XpertRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (396)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en334
de32
ru8
es6
pt4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us208
cn12
ru10
es8
pt4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Nanocore RAT14
Ave Maria14
RedLine Stealer14
AsyncRAT13
Mirai13

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined146
Content Management System18
Operating System14
Router Operating System12
Programming Language Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined94
Microsoft34
SourceCodester18
Google14
Oracle6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Microsoft Office6
SourceCodester Online Computer and Laptop Store4
Microsoft IIS4
Oracle WebLogic Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.14
2Zyxel ARMOR Z1/ARMOR Z2 CGI Program os command injection8.88.8$5k-$25k$0-$5kNot DefinedNot Defined0.000530.00CVE-2021-4029
3SourceCodester Shopping Website insert-product.php unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.07CVE-2023-3503
4All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005010.00CVE-2004-2175
5SourceCodester Shopping Website search-result.php sql injection6.76.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000790.04CVE-2023-3502
6Itech Multi Vendor Script product-list.php sql injection7.57.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.004590.04CVE-2017-20132
7esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2010-4996
8PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
9Ruijie RG-EW1200G Administrator Password set_passwd access control7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.013100.04CVE-2023-4169
10MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
11Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003810.00CVE-2007-3323
12Apple Safari BMP/GIF Image memory corruption7.36.4$100k and more$0-$5kProof-of-ConceptOfficial Fix0.007210.00CVE-2008-1573
13Microsoft Windows Kerberos CRC32 Checksum cryptographic issues6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2011-0043
14MediaWiki Login cross-site request forgery5.55.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004130.00CVE-2010-1150
15OpenSSL SSL3 cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.008850.06CVE-2011-4576
16Oracle Database desformat File rwservlet path traversal7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.932860.03CVE-2005-2371
17Google Chrome Mousemove Event resource management10.09.0$100k and more$0-$5kProof-of-ConceptOfficial Fix0.055150.00CVE-2011-3971
18WooCommerce Plugin path traversal7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.004940.04CVE-2017-17058
19Apple Safari credentials management7.37.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.003040.00CVE-2010-1383
20NetBSD IPComp Payload Decompression memory corruption5.95.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.025050.00CVE-2011-1547

IOC - Indicator of Compromise (27)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.206.224.43shp-fe02XpertRAT06/30/2021verifiedHigh
223.105.131.209mail209.nessfist.comXpertRAT04/12/2022verifiedHigh
331.210.21.252ll40.topXpertRAT04/26/2021verifiedHigh
437.0.8.125kellyschultz.capitolreservations.comXpertRAT07/01/2022verifiedHigh
537.0.11.150XpertRAT03/19/2022verifiedHigh
637.0.11.215XpertRAT02/10/2022verifiedHigh
7XX.XXX.XXX.XXXxxxxxxx04/21/2021verifiedHigh
8XX.XXX.XXX.XXXXxxxxxxx11/17/2021verifiedHigh
9XX.XXX.XXX.XXXXxxxxxxx02/08/2022verifiedHigh
10XX.XXX.XXX.XXXXxxxxxxx01/22/2022verifiedHigh
11XX.XXX.XXX.XXXXxxxxxxx05/12/2022verifiedHigh
12XX.XXX.XXX.XXXXxxxxxxx08/02/2022verifiedHigh
13XX.XXX.XXX.XXXXxxxxxxx04/15/2021verifiedHigh
14XX.XXX.XXX.XXXxxxxx.xxxXxxxxxxx12/20/2021verifiedHigh
15XX.XXX.XX.XXXXxxxxxxx09/18/2023verifiedHigh
16XXX.XX.XXX.XXXxxxxxxxxxxxx.xxxXxxxxxxx02/07/2024verifiedHigh
17XXX.XXX.XX.XXXXxxxxxxx06/10/2023verifiedHigh
