ZenRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en24
it2
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru8
it2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike1
RedLine Stealer1
ZenRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Programming Language Software6
Firewall Software2
Banking Software2
Database Administration Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Palo Alto2
SourceCodester2
JCE-Tech2
Valdersoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

olbookmarks2
DNN2
Palo Alto PAN-OS2
FileWave2
SourceCodester Blood Bank Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1XMB Forum phpinfo.php information disclosure5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018110.00CVE-2004-2588
2DTH DT Register Extension index.php sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
3Zabbix Configuration setup.php access control5.55.5$0-$5k$0-$5kHighNot Defined0.629800.05CVE-2022-23134
4JCE-Tech Php Calendars Script product_list.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002030.04CVE-2010-0375
5Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.17CVE-2022-28507
6DNN path traversal4.24.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.04CVE-2022-2922
7Movie Ticket Booking System booking.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.07CVE-2022-4247
8Movie Ticket Booking System editBooking.php sql injection6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.00CVE-2022-4248
9OpenSSL Ticket t1_lib.c tls_decrypt_ticket input validation6.46.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.286060.05CVE-2016-6302
10FlatPress Setup main.lib.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000880.07CVE-2022-4822
11Coppermine Photo Gallery init.inc.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.083070.05CVE-2004-1988
12PHP String-Typed ZVAL integer coercion7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.02
13Hospital Management Center patient-info.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001510.03CVE-2022-4012
14olbookmarks default.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.070290.00CVE-2007-2816
15Valdersoft Valdersoft Shopping Cart default.php memory corruption7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030540.00CVE-2006-0099
16gtd-php newContext.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.012020.00CVE-2006-1479
17SourceCodester Blood Bank Management System login.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.03CVE-2022-4737
18Php Script Tools PSY Auction item.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003310.00CVE-2006-7005
19Microsoft ASP.NET Core MVC View privileges management7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000000.00
20Metalinks MetaCart e-Shop product.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002100.00CVE-2005-1361

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.156.72.8ZenRAT10/29/2023verifiedHigh
2XXX.XXX.XX.XXXxxxxx10/29/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebooking.phppredictiveMedium
2FileeditBooking.phppredictiveHigh
3Filegrab_globals.lib.phppredictiveHigh
4Fileinclude/templates/categories/default.phppredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxx.xxx.xxxpredictiveMedium
7Filexxxx.xxxpredictiveMedium
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxx-xxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxxxx_xxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxx/xxx/xxxx.xxx.xxxpredictiveHigh
16Filexxxxxx/xxxxxxx.xxxpredictiveHigh
17Libraryxxx/xx_xxx.xpredictiveMedium
18ArgumentxxxpredictiveLow
19ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
20Argumentxxx[x]predictiveLow
21Argumentxxx_x_xxxpredictiveMedium
22ArgumentxxpredictiveLow
23ArgumentxxxxxxpredictiveLow
24Argumentxx_xxpredictiveLow
25ArgumentxxxxpredictiveLow
26Argumentxxxxxxxxxx_xxxxpredictiveHigh
27ArgumentxxxxxpredictiveLow
28Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
29Input Valuex) xx x-- -predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!