Rakos Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (398)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en318
ru38
ja8
zh8
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us216
ru76
pl20
cn16
me6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rakos8
Locky6
Cobalt Strike5
TrickBot4
NjRAT3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined150
Programming Language Software20
Content Management System18
Operating System16
Web Server12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined116
Microsoft20
Apache10
SourceCodester8
HP6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
WordPress8
Apache HTTP Server6
Laravel4
Adminer4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.33CVE-2010-0966
3Zyxel NAS326/NAS542 Web Server os command injection9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000680.04CVE-2023-4473
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.20CVE-2020-12440
5Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.00CVE-2017-0055
6DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.60CVE-2007-1167
7MikroTik RouterOS Winbox/HTTP Interface privileges management7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000550.05CVE-2023-30799
8Laravel Framework Token Encrypter.php decrypt deserialization6.86.8$0-$5k$0-$5kHighNot Defined0.649650.00CVE-2018-15133
9Linux Kernel fbcon vt.c KD_FONT_OP_COPY out-of-bounds5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-28974
10Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.16CVE-2006-6338
11Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007840.00CVE-2006-3347
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.21CVE-2014-4078
13WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.05CVE-2017-5611
14SourceCodester Petrol Pump Management Software product.php unrestricted upload4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2058
15CKFinder File Name unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.05CVE-2019-15862
16Elementor Plugin deserialization5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.03CVE-2024-24934
17guzzlehttp psr7 Header Parser input validation6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.01CVE-2022-24775
18DrayTek Vigor 2960 Web Management Interface mainfunction.cgi command injection7.47.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002730.00CVE-2023-1162
19BeCustom Plugin cross-site request forgery6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001220.04CVE-2022-3747
20Cisco IOS XE Web UI Remote Code Execution9.99.7$25k-$100k$5k-$25kHighOfficial Fix0.873280.07CVE-2023-20198

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.34.180.64vds-merkyl-88517.itldc-customer.netRakos05/31/2021verifiedHigh
25.34.183.231vds-454576.hosted-by-itldc.comRakos05/31/2021verifiedHigh
346.8.44.55Rakos05/31/2021verifiedHigh
4XXX.XX.XX.XXxxx.xxxxxxx.xxxXxxxx05/31/2021verifiedHigh
5XXX.XX.XX.XXxxxxxxx-xxxxxx.xxxxxx-xx.xxxxx.xxxXxxxx05/31/2021verifiedHigh
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxx-xxxXxxxx05/31/2021verifiedHigh
7XXX.XX.XXX.XXXxxxxx-xxxxxxxxxxxxxxxx-xxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx05/31/2021verifiedHigh
8XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxx05/31/2021verifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxx.xxxXxxxx05/31/2021verifiedHigh
10XXX.XX.XXX.XXxxxxxxx.xxxXxxxx05/31/2021verifiedHigh
11XXX.XX.XXX.XXxx.xxxxx-xxxxxxxx.xxxXxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (208)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//proc/kcorepredictiveMedium
2File/addWhiteListDomain.imsspredictiveHigh
3File/admin/app/product.phppredictiveHigh
4File/anony/mjpg.cgipredictiveHigh
5File/cgi-bin/wlogin.cgipredictiveHigh
6File/cobbler-apipredictiveMedium
7File/customer_support/index.phppredictiveHigh