18XXX.XXX.XXX.XXXXxxxxxxx07/31/2022verifiedHigh
19XXX.XX.XXX.XXXXxxxxxxx09/20/2021verifiedHigh
20XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxx03/15/2022verifiedHigh
21XXX.XXX.XX.XXxxxxxxxx.xxxx.xxxXxxxxxxx03/02/2022verifiedHigh
22XXX.XXX.XX.XXXxxxxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx12/03/2021verifiedHigh
23XXX.XXX.XX.XXXXxxxxxxx06/29/2021verifiedHigh
24XXX.XXX.XX.XXXxxxxxxx12/01/2021verifiedHigh
25XXX.XXX.XXX.XXxxxxxxx10/28/2021verifiedHigh
26XXX.XXX.XX.XXXXxxxxxxx11/11/2021verifiedHigh
27XXX.XXX.XX.XXXXxxxxxxx02/03/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
18TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (184)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/../conf/config.propertiespredictiveHigh
2File/about.phppredictiveMedium
3File/adminpredictiveLow
4File/Admin/createClass.phppredictiveHigh
5File/admin/edit_product.phppredictiveHigh
6File/admin/products/manage_product.phppredictiveHigh
7File/admin/products/view_product.phppredictiveHigh
8File/admin/web_config.phppredictiveHigh
9File/api/sys/set_passwdpredictiveHigh
10File/be/erpc.phppredictiveMedium
11File/cgi-bin/kerbynetpredictiveHigh
12File/config/myfield/test.phppredictiveHigh
13File/configs/application.inipredictiveHigh
14File/DataHandler/AM/AM_Handler.ashxpredictiveHigh
15File/debug/pprofpredictiveMedium
16File/etc/sudoerspredictiveMedium
17File/forum/away.phppredictiveHigh
18File/goform/set_LimitClient_cfgpredictiveHigh
19File/index.phppredictiveMedium
20File/index.php?app=main&func=passport&action=loginpredictiveHigh
21File/manage-apartment.phppredictiveHigh
22File/multi-vendor-shopping-script/product-list.phppredictiveHigh
23File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictiveHigh
24File/xxxxx-xxxxxx/xxxxx.xxxpredictiveHigh
25File/xxxxx/xxxxxxx.xxxpredictiveHigh
26File/xxxxxxx.xxxpredictiveMedium
27File/xxxxxxx/xxxxxxxxxpredictiveHigh
28File/xxxx/xxx/x/xxxx/xxxxxxpredictiveHigh
29File/xxxxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxxx/xxxxx/xxxx-xxxxxx.xxxpredictiveHigh
30File/xxxxxxx/predictiveMedium
31File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxx/xxxxxx/xxxxx/predictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxxxx/xxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxxxxx/xxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxx/xxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
43Filexxxx_xxxx_xxxxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxx/xxxx.xxxpredictiveHigh
47Filexxxxxxxxxx\xxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
49Filexxxxxx_xxxxxxx.xxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxx.xxxpredictiveMedium
52Filexxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxpredictiveHigh
53Filexxxxxxxx.xxx.xxxpredictiveHigh
54Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxxxxx.xxxpredictiveMedium
61Filexxxxx.xxxpredictiveMedium
62Filexxxxx.xxxpredictiveMedium
63Filexxxxxx-xxxxxxx.xxxpredictiveHigh
64Filexxxxx/xxxxx.xxxpredictiveHigh
65Filexxxx_xxxxxxx.xxxxpredictiveHigh
66Filexxxx_xxxx.xxxpredictiveHigh
67Filexxxxxxxx.xxx.xxxpredictiveHigh
68Filexxxxx/xxxxxxxx.xpredictiveHigh
69Filexxx_xxxx.xxxpredictiveMedium
70Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
71Filexxx_xxxxxxxx.xxxpredictiveHigh
72Filexxx_xxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
73Filexxx_xxxx.xxxpredictiveMedium
74Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictiveHigh
75Filexxx.xxpredictiveLow
76Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
77Filexxxxxxxxxxx_xxx.xxpredictiveHigh
78Filexxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxxx\xxxxxx_xxxx.xxxpredictiveHigh
80Filexxxxxxx.xxxpredictiveMedium
81Filexxxxx.xxxpredictiveMedium
82Filexxxxxxx.xxxpredictiveMedium
83Filexxxxxxxx.xxxpredictiveMedium
84Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
85Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
86Filexxxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
88Filexxxxxx-xxxxxx.xxxpredictiveHigh
89Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
90Filexxxx_xxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
92Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
93Filexxxx-xxx.xxxpredictiveMedium
94Filexxxxxxxxxxx.xxxpredictiveHigh
95Filexxxx_xxx.xxxpredictiveMedium
96Filexxx/xxxx.xpredictiveMedium
97Filexxxxxxxx.xxxpredictiveMedium
98Filexxxx-xxxxx_xxxxxxx.xxxpredictiveHigh
99Filexxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
100Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
101Filexxxx_xxxxxxx.xxxpredictiveHigh
102Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
103File~/xx-xxxxxxxx.xxxpredictiveHigh
104Libraryxxxxx.xxxpredictiveMedium
105LibraryxxxxxxxxxxpredictiveMedium
106Libraryxxxxxxxxxxx.xxxpredictiveHigh
107Argument$xxxx["xx"]predictiveMedium
108Argument$_xxxxxx['xxx_xxxx']predictiveHigh
109Argumentxxxxxxxxx xxxxxxpredictiveHigh
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxxpredictiveLow
112Argumentxxxx_xxxpredictiveMedium
113Argumentxxx_xxxpredictiveLow
114ArgumentxxxpredictiveLow
115ArgumentxxxxxpredictiveLow
116Argumentxxx_xxpredictiveLow
117ArgumentxxxpredictiveLow
118Argumentxxxxx_xxpredictiveMedium
119Argumentxxxx_xxpredictiveLow
120Argumentxxxx_xxpredictiveLow
121ArgumentxxxxxxxxxxpredictiveMedium
122Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxxxxpredictiveLow
125ArgumentxxxpredictiveLow
126Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
127ArgumentxxxxxxxxpredictiveMedium
128Argumentxxxx/xxxxpredictiveMedium
129ArgumentxxxxxxxxpredictiveMedium
130Argumentxxxx_xxxxxxxpredictiveMedium
131ArgumentxxpredictiveLow
132ArgumentxxpredictiveLow
133ArgumentxxpredictiveLow
134ArgumentxxxxxxxxxpredictiveMedium
135ArgumentxxxxpredictiveLow
136Argumentxxxx_xxpredictiveLow
137ArgumentxxxxxpredictiveLow
138Argumentxxxxx_xxxpredictiveMedium
139Argumentxxxxxxxx_xxxpredictiveMedium
140ArgumentxxxxxxxxxpredictiveMedium
141ArgumentxxxxxpredictiveLow
142Argumentxxx/xxxxx/xxxxxpredictiveHigh
143Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
144ArgumentxxxxpredictiveLow
145ArgumentxxxxxpredictiveLow
146Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveHigh
147ArgumentxxxxxxpredictiveLow
148ArgumentxxxxxxpredictiveLow
149ArgumentxxxxxxxxxxxxpredictiveMedium
150ArgumentxxxxxxxxpredictiveMedium
151ArgumentxxxxxxxxpredictiveMedium
152Argumentxxxxxxx_xxxpredictiveMedium
153ArgumentxxxxxxxxpredictiveMedium
154ArgumentxxpredictiveLow
155ArgumentxxxxxxxpredictiveLow
156Argumentxxxxxxxx-xxxxxpredictiveHigh
157ArgumentxxxpredictiveLow
158ArgumentxxxxxxpredictiveLow
159Argumentxxxxxx_xxxxxxpredictiveHigh
160Argumentxxxxxx_xxxxxxxxpredictiveHigh
161Argumentxxx_xxxxxxpredictiveMedium
162Argumentxxxxxx_xxx_xxx_xxxxpredictiveHigh
163ArgumentxxxpredictiveLow
164ArgumentxxxxxxpredictiveLow
165ArgumentxxxxpredictiveLow
166Argumentxxxx xxxxxpredictiveMedium
167ArgumentxxxxxpredictiveLow
168Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
169ArgumentxxxxpredictiveLow
170ArgumentxxxpredictiveLow
171ArgumentxxxxxxxxpredictiveMedium
172Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
173Argumentxxxx_xxpredictiveLow
174ArgumentxxxxpredictiveLow
175ArgumentxxxxxxxxpredictiveMedium
176Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
177Input Value%xx%xx%xxxxx%xxxxx%xx%xxxxxx.xxx%xx%xxxxxxxxx%xxxxxxxxxxxx%xxxxxxx('xxx')%xxpredictiveHigh
178Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
179Input Value'xx''='predictiveLow
180Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
181Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictiveHigh
182Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
183Network Portxxx/xxxxpredictiveMedium
184Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!