.xxx | predictive | High |
149 | File | xxxx.xxx | predictive | Medium |
150 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | High |
151 | File | xxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxx | predictive | High |
152 | File | xxxxxxxxxxx.xxx | predictive | High |
153 | File | xxx/xxx/xxxxxxx/xxxx.xxx | predictive | High |
154 | File | xxxxx_xxxxx.xxx | predictive | High |
155 | File | xxxx-xxxxx.xxx | predictive | High |
156 | File | xxxx-xxxxxxxx.xxx | predictive | High |
157 | File | xxxxx.xx | predictive | Medium |
158 | File | xxxxx.xxx | predictive | Medium |
159 | File | xxxxxx.xxx | predictive | Medium |
160 | File | xxxx.xxx | predictive | Medium |
161 | File | xxxxx-xxxxxxxx-xxxxx-xxxxxxxxxxx-xxx-xxxxx.xxx | predictive | High |
162 | File | xxxxx.xxxx | predictive | Medium |
163 | File | xxxx.xxx | predictive | Medium |
164 | File | xxxxxxxxx.xxxx | predictive | High |
165 | File | xxxxxxx/xxxxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
166 | File | xxxxxxx.xxx | predictive | Medium |
167 | File | xx-xxxxx/xxxxx.xxx | predictive | High |
168 | File | xx.xxx | predictive | Low |
169 | File | xxxxxxxxxxxx.xxx | predictive | High |
170 | File | ~/xxxxx-xxxxx.xxx | predictive | High |
171 | File | ~/xxxxxxxx-xxxxxxxx.xxx | predictive | High |
172 | Library | xxxxxx[xxxxxx_xxxx | predictive | High |
173 | Library | xxxxxx.xxxxxxxxx.xxxxxxx.xxxxx_xxxxx.xxx | predictive | High |
174 | Library | xxxx/xxxxxxx/xxxx/xxxxxxxxx/xxxxx.xxx | predictive | High |
175 | Library | ~/xxx/xxxxx-xxxxxxxx-xxxxxxxxxx.xxx | predictive | High |
176 | Argument | $_xxxxxx | predictive | Medium |
177 | Argument | xxx_xxxx | predictive | Medium |
178 | Argument | xx_xx | predictive | Low |
179 | Argument | xxxxxx | predictive | Low |
180 | Argument | xx | predictive | Low |
181 | Argument | xxx_xx | predictive | Low |
182 | Argument | xx | predictive | Low |
183 | Argument | xx | predictive | Low |
184 | Argument | xxxxxxxx | predictive | Medium |
185 | Argument | xxxxxxxx | predictive | Medium |
186 | Argument | xxxxx | predictive | Low |
187 | Argument | xxxx | predictive | Low |
188 | Argument | xxxx_xxx_xxxx | predictive | High |
189 | Argument | xxx | predictive | Low |
190 | Argument | xxxxxxxx | predictive | Medium |
191 | Argument | xxxxxxxxxx | predictive | Medium |
192 | Argument | xxxxxxxx_xxxx | predictive | High |
193 | Argument | xxx_xx | predictive | Low |
194 | Argument | xx_xxxxxx | predictive | Medium |
195 | Argument | xxxx | predictive | Low |
196 | Argument | xxxx_xx | predictive | Low |
197 | Argument | xxxxxxx | predictive | Low |
198 | Argument | xxxxxxxxxx | predictive | Medium |
199 | Argument | xxxxxx[xxxxxx_xxxx] | predictive | High |
200 | Argument | xxxx_xx | predictive | Low |
201 | Argument | xxxxxxxxxxxx | predictive | Medium |
202 | Argument | xxx | predictive | Low |
203 | Argument | xxxxxxxx | predictive | Medium |
204 | Argument | xxxxx | predictive | Low |
205 | Argument | xxxx | predictive | Low |
206 | Argument | xxxxx_xxxx_xxxx | predictive | High |
207 | Argument | xxxxxxx=xxxxxxxx | predictive | High |
208 | Argument | xxxx | predictive | Low |
209 | Argument | xxxxxxx | predictive | Low |
210 | Argument | xxxxxxx_xxxxxxx | predictive | High |
211 | Argument | xxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx] | predictive | High |
212 | Argument | xxxxxxxx | predictive | Medium |
213 | Argument | xxxx | predictive | Low |
214 | Argument | xx | predictive | Low |
215 | Argument | xx/xx_xxxxxx_xxxx/xx_xxxx_xxxxxx | predictive | High |
216 | Argument | xxxxxxxxx | predictive | Medium |
217 | Argument | xx_xxxxx | predictive | Medium |
218 | Argument | xxxxx | predictive | Low |
219 | Argument | xxxxx_xxxx | predictive | Medium |
220 | Argument | xxxxxx | predictive | Low |
221 | Argument | xxxx_xx | predictive | Low |
222 | Argument | xxxx | predictive | Low |
223 | Argument | xxxxxxxx_xxx | predictive | Medium |
224 | Argument | xxx_xxx | predictive | Low |
225 | Argument | xxxxxxx | predictive | Low |
226 | Argument | xxx | predictive | Low |
227 | Argument | xxxx | predictive | Low |
228 | Argument | xxxxxxx | predictive | Low |
