Orcus RAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (521)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en274
de198
es14
zh10
fr10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de198
us184
cn46
ru10
ce8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike14
NetSupportManager RAT11
Raccoon10
RecordBreaker9
Mirai8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined172
Content Management System44
Firewall Software12
Router Operating System12
Operating System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined154
Microsoft18
SourceCodester12
Cisco12
Frog10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Simple DirectMedia Layer14
WordPress10
Microsoft Windows10
Frog CMS10
Kunbus PR100088 Modbus Gateway6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
2Cisco Web Security Appliance Decryption Policy Default Action resource consumption6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000940.00CVE-2019-1672
3Fortinet FortiOS SSH format string8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.002220.00CVE-2018-1352
4Cisco Identity Services Engine Web-based Management Interface cross site scripting5.05.0$5k-$25k$0-$5kNot DefinedNot Defined0.000660.05CVE-2019-1673
5Apple iOS Live Photos in FaceTime Local Privilege Escalation7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002440.00CVE-2019-7288
6Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
7Fortinet FortiClient NDIS Miniport Driver null pointer dereference5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.00CVE-2018-9190
8HelpSystems tcpcrypt memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002500.00CVE-2018-20764
9Symantec Ghost Solution Suite DLL untrusted search path5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2018-18364
10Kunbus PR100088 Modbus Gateway FTP Service XML credentials management6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2019-6549
11Kunbus PR100088 Modbus Gateway HTTP credentials management7.67.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2019-6531
12Apple iOS Foundation memory corruption7.06.9$25k-$100k$5k-$25kHighOfficial Fix0.003390.00CVE-2019-7286
13Apple iOS IOKit memory corruption8.78.5$25k-$100k$5k-$25kHighOfficial Fix0.001250.04CVE-2019-7287
14Debian python-rdflib-tools CLI Tool code injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.004420.00CVE-2019-7653
15Emsisoft Anti-Malware ACL EPP.sys access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003210.04CVE-2019-7651
16Hotels_Server Password Storage fetchpwd.php credentials management7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.005880.00CVE-2019-7648
17Cisco Meeting Server Session Initiation Protocol input validation6.56.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001790.00CVE-2019-1676
18libming parser.c parseSWF_ACTIONRECORD memory corruption8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.010260.00CVE-2019-7581
19ThinkCMF addpost.html code injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002720.00CVE-2019-7580
20Waimai Super CMS PublicAction.class.php Time-Based sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.00CVE-2019-7585

