Parallax RAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (223)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en128
zh24
ko16
ru10
pl8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us32
pt10
ru8
pl8
sv8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Remcos3
DarkGate2
Parallax RAT2
BitRAT1
Quasar RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined96
Web Browser12
Smartphone Operating System10
Operating System10
WordPress Plugin10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined68
Microsoft10
Google10
Mozilla10
Qualcomm6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Chained Quiz Plugin6
Qualcomm Snapdragon Auto6
Google Chrome6
cmseasy6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1CmsEasy language_admin.php getslide_child_action sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2024-0523
2cmseasy cleartext transmission5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000590.02CVE-2020-18406
3cmseasy Database Configuration information disclosure5.04.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.00CVE-2021-42644
4RoundCube Webmail Config Setting rcube_image.php argument injection8.58.4$0-$5k$0-$5kHighOfficial Fix0.123110.04CVE-2020-12641
5Hitachi Energy UNEM R16A inadequate encryption6.76.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001270.00CVE-2021-40342
6Artifex MuJS jsdate.c MakeDay integer overflow6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001330.00CVE-2017-5628
7Centreon Poller sql injection4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001700.00CVE-2022-41142
8Compuware ISPW Operations Plugin Configuration authorization3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2022-36898
9openSIS Community Edition index.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020670.05CVE-2020-6637
10marscode index.js fs.readFile path traversal7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.005030.03CVE-2020-7681
11CmsEasy cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001250.00CVE-2018-11679
12cmseasy unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000830.04CVE-2021-42643
13CmsEasy template_admin.php denial of service3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-25828
14Proxmox Virtual Environment/Mail Gateway HTTP Request server-side request forgery8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2022-35508
15WangEditor index.js cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.05CVE-2023-24251
16ThinkPHP index.php Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.003890.00CVE-2021-44892
17MetInfo Administrator List cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000940.00CVE-2022-44849
18RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.005330.04CVE-2020-35730
19Qualcomm WSA8835 Boot stack-based overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-40517
20eprintsug ulcc-core toolbox command injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.04CVE-2021-4304

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.68.94Parallax RAT02/06/2022verifiedHigh
2XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxxx Xxx07/18/2021verifiedHigh
3XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxxx Xxx11/10/2021verifiedHigh
4XXX.XXX.XXX.XXXXxxxxxxx Xxx02/16/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-36Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/action/ipcamSetParamPostpredictiveHigh
2File/admin/?page=orders/view_orderpredictiveHigh
3File/admin/add_exercises.phppredictiveHigh
4File/admin/baojia_list.phppredictiveHigh
5File/adminui/history_log.phppredictiveHigh
6File/ajax/remove_sniffer_raw_log/predictiveHigh
7File/bin/httpdpredictiveMedium
8File/dist/index.jspredictiveHigh
9File/goform/AddSysLogRulepredictiveHigh
10File/goform/delDhcpRules/predictiveHigh
11File/goform/SysToolRebootpredictiveHigh
12File/x/xxxxxx?xxxxxxpredictiveHigh
13File/xxxxx/xxxx/xx.xxxpredictiveHigh
14File/xxxxx.xxx?xxxx=xxxxx&xxx=xxx&xxxxx=xxxxxxx&xxxxx_xxx=xxxxxpredictiveHigh
15File/xxxxx.xxx?xxxxxx=xxxxxxxx/xxxxxxxxpredictiveHigh
16File/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxxxx/xxxxxx.xxxpredictiveHigh
21Filexxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxx/xxxxxxx/xxxxxxxxpredictiveHigh
23Filexx_xxxxx_xxxxx.xxxpredictiveHigh
24Filexxxxxxxx/xxxxx.xxxpredictiveHigh
25Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
26Filexxxxxxxxxxx_xxxxpredictiveHigh
27Filexxxxxx.xxpredictiveMedium
28Filexxxx_xxxx.xpredictiveMedium
29Filexxxxxxx/xxxxx/xxx-xxxx/xxx_xxx.xpredictiveHigh
30Filexxxx-xxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxx.xxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxx.xpredictiveMedium
37Filexx/xxx.xpredictiveMedium
38Filexxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
39Filexxx.xxxpredictiveLow
40Filexxxx-xxx.xxxpredictiveMedium
41Filexxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxx_xxxxx.xxxpredictiveHigh
43Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxpredictiveMedium
45Filexxxxxx.xxxpredictiveMedium
46Filexxxxxxx.xxpredictiveMedium
47Filexxxxxx.xxxpredictiveMedium
48Filexxx_xxxxxxxx.xxxpredictiveHigh
49Filexxx/xxxxxxxxx/xxxxx/xxxxxxx/predictiveHigh
50Filexxx/xxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
51Filexx-xxxxxxxxx.xxxpredictiveHigh
52Libraryxxx/xxxxx/xxxxxxxx_xxxxx.xxxpredictiveHigh
53Libraryxxx/xxxxx/xxxxxxxx_xxxxx.xxxpredictiveHigh
54Libraryxxx/xxxxxxx/xxx.xxpredictiveHigh
55Argumentxxx_xxxpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxxx_xxxpredictiveMedium
58ArgumentxxxxpredictiveLow
59ArgumentxxxxpredictiveLow
60Argumentxxxxxx_xxxxxxxxpredictiveHigh
61Argumentxxxx_xxxpredictiveMedium
62Argumentxxxxx/xxxxx/xxxxxxpredictiveHigh
63Argumentxxxxxxxx_xxxxxpredictiveHigh
64Argumentxxxx/xxpredictiveLow
65ArgumentxxxxpredictiveLow
66ArgumentxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68Argumentxxxxx_xxxxpredictiveMedium
69ArgumentxxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxpredictiveLow
73Argumentxxxxx_xxxx_xxxxpredictiveHigh
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxxxxxpredictiveMedium
76ArgumentxxxpredictiveLow
77ArgumentxxxxxxxxxxxxxxpredictiveHigh
78Argumentxx_xxpredictiveLow
79Argumentxxxx_xxxxpredictiveMedium
80ArgumentxxxpredictiveLow
81Argumentxxxx-xxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxxxxxx/xxxxpredictiveHigh
85Argumentxxxx_xxpredictiveLow
86Argumentxxxxx[_xxxxxxxx]predictiveHigh
87ArgumentxxxxxxxxxxxxxpredictiveHigh
88Input Value%xxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!