8File/forum/away.phppredictiveHigh
9File/inc/parser/xhtml.phppredictiveHigh
10File/include/makecvs.phppredictiveHigh
11File/index.phppredictiveMedium
12File/login/index.phppredictiveHigh
13File/preview.phppredictiveMedium
14File/protocol/index.phppredictiveHigh
15File/requests.phppredictiveHigh
16File/search-result.phppredictiveHigh
17File/secret_coder.sqlpredictiveHigh
18File/shop.phppredictiveMedium
19File/uncpath/predictiveMedium
20File/view_order.phppredictiveHigh
21File/wp-admin/admin.php?page=wp_file_manager_propertiespredictiveHigh
22Fileadd.phppredictiveLow
23Fileadminer.phppredictiveMedium
24Fileadm_config_report.phppredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxx/xx-xxxxx-xxxxxxx/xxx-xx-xxxxx-xxxxxxx.xxxpredictiveHigh
27Filexxxx-xxxx.xpredictiveMedium
28Filexxx.xxxpredictiveLow
29Filexxxxx.xxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
33Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
34Filexxxxxx/xx/xx_xxxxx.xpredictiveHigh
35Filexxxx:x.x/xx:x/xx:x/xx:x/xx:x/x:x/x:x/x:x/x:xpredictiveHigh
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxxx_xxxx.xxxpredictiveHigh
40Filexxxxxxx/xxx/xxxxxxxx/xx.xpredictiveHigh
41Filexxxxxxx/xxx/xx/xx.xpredictiveHigh
42Filexxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxx.xxxpredictiveMedium
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxxxx_xxx_xxx_xxxx.xxxpredictiveHigh
46Filexxxxxx.xxxpredictiveMedium
47Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxx.xxxpredictiveMedium
52Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
53Filexx_xxxxxxx.xpredictiveMedium
54Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxx/xxxxxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxx.xx/xxx-xxxxx.xxxpredictiveHigh
58Filexxx/xxxxxx.xxxpredictiveHigh
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
60Filexxxxx.xxxpredictiveMedium
61Filexx.xxxpredictiveLow
62Filexxxxxx.xpredictiveMedium
63Filexxxx.xxxpredictiveMedium
64Filexx.xxxpredictiveLow
65Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
66Filexxxxx_xx.xxxxpredictiveHigh
67Filexxxxxx.xxxpredictiveMedium
68Filexxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
71Filexxxx.xxxpredictiveMedium
72Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
73Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxxx.xxxpredictiveHigh
74Filexxxxxx\xxxx_xxx\xxxxx\xxxxxxxx.xxxpredictiveHigh
75Filexxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
76Filexxxxxxx-xxxxx.xxpredictiveHigh
77Filexxxxx_xxxxxxxx.xxxpredictiveHigh
78Filexxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
79Filexxxxx.xxxpredictiveMedium
80Filexxxxxxx.xxxpredictiveMedium
81Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
82Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
83Filexxxx.xxxpredictiveMedium
84Filexxxxxxx/xxxxxx.xxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86Filexxxxx-xxxx.xxxpredictiveHigh
87Filexxxxxxx.xxxpredictiveMedium
88Filexxxxxxxx.xxxpredictiveMedium
89Filexxxxxxx_xxxx.xxxpredictiveHigh
90Filexxxxxxx.xxxpredictiveMedium
91Filexxxxx.xxxpredictiveMedium
92Filexxxxxxxx.xxxpredictiveMedium
93Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
94Filexxxx.xxpredictiveLow
95Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
96Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
97Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
98Filexxx/xxxxxx_xxx.xxxpredictiveHigh
99Filexxxxxxxxxxxx.xxxpredictiveHigh
100Filexxxxx.xpredictiveLow
101Filexxxxxxxxxxx.xxxpredictiveHigh
102Filexxxxxxxx/xxxxxxxxpredictiveHigh
103Filexxxxxxxx.xxxpredictiveMedium
104Filexxxxxxxxxx.xxxpredictiveHigh
105Filexxxxxxx.xxxpredictiveMedium
106Filexx_xxxxxxxx.xxxpredictiveHigh
107Filexxxxx.xxxpredictiveMedium
108Filexxxxxxxx.xxxpredictiveMedium
109Filexx-xxxxx/xxxxxxx.xxxpredictiveHigh
110Filexx-xxxxxx.xxxpredictiveHigh
111Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
112Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
113Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
114Filexx-xxxxxxxx.xxxpredictiveHigh
115File~/xxxxxxxxx/predictiveMedium
116Libraryxxxxxxx.xxxpredictiveMedium
117Libraryxxxxxxxxxxxx.xxxpredictiveHigh
118Libraryxxxx.xxx.xxxpredictiveMedium
119Libraryxxxxxx.xxxpredictiveMedium
120Libraryxxxxxxxxxxx.xxxpredictiveHigh
121Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxx.xxx.xxxpredictiveHigh
122Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
123Libraryxxx/xx_xxx.xpredictiveMedium
124Libraryxxxxxxxx.xpredictiveMedium
125Argumentxx/xxpredictiveLow
126Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
129ArgumentxxxxxxxxpredictiveMedium
130ArgumentxxxpredictiveLow
131Argumentxxxx/xxxxx/xxxxx_xxxxxxxxxxxpredictiveHigh
132Argumentxxxxxx[xxxx]predictiveMedium
133Argumentxxxxxxxxxxx(xxxxxx)predictiveHigh
134Argumentxxxx/xxxxxx/xxxpredictiveHigh
135ArgumentxxxxxxpredictiveLow
136Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictiveHigh
137Argumentxxxxx xxxxxpredictiveMedium
138ArgumentxxxxxpredictiveLow
139ArgumentxxxxpredictiveLow
140ArgumentxxxxxxxxpredictiveMedium
141Argumentxxxxxx_xxxxxx_xxpredictiveHigh
142Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxx/xxxxxxxpredictiveHigh
143Argumentxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxpredictiveHigh
144ArgumentxxxxxxxxxxxxpredictiveMedium
145Argumentxxxxxxxxxxxxxx($xxx)predictiveHigh
146Argumentxxxxx_xxpredictiveMedium
147Argumentxxx_xxxxpredictiveMedium
148ArgumentxxxxpredictiveLow
149Argumentxxxx xxxxxxxpredictiveMedium
150Argumentxxxx_xxxxpredictiveMedium
151ArgumentxxxxpredictiveLow
152ArgumentxxxxpredictiveLow
153ArgumentxxpredictiveLow
154ArgumentxxpredictiveLow
155ArgumentxxxxxpredictiveLow
156ArgumentxxxxxpredictiveLow
157ArgumentxxxxxxpredictiveLow
158ArgumentxxxxpredictiveLow
159ArgumentxxxxxxpredictiveLow
160ArgumentxxxxpredictiveLow
161ArgumentxxxxxxpredictiveLow
162Argumentxxxxx[xxxxx][xx]predictiveHigh
163ArgumentxxxxxpredictiveLow
164Argumentxx/xx/xx/xx/xpredictiveHigh
165ArgumentxxxxpredictiveLow
166ArgumentxxxxxxxxpredictiveMedium
167Argumentxxxx_xxxxpredictiveMedium
168ArgumentxxxxxxpredictiveLow
169ArgumentxxxxpredictiveLow
170Argumentxxxx_xxxxpredictiveMedium
171ArgumentxxxxxxxxpredictiveMedium
172ArgumentxxxxxxpredictiveLow
173ArgumentxxxxpredictiveLow
174ArgumentxxxxxxxxpredictiveMedium
175ArgumentxxxxxpredictiveLow
176Argumentxxxxxxx_xxpredictiveMedium
177Argumentxxxxxxx_xxxxxpredictiveHigh
178ArgumentxxxpredictiveLow
179Argumentxxx=xxxxpredictiveMedium
180ArgumentxxxxxxxxpredictiveMedium
181Argumentxxxxxx_xxxxpredictiveMedium
182ArgumentxxxxxxxxxxpredictiveMedium
183ArgumentxxxxxxpredictiveLow
184Argumentxxxxxxxx/xxxxxxxxxpredictiveHigh
185ArgumentxxxxxxpredictiveLow
186Argumentxxxxxxxx_xxxxpredictiveHigh
187Argumentxxxxxxxxxx_xxxxpredictiveHigh
188ArgumentxxxpredictiveLow
189ArgumentxxxpredictiveLow
190Argumentxxxx-xxxxxpredictiveMedium
191ArgumentxxxxxxxxxpredictiveMedium
192Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
193Argumentxxxxxxxx:xxxxxxxxpredictiveHigh
194Argumentxxxx_xxxxxpredictiveMedium
195ArgumentxxxxpredictiveLow
196Argumentx-xxxx-xxxxxpredictiveMedium
197Argumentxxxxx_xxxxxxxxxx_xxxxxpredictiveHigh
198Input Value../predictiveLow
199Input Value>><xxx/xxx/xxxxxxx=xxxxx(x)>predictiveHigh
200Input Valuexxxx.xxx"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx);</xxxxxx>)predictiveHigh
201Input ValuexxxxxxxpredictiveLow
202Input Valuexxxxxxxxx:xxxxxxxxpredictiveHigh
203Pattern|xx xx xx|predictiveMedium
204Network PortxxxpredictiveLow
205Network Portxxx/xx (xxxxxx)predictiveHigh
206Network Portxxx/xxxxxpredictiveMedium
207Network Portxxx/xxxxxpredictiveMedium
208Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!