IOC - Indicator of Compromise (179)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.54.12.82Orcus RAT05/18/2024verifiedHigh
21.54.107.33Orcus RAT11/25/2023verifiedHigh
31.54.107.38Orcus RAT10/31/2023verifiedHigh
41.54.172.244Orcus RAT12/24/2023verifiedHigh
52.56.245.124Orcus RAT05/13/2024verifiedHigh
62.58.56.2422.58.56.242.powered.by.rdp.shOrcus RAT10/09/2023verifiedHigh
73.129.187.220ec2-3-129-187-220.us-east-2.compute.amazonaws.comOrcus RAT05/21/2021verifiedMedium
83.133.207.110ec2-3-133-207-110.us-east-2.compute.amazonaws.comOrcus RAT05/21/2021verifiedMedium
93.137.146.78ec2-3-137-146-78.us-east-2.compute.amazonaws.comOrcus RAT07/12/2021verifiedMedium
103.143.239.116ec2-3-143-239-116.us-east-2.compute.amazonaws.comOrcus RAT06/27/2021verifiedMedium
115.42.92.89hosted-by.yeezyhost.netOrcus RAT04/22/2024verifiedHigh
125.78.108.0static.0.108.78.5.clients.your-server.deOrcus RAT01/01/2024verifiedHigh
1313.53.37.168ec2-13-53-37-168.eu-north-1.compute.amazonaws.comOrcus RAT08/22/2021verifiedMedium
1415.235.3.1ip1.ip-15-235-3.netOrcus RAT12/28/2023verifiedHigh
1516.170.253.123ec2-16-170-253-123.eu-north-1.compute.amazonaws.comOrcus RAT11/05/2023verifiedMedium
1618.117.142.49ec2-18-117-142-49.us-east-2.compute.amazonaws.comOrcus RAT06/19/2021verifiedMedium
1718.192.31.165ec2-18-192-31-165.eu-central-1.compute.amazonaws.comOrcus RAT12/14/2023verifiedMedium
1820.89.177.186Orcus RAT05/09/2022verifiedHigh
1920.163.19.3Orcus RAT01/28/2024verifiedHigh
2020.240.201.149Orcus RAT01/29/2024verifiedHigh
2127.124.3.19Orcus RAT12/21/2023verifiedHigh
2227.124.4.200Orcus RAT10/11/2023verifiedHigh
2327.124.6.248Orcus RAT12/10/2023verifiedHigh
2431.44.184.52Orcus RAT12/14/2023verifiedHigh
2531.173.170.243Orcus RAT11/26/2023verifiedHigh
2635.157.61.186ec2-35-157-61-186.eu-central-1.compute.amazonaws.comOrcus RAT04/28/2024verifiedMedium
2738.145.202.143143.202-145-38.rdns.scalabledns.comOrcus RAT05/13/2024verifiedHigh
2839.38.245.19Orcus RAT01/28/2024verifiedHigh
2939.44.128.21Orcus RAT12/31/2023verifiedHigh
3040.113.117.114Orcus RAT02/17/2024verifiedHigh
3141.97.204.61Orcus RAT04/01/2024verifiedHigh
3242.114.153.12Orcus RAT01/18/2024verifiedHigh
3342.114.153.115Orcus RAT11/22/2023verifiedHigh
3442.117.36.184Orcus RAT02/26/2024verifiedHigh
3545.94.31.205Orcus RAT01/30/2024verifiedHigh
3645.146.253.103rs-zap868892-1.zap-srv.comOrcus RAT08/30/2021verifiedHigh
37XX.XXX.XX.XXXXxxxx Xxx03/13/2024verifiedHigh
38XX.XXX.XX.XXXxxxx Xxx01/17/2024verifiedHigh
39XX.XXX.XX.XXXXxxxx Xxx12/24/2023verifiedHigh
40XX.X.XX.XXXxxxx.xxx.xxxxxxx.xxxXxxxx Xxx01/01/2024verifiedHigh
41XX.XX.XX.XXXxxxxxxxxxx.xxXxxxx Xxx05/13/2024verifiedHigh
42XX.XX.XXX.XXXXxxxx Xxx12/14/2023verifiedHigh
43XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxx Xxx04/03/2024verifiedHigh
44XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xx-xxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxx Xxx10/09/2023verifiedMedium
45XX.XXX.XXX.XXXXxxxx Xxx01/24/2024verifiedHigh
46XX.XXX.XXX.XXXXxxxx Xxx04/15/2024verifiedHigh
47XX.XXX.XXX.XXXXxxxx Xxx05/13/2024verifiedHigh
48XX.XXX.XXX.XXXXxxxx Xxx04/28/2024verifiedHigh
49XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxx.xxxx.xxx.xxXxxxx Xxx08/31/2021verifiedHigh
50XX.XX.XXX.XXxxxxxxxxxxxx.xxxxxxx.xxxXxxxx Xxx01/16/2024verifiedHigh
51XX.XXX.X.XXxxx-xx-xxx-x-xx.xxxxx.xxx.xx.xxxXxxxx Xxx07/17/2021verifiedHigh
52XX.XXX.XXX.XXXxxxx Xxx11/26/2023verifiedHigh
53XX.X.XX.XXXXxxxx Xxx02/02/2024verifiedHigh
54XX.XXX.XX.XXXxxxx Xxx06/29/2021verifiedHigh
55XX.XX.XX.Xxxxxxxxxx-xxxxxx-x-x-xxxxx.xx-x.xxxxx.xxxxxxx.xxxXxxxx Xxx05/13/2024verifiedHigh
56XX.XXX.XXX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx01/27/2024verifiedHigh
57XX.XXX.XXX.XXXxxxx Xxx05/15/2021verifiedHigh
58XX.XX.XXX.XXXxxx-xxx-xx-xx.xxxxxx.xxxXxxxx Xxx05/15/2022verifiedHigh
59XX.XXX.XXX.XXXxxxx Xxx10/09/2023verifiedHigh
60XX.XX.XXX.XXXxxxx Xxx03/03/2023verifiedHigh
61XX.XXX.XXX.XXXXxxxx Xxx11/14/2021verifiedHigh
62XX.XXX.XXX.XXXxxxx Xxx11/05/2023verifiedHigh
63XX.XXX.X.XXxx.x.xxx.xx.xx-xxxx.xxxxXxxxx Xxx09/19/2023verifiedHigh
64XX.XXX.X.XXXxx-xxx-x-xxx.xxxxxx.xxXxxxx Xxx02/12/2024verifiedHigh
65XX.XXX.X.XXxx-xxx-x-xx.xxxxxx.xxXxxxx Xxx10/09/2023verifiedHigh
66XX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx Xxx10/23/2023verifiedHigh
67XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxxxx.xxXxxxx Xxx02/01/2023verifiedHigh
68XX.XXX.XXX.XXXxxxx-xxxxxx.xxxx.xxxxxxxXxxxx Xxx10/11/2023verifiedHigh
69XX.XX.XXX.XXXxxxx Xxx01/01/2024verifiedHigh
70XX.XX.XXX.XXXxxxx Xxx12/29/2023verifiedHigh
71XX.XXX.XXX.XXXxxxxxxxxx.xxxXxxxx Xxx02/22/2024verifiedHigh
72XX.XXX.XXX.Xx.xxx.xxx.xx.xxx.xxxxxxxx.xxXxxxx Xxx08/21/2021verifiedHigh
73XX.XX.XXX.XXxx.xxx.xx.xx.xxx.xxxxxxxx.xxXxxxx Xxx08/21/2021verifiedHigh
74XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx02/06/2022verifiedHigh
75XX.XXX.XX.XXXXxxxx Xxx04/01/2024verifiedHigh
76XX.XXX.XX.XXXxxxx Xxx02/09/2024verifiedHigh
77XX.XXX.XX.XXXxxxx Xxx02/16/2024verifiedHigh
78XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx10/09/2023verifiedHigh
79XX.XXX.XXX.XXXXxxxx Xxx04/22/2024verifiedHigh
80XX.XXX.XXX.Xxxxxxx.x.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx Xxx06/19/2021verifiedHigh
81XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xx.xxxxxxx.xxxXxxxx Xxx04/18/2021verifiedHigh
82XXX.XXX.XX.XXXXxxxx Xxx11/08/2023verifiedHigh
83XXX.XX.XXX.XXXxxxx.xxxxx.xxxxxxXxxxx Xxx02/04/2024verifiedHigh
84XXX.XXX.XXX.XXXXxxxx Xxx04/01/2024verifiedHigh
85XXX.XXX.XXX.XXXxxxx Xxx03/06/2024verifiedHigh
86XXX.XXX.XXX.XXXXxxxx Xxx03/01/2024verifiedHigh
87XXX.XXX.XXX.XXXXxxxx Xxx03/09/2024verifiedHigh
88XXX.XXX.XXX.XXXxxxxx-xxxxxxx.xxxxxxxxxxxx.xxxXxxxx Xxx11/22/2023verifiedHigh
89XXX.XXX.XXX.XXXxxxx Xxx06/17/2022verifiedHigh
90XXX.XXX.X.XXxxxx-xxx-xxx-x-xx.xxxxxxxxxx.xxxxx.xxxXxxxx Xxx04/12/2022verifiedHigh
91XXX.XX.XXX.XXXxxxx Xxx08/15/2021verifiedHigh
92XXX.XXX.XXX.XXXXxxxx Xxx11/15/2023verifiedHigh
93XXX.XXX.XXX.XXXxxxx Xxx09/21/2023verifiedHigh
94XXX.XXX.XX.XXXxxx-xxxxxxxxx-xxx.xx.xxx.xxx.xxxxxx.xxXxxxx Xxx02/18/2022verifiedHigh
95XXX.XXX.XX.XXXXxxxx Xxx02/12/2024verifiedHigh
96XXX.XX.XX.XXXxxx-xxx-xx-xx-xxx.xxx.xxxxxxxx.xxxXxxxx Xxx11/26/2023verifiedHigh
97XXX.XXX.XX.XXXXxxxx Xxx06/20/2021verifiedHigh
98XXX.XXX.XXX.XXXXxxxx Xxx02/08/2024verifiedHigh