229 | Argument | xxx_xxxx_xxxx | predictive | High |
230 | Argument | xxxxxxxxxx | predictive | Medium |
231 | Argument | xxx | predictive | Low |
232 | Argument | xx_xxxx | predictive | Low |
233 | Argument | xxx/xxxxxxxxx | predictive | High |
234 | Argument | xxxxxxxxx_xxxxxxxx_xxxx | predictive | High |
235 | Argument | xxxxx | predictive | Low |
236 | Argument | xxxxxxx_xxxx | predictive | Medium |
237 | Argument | xxxx | predictive | Low |
238 | Argument | xxxx/xxxxxxxx/xxx/xxx/xxxxxxxx/xxxxxxx | predictive | High |
239 | Argument | xxxxxxx_xx | predictive | Medium |
240 | Argument | xxxxxx xxxxxx | predictive | High |
241 | Argument | xxxxxxxxxxxx | predictive | Medium |
242 | Argument | xxxx | predictive | Low |
243 | Argument | xxx_xxx[] | predictive | Medium |
244 | Argument | xxxxxxxx | predictive | Medium |
245 | Argument | xxxx_xx_xx_xxx | predictive | High |
246 | Argument | xxxxxxx | predictive | Low |
247 | Argument | xxxxxxxxxxxxx | predictive | High |
248 | Argument | xxxxxxxxx | predictive | Medium |
249 | Argument | xxxxx_xxxx_xxxx | predictive | High |
250 | Argument | xxxxx | predictive | Low |
251 | Argument | xxxx | predictive | Low |
252 | Argument | xx_xxxx | predictive | Low |
253 | Argument | xx_xxxx | predictive | Low |
254 | Argument | xxxxxx | predictive | Low |
255 | Argument | xxxxx | predictive | Low |
256 | Argument | xxxxxxxx | predictive | Medium |
257 | Argument | xxxxxxxxxx | predictive | Medium |
258 | Argument | xxxxx | predictive | Low |
259 | Argument | xxxxxxx_xx | predictive | Medium |
260 | Argument | xxxxxxxxxx | predictive | Medium |
261 | Argument | xxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxx | predictive | High |
262 | Argument | xxx | predictive | Low |
263 | Argument | xxxxxx | predictive | Low |
264 | Argument | xxx | predictive | Low |
265 | Argument | xxxxxx_xxx | predictive | Medium |
266 | Argument | xxxx_xxxx | predictive | Medium |
267 | Argument | xxxxxxx | predictive | Low |
268 | Argument | xxxxxx_xx | predictive | Medium |
269 | Argument | xxxxxxx_xx | predictive | Medium |
270 | Argument | xxxxxx | predictive | Low |
271 | Argument | xx_xxxxx_xxxx_xxxx | predictive | High |
272 | Argument | xx | predictive | Low |
273 | Argument | xxxxxxxxx | predictive | Medium |
274 | Argument | xxxxxxx | predictive | Low |
275 | Argument | xxxxxxxxxx | predictive | Medium |
276 | Argument | x_xx | predictive | Low |
277 | Argument | xxxxx | predictive | Low |
278 | Argument | xxxxxxxxxx_xx | predictive | High |
279 | Argument | xxxxxxxxxxx | predictive | Medium |
280 | Argument | xxxx | predictive | Low |
281 | Argument | xxxx_xx | predictive | Low |
282 | Argument | xxx | predictive | Low |
283 | Argument | xxx | predictive | Low |
284 | Argument | xxxx.xxxxx | predictive | Medium |
285 | Argument | xxxxxxxx:x_xxxx/xxxxxxxx:x_xxxx/xxxxxxxx:x_xxxx | predictive | High |
286 | Argument | xxxxxx | predictive | Low |
287 | Argument | xxxxxxxx | predictive | Medium |
288 | Argument | xxxx_xx | predictive | Low |
289 | Argument | xx_xxxx | predictive | Low |
290 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | predictive | High |
291 | Input Value | .. | predictive | Low |
292 | Input Value | xx | predictive | Low |
293 | Input Value | x%xxxxxxx%xxxxxxxx%xxx,xxxxxx_xx%xxxxxx,xx_xxxxxxx,xxxxxxxx%xx,x,x,x,x,x,x,x,xx,xx,xx,xx,xx,xx,xx,xx,xx%xxxxxx%xxxxxxxxxx%xxxxxxx%xxxx%xxx | predictive | High |
294 | Input Value | <xxx%xxxxx='xxxx://xxx.xxxx.xx/xxxx.xxx'%xxxxxxx='xxxxxx:%xxxxx%xxxxxxx%xxxxxxx;'> | predictive | High |
295 | Input Value | \xxx../../../../xxx/xxxxxx | predictive | High |
296 | Pattern | xxxxxxx-xxxx|xx| xxxx/xxxx | predictive | High |
297 | Pattern | xxxx /x | predictive | Low |
References (6)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/JanelaRAT
- xxxxx://xxxxxxx.xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx
- xxxxx://xxx.xxxxxxxxxx.xxx/xxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxx
- xxxxx://xxx.xxxxxxxxxx.xxx/xxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxx
- xxxxx://xxx.xxxxxxx.xxx/xxxxx/xxxxxxxx-xxxxxxxx/xxxxxxxxx-xxxxxxxxxx-xx-xxx-xxxxxxx-xxxxxxxxx-xxxxx-xxxxxxx