99XXX.XXX.XX.XXXxxxxx.xx-xxx-xxx-xx.xxXxxxx Xxx05/27/2021verifiedHigh
100XXX.XXX.XX.XXXXxxxx Xxx09/15/2021verifiedHigh
101XXX.XXX.XX.XXxx-xxxx-xxxxx.xxxxxxxxxx.xxxXxxxx Xxx10/26/2023verifiedHigh
102XXX.XXX.XXX.XXXXxxxx Xxx01/12/2024verifiedHigh
103XXX.XX.XXX.XXXXxxxx Xxx04/23/2024verifiedHigh
104XXX.XXX.XXX.XXXxxxx Xxx11/26/2023verifiedHigh
105XXX.XXX.XXX.XXXxxxx Xxx03/13/2024verifiedHigh
106XXX.XXX.XXX.XXXXxxxx Xxx03/06/2023verifiedHigh
107XXX.XXX.X.XXXXxxxx Xxx10/25/2023verifiedHigh
108XXX.XX.XXX.XXXXxxxx Xxx04/30/2024verifiedHigh
109XXX.XXX.XXX.XXXxxxx Xxx01/28/2024verifiedHigh
110XXX.XXX.XXX.XXXxxxx Xxx05/16/2024verifiedHigh
111XXX.XXX.XX.XXxxxx Xxx04/24/2024verifiedHigh
112XXX.XXX.XXX.XXXxxxx Xxx03/09/2024verifiedHigh
113XXX.XXX.XXX.XXXxxxx Xxx12/28/2023verifiedHigh
114XXX.XXX.X.XXXXxxxx Xxx02/23/2024verifiedHigh
115XXX.XXX.XXX.XXXXxxxx Xxx12/31/2023verifiedHigh
116XXX.XXX.XXX.XXXXxxxx Xxx01/24/2024verifiedHigh
117XXX.XXX.XXX.XXXXxxxx Xxx11/02/2023verifiedHigh
118XXX.XXX.X.XXXXxxxx Xxx02/10/2024verifiedHigh
119XXX.XXX.XX.XXXxxxx Xxx02/12/2024verifiedHigh
120XXX.XXX.XXX.XXXXxxxx Xxx01/20/2024verifiedHigh
121XXX.XXX.XXX.XXXxxxx Xxx11/22/2023verifiedHigh
122XXX.XXX.XXX.XXXXxxxx Xxx02/26/2024verifiedHigh
123XXX.XXX.XXX.XXXxxxx Xxx11/05/2023verifiedHigh
124XXX.XXX.XXX.XXXXxxxx Xxx11/27/2023verifiedHigh
125XXX.XXX.XX.XXxxx.xxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxxx Xxx07/30/2021verifiedHigh
126XXX.X.XXX.XXXXxxxx Xxx11/05/2023verifiedHigh
127XXX.XX.XXX.XXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx Xxx10/09/2023verifiedHigh
128XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxx04/12/2024verifiedHigh
129XXX.XX.XXX.XXXxxxx-xxxx-xxxxxxxxxxx-xxx-xx-xxx-xx-xxx-xxx.xxx.xxxx.xxXxxxx Xxx03/06/2024verifiedHigh
130XXX.XX.XX.XXXxxx.xxxx.xxxXxxxx Xxx06/09/2021verifiedHigh
131XXX.XX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxx Xxx04/12/2024verifiedHigh
132XXX.XXX.XXX.XXXxxxx Xxx06/24/2021verifiedHigh
133XXX.XX.XXX.XXXxxxxxxxxxxxx.xxxXxxxx Xxx09/08/2022verifiedHigh
134XXX.XXX.XXX.XXXXxxxx Xxx05/13/2024verifiedHigh
135XXX.XX.XXX.XXXXxxxx Xxx11/09/2023verifiedHigh
136XXX.XX.XXX.XXXxxxx Xxx12/08/2023verifiedHigh
137XXX.XXX.XXX.XXXxxxx-xxxx-xxxxxxxxxxx-xxx-xx-xxx-xxx-xxx-xxx.xxx.xxxx.xxXxxxx Xxx03/03/2024verifiedHigh
138XXX.XXX.XX.XXXxx-xxxx.xxxxxxxxx.xxxXxxxx Xxx05/02/2021verifiedHigh
139XXX.XXX.XX.XXXxxxx Xxx09/10/2021verifiedHigh
140XXX.XXX.XX.XXXxxxx Xxx12/29/2023verifiedHigh
141XXX.XXX.X.XXXXxxxx Xxx10/09/2023verifiedHigh
142XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx03/05/2024verifiedHigh
143XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxx.xxXxxxx Xxx02/03/2024verifiedHigh
144XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx03/11/2024verifiedHigh
145XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxXxxxx Xxx02/05/2024verifiedHigh
146XXX.XX.XXX.XXxxx-xx-xxx-xx.xxxxxx.xxXxxxx Xxx10/14/2023verifiedHigh
147XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx01/24/2024verifiedHigh
148XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxx.xxXxxxx Xxx02/28/2024verifiedHigh
149XXX.XX.XXX.XXXXxxxx Xxx07/24/2021verifiedHigh
150XXX.XXX.XXX.XXXxxxx-xxxxxxx.xxxXxxxx Xxx01/11/2023verifiedHigh
151XXX.XXX.XXX.XXXXxxxx Xxx02/15/2023verifiedHigh
152XXX.XX.XXX.XXxxxxXxxxx Xxx12/29/2023verifiedHigh
153XXX.XX.XXX.XXXxxxx Xxx10/24/2023verifiedHigh
154XXX.XXX.XXX.XXXxxxx Xxx11/22/2022verifiedHigh
155XXX.XXX.XX.XXXXxxxx Xxx11/10/2023verifiedHigh
156XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxx.xx.xxXxxxx Xxx02/19/2024verifiedHigh
157XXX.XXX.XX.XXXXxxxx Xxx03/06/2024verifiedHigh
158XXX.XXX.XX.XXXXxxxx Xxx02/26/2024verifiedHigh
159XXX.XXX.XX.XXXXxxxx Xxx02/12/2024verifiedHigh
160XXX.XXX.XXX.XXXxxxx Xxx12/30/2023verifiedHigh
161XXX.XXX.XXX.XXXxxxx Xxx01/24/2024verifiedHigh
162XXX.XXX.XXX.XXXxxxx Xxx01/26/2024verifiedHigh
163XXX.XXX.XXX.XXXXxxxx Xxx05/13/2024verifiedHigh
164XXX.XXX.XXX.XXXXxxxx Xxx04/22/2024verifiedHigh
165XXX.XXX.XXX.XXXxxxx Xxx10/09/2023verifiedHigh
166XXX.XXX.XXX.XXXXxxxx Xxx09/06/2021verifiedHigh
167XXX.XX.XX.XXXXxxxx Xxx10/09/2023verifiedHigh
168XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxx.xxXxxxx Xxx12/28/2023verifiedHigh
169XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxx.xxXxxxx Xxx12/27/2023verifiedHigh
170XXX.XX.XXX.XXXXxxxx Xxx02/26/2023verifiedHigh
171XXX.XX.XXX.XXXXxxxx Xxx02/26/2023verifiedHigh
172XXX.XX.XXX.XXXXxxxx Xxx03/12/2023verifiedHigh
173XXX.XX.XXX.XXXXxxxx Xxx02/26/2023verifiedHigh
174XXX.X.XXX.Xxxxxxxxxxxxx.xxxxxxx.xxxXxxxx Xxx10/09/2023verifiedHigh
175XXX.XX.XXX.XXXxxxxxx-xxxxxxxxx-xxxxxx-xxx-xx-xxx-xxx.xxxxxx.xxx.xxXxxxx Xxx01/14/2024verifiedHigh
176XXX.XXX.XXX.XXxxxxxxxxxxxxx.xxxXxxxx Xxx03/03/2024verifiedHigh
177XXX.XXX.XXX.XXXXxxxx Xxx12/14/2023verifiedHigh
178XXX.XXX.XX.XXXXxxxx Xxx09/08/2021verifiedHigh
179XXX.XXX.XX.XXXxxxx Xxx02/10/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (271)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?Key=PhoneRequestAuthorizationpredictiveHigh
2File/admin/accesspredictiveHigh
3File/admin/index.htmlpredictiveHigh
4File/api/RecordingList/DownloadRecord?file=predictiveHigh
5File/apply.cgipredictiveMedium
6File/bin/loginpredictiveMedium
7File/configs/application.inipredictiveHigh
8File/etc/gsissh/sshd_configpredictiveHigh
9File/film-rating.phppredictiveHigh
10File/homepredictiveLow
11File/index.phppredictiveMedium
12File/librarian/bookdetails.phppredictiveHigh
13File/php/ping.phppredictiveHigh
14File/publicpredictiveLow
15File/rapi/read_urlpredictiveHigh
16File/scripts/unlock_tasks.phppredictiveHigh
17File/student/bookdetails.phppredictiveHigh
18File/SysInfo1.htmpredictiveHigh
19File/sysinfo_json.cgipredictiveHigh
20File/system/user/modules/mod_users/controller.phppredictiveHigh
21File/whbs/?page=manage_accountpredictiveHigh
22File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
23Fileaccount.asppredictiveMedium
24Fileadmin.phppredictiveMedium
25Fileadmin.php/comments/batchdel/predictiveHigh
26Fileadmin.php/User/del/ucode/predictiveHigh
27Fileadmin.php?c=a_adminuser&a=add&run=1predictiveHigh
28Fileadmin.php?m=Member&a=adminaddsavepredictiveHigh
29Fileadmin/?/layout/edit/1predictiveHigh
30Fileadmin/?/page/edit/1predictiveHigh
31Fileadmin/?/plugin/file_managerpredictiveHigh
32Fileadmin/?/snippet/edit/1predictiveHigh
33Fileadmin/establishment/manage.phppredictiveHigh
34Filexxxxx/xxxxx.xxx?x=xxxxxxxx&x=xxxxx&x=xxxxxxxx&xxxxxx=<?xxxpredictiveHigh
35Filexxxxx/xxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
36Filexxxxx/xxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
37Filexxxxx/xxxxx/xxxpredictiveHigh
38Filexxxxx/xxxxx/xxx/xxxpredictiveHigh
39Filexxxxx_xxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxxx/xxxx.xxxpredictiveHigh
42Filexxxxx/xxx_xxxx.xpredictiveHigh
43Filexx_xxxxx_xxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxx/xxxxxxxxxxx.xpredictiveHigh
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxx.xxxxx.xxxpredictiveHigh
48Filexxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxx/xxx.xpredictiveMedium
50Filexxx/xxxxxx/xx/xxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexxxxxx.xxx.xxxpredictiveHigh
52Filexxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
53Filexxxx/xxxxxxxx.xpredictiveHigh
54Filexxxx/xxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxx.xxx.xxxpredictiveHigh
56Filexxxxx/xxxxx.xxxpredictiveHigh
57Filexxxx_xxxxx.xxxpredictiveHigh
58Filexxxxx.xxxpredictiveMedium
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxx.xxxpredictiveMedium
61Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexxxxx_xxxxxxxx.xpredictiveHigh
65Filexxx/xxxx/xxxx.xpredictiveHigh
66Filexxx/xxxxxxxx/xxx_xxxxxxx.xpredictiveHigh
67Filexxxxx/xxx_xxx_xxxxxx_xxxx.xxpredictiveHigh
68Filexx/xxxx.xpredictiveMedium
69Filexx/xx-xx.xpredictiveMedium
70Filexxxxxxx.xxxpredictiveMedium
71Filexxx/xxxx_xxxx.xpredictiveHigh
72Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
73Filexxxxxx/xxxxxxxxxxxpredictiveHigh
74Filexxxx_xxxxxx.xpredictiveHigh
75Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
76Filexxxxxx.xxxpredictiveMedium
77Filexxxx.xxxpredictiveMedium
78Filexxxx/xxxxxxx.xpredictiveHigh
79Filexxxxxx/predictiveLow
80Filexxxxx_xxxxxx.xxxpredictiveHigh
81Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
82Filexxxxxxx.xxxpredictiveMedium
83Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
84Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
87Filexxxxx.xxx?xxx=xxxxxpredictiveHigh
88Filexxxxx.xxx?x=xxxxx&x=xxxx&x=xxx_xxxxpredictiveHigh
89Filexxxxx.xxx?x=xxx&x=xxxxx&x=xxxxxpredictiveHigh
90Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
91Filexxxxxxx.xxxpredictiveMedium
92Filexxxxxxx/xxxxxx-xxxxx.xxxpredictiveHigh
93Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
94Filexxxxxxx/xxxxxx.xxxpredictiveHigh
95Filexxxxxxxxxx.xxxpredictiveHigh
96Filexxxx_xxxx.xxxpredictiveHigh
97Filexxxx.xxxpredictiveMedium
98Filexxxxxx/xxxx_xxxxx.xpredictiveHigh
99Filexxxxxxx/xxx_xxxxxxxx.xpredictiveHigh
100Filexxxxx.xxxpredictiveMedium
101Filexxxxx.xxxpredictiveMedium
102Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
103Filexxxx/xxxxxxx_xxxx.xpredictiveHigh
104Filexxx/xxx.xxxpredictiveMedium
105Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
106Filexxx_xxxxxxxx.xxxpredictiveHigh
107Filexxxx-xxxxxx.xxxpredictiveHigh
108Filexxxxxxxx.xxxpredictiveMedium
109Filexxxxx.xxxpredictiveMedium
110Filexxxxxx/xxxxxxxx.xpredictiveHigh
111Filexxxxxxx-xxxxxxxx.xxpredictiveHigh
112Filexxxxxxxx.xxxpredictiveMedium
113Filexxxxxx/xxxxx_xxxxxxxx/xxxxxxx.xxxxpredictiveHigh
114Filexxxxx/xxxxxxx.xxxpredictiveHigh
115Filexxxxxxx.xxxpredictiveMedium
116Filexxxxx.xxxpredictiveMedium
117Filexxxxxx.xpredictiveMedium
118Filexxxx.xxxpredictiveMedium
119Filexxxxx.xxxpredictiveMedium
120Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
121Filexxxxxxx.xpredictiveMedium
122Filexxxxxxxx.xxxpredictiveMedium
123Filexxxxxxxx.xxxxpredictiveHigh
124Filexxxxxxxx.xxxpredictiveMedium
125Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
126Filexxxxxx.xxxpredictiveMedium
127Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
128Filexxxx.xxxpredictiveMedium
129Filexxxxx/xxxxx.xxxpredictiveHigh
130Filexxxxx.xxxpredictiveMedium
131Filexxxxx_xxxxx.xxxpredictiveHigh
132Filexxxxxxxx.xxxpredictiveMedium
133Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
134Filexxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxxpredictiveHigh
135Filexxxxx-xxxx.xxxpredictiveHigh
136Filexxxxxxx?xxxxxxpredictiveHigh
137Filexxxxxxxxx.xxxpredictiveHigh
138Filexxxxxx.xxxpredictiveMedium
139Filexxxxxxxxx.xxxpredictiveHigh
140Filexxxx/xxxxxx.xpredictiveHigh
141Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
142Filexxxx/xxxx.xpredictiveMedium
143Filexxxxx/xxx_xxxx_x.xpredictiveHigh
144Filexxxxx/xxx_xxxxxx.xpredictiveHigh
145Filexxxxx/xxx_xxxxxxx.xpredictiveHigh
146Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
147FilexxxxxxxxxxpredictiveMedium
148Filexxxxxxx.xxxpredictiveMedium
149Filexxxx_xxxx.xxxpredictiveHigh
150Filexxxx_xxxxxxx.xxxpredictiveHigh
151Filexxxxxxx/xxxxx.xxxpredictiveHigh
152Filexxx.xxxpredictiveLow
153Filexxxx-xxxxxx.xxxpredictiveHigh
154Filexxxx-x-xxxxxx.xxxpredictiveHigh
155Filexxx/xxxxxxx.xxxpredictiveHigh
156Filexxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
157Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxx-xxxxxxxpredictiveHigh
158Filexxxxxx.xxxpredictiveMedium
159Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
160Libraryxxx.xxxpredictiveLow
161Libraryxxx/xxxxx.xxxxx.xxxpredictiveHigh
162Libraryxxxxxxx_xxxxxx_xxxxxxxpredictiveHigh
163Libraryxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
164ArgumentxxxpredictiveLow
165ArgumentxxxxxxpredictiveLow
166ArgumentxxxxxpredictiveLow
167Argumentxxxxxxx_xxxxpredictiveMedium
168Argumentxxxxxx_xxxxpredictiveMedium
169ArgumentxxxxxxxxpredictiveMedium
170Argumentxxxx_xxxpredictiveMedium
171ArgumentxxxxpredictiveLow
172Argumentxxx_xxxpredictiveLow
173ArgumentxxxpredictiveLow
174ArgumentxxxxpredictiveLow
175Argumentxxx_xxpredictiveLow
176ArgumentxxxpredictiveLow
177ArgumentxxxpredictiveLow
178Argumentxxxx_xxpredictiveLow
179ArgumentxxxxxpredictiveLow
180ArgumentxxxxxxxpredictiveLow
181ArgumentxxxxxxpredictiveLow
182ArgumentxxxxxxxxxxpredictiveMedium
183Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
184Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
185ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
186ArgumentxxxxxpredictiveLow
187Argumentxxxxxxxx_xxxxpredictiveHigh
188Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
189Argumentxx_xxxxpredictiveLow
190Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
191Argumentxxxxxx_xxpredictiveMedium
192Argumentxxxx_xxxxxxxxpredictiveHigh
193ArgumentxxxxxpredictiveLow
194Argumentxxxxx[]predictiveLow
195Argumentxxxxx_xxxxxxxxxxpredictiveHigh
196ArgumentxxxxxpredictiveLow
197ArgumentxxxxxxxpredictiveLow
198ArgumentxxxxxxxxpredictiveMedium
199ArgumentxxxxxxpredictiveLow
200Argumentxx_xxxxpredictiveLow
201ArgumentxxxxxxxpredictiveLow
202ArgumentxxpredictiveLow
203ArgumentxxxxxxxxpredictiveMedium
204ArgumentxxxxpredictiveLow
205ArgumentxxxxpredictiveLow
206ArgumentxxpredictiveLow
207ArgumentxxpredictiveLow
208Argumentxxxxx/xxxxpredictiveMedium
209Argumentxxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxxpredictiveHigh
210ArgumentxxxxpredictiveLow
211ArgumentxxxxpredictiveLow
212Argumentxxxxxxxx[xx]predictiveMedium
213ArgumentxxxxxxxpredictiveLow
214ArgumentxxxxpredictiveLow
215Argumentxxxx_xxxxpredictiveMedium
216Argumentxxxxx_xxxxpredictiveMedium
217Argumentxxx_xxxxxxx_xxxpredictiveHigh
218Argumentxxxx/xxxxxxxxx/xxxxxx/xxxxxpredictiveHigh
219Argumentxxx_xxxxpredictiveMedium
220Argumentxx_xxxxxxxxpredictiveMedium
221Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
222Argumentxxx_xxxxpredictiveMedium
223Argumentxxxx/xxxxxxxxxxpredictiveHigh
224ArgumentxxxxxpredictiveLow
225ArgumentxxxxpredictiveLow
226ArgumentxxxxxpredictiveLow
227ArgumentxxxxxxxxpredictiveMedium
228Argumentxxxx_xx_xx_xxxpredictiveHigh
229Argumentxxxxx_xxxx_xxxxpredictiveHigh
230ArgumentxxxxxpredictiveLow
231ArgumentxxxxxxxxpredictiveMedium
232Argumentxxxxxxx_xxpredictiveMedium
233ArgumentxxxxxxxxxxxpredictiveMedium
234Argumentxxxxxxx/xxxxxpredictiveHigh
235Argumentxxxxxx xxxxxxxxxxxpredictiveHigh
236ArgumentxxxxxxxxpredictiveMedium
237ArgumentxxxxxxxxpredictiveMedium
238ArgumentxxxpredictiveLow
239ArgumentxxxxxxpredictiveLow
240Argumentxxxxxx_xxxpredictiveMedium
241ArgumentxxxpredictiveLow
242Argumentxxxx_xxpredictiveLow
243ArgumentxxxxxpredictiveLow
244Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
245ArgumentxxxxxxxxxxpredictiveMedium
246Argumentx_xxxx_xxpredictiveMedium
247ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
248Argumentxxxx_xxpredictiveLow
249ArgumentxxxpredictiveLow
250ArgumentxxxxpredictiveLow
251ArgumentxxxxxxxxpredictiveMedium
252Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
253Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
254Argumentxxxx/xx/xxxx/xxxpredictiveHigh
255ArgumentxxpredictiveLow
256Argumentxxxx->xxxxxxxpredictiveHigh
257Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
258Input Value'xx''='predictiveLow
259Input Value-xpredictiveLow
260Input Value.%xx.../.%xx.../predictiveHigh
261Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
262Input Valuexxxxxxxxx$$predictiveMedium
263Input Valuexxxxxxx -xxxpredictiveMedium
264Input ValuexxxxxxxxxxpredictiveMedium
265Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
266Network PortxxxxpredictiveLow
267Network PortxxxxpredictiveLow
268Network Portxxxx xxxxpredictiveMedium
269Network Portxxx/xxxpredictiveLow
270Network Portxxx/xxxxpredictiveMedium
271Network Portxxx/xxxxpredictiveMedium

References (67)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!