CapraRAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
zh2
es2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us28
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

CapraRAT1
Crimson RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Web Server4
Content Management System4
Database Software2
Forum Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft4
D-Link4
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

OFCMS2
Microsoft IIS2
PHP MySQL Admin Panel Generator2
TikiWiki2
YaBB2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1h5ai unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.033150.00CVE-2015-3203
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.24CVE-2006-6168
3Advanced Guestbook index.php path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
4D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials9.89.6$5k-$25k$0-$5kHighWorkaround0.012740.31CVE-2024-3272
5SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.52CVE-2022-28959
6Login with Phone Number Plugin Setting cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2022-0598
7Microsoft Windows Remote Desktop Protocol information disclosure3.53.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2021-38631
8DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.74CVE-2010-0966
9Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information disclosure5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000450.77CVE-2024-4021
10D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.001090.02CVE-2013-3096
11Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.67
12PuneethReddyHC Event Management register.php sql injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.15CVE-2024-3432
13Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.87CVE-2020-15906
14LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.008210.03CVE-2007-0864
15YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
16Django Cache information disclosure3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004950.00CVE-2014-1418
17PHP MySQL Admin Panel Generator edit-db.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000580.02CVE-2022-28102
18Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.18CVE-2014-4078
19OFCMS uploadFile unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.04CVE-2019-9617
20jsoup HTML Parser/XML Parser infinite loop5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.006400.00CVE-2021-37714

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.102.136.180180.136.102.34.bc.googleusercontent.comCapraRAT03/17/2023verifiedMedium
2XX.XXX.XXX.XXXxxxxxxx03/17/2023verifiedHigh
3XXX.XXX.XX.XXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxx03/17/2023verifiedHigh
4XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxx.xxxXxxxxxxx03/17/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/backend/register.phppredictiveHigh
2File/cgi-bin/nas_sharing.cgipredictiveHigh
3File/edit-db.phppredictiveMedium
4File/xxxxxxxxxxxxx.xxpredictiveHigh
5File/xxxx.xxxpredictiveMedium
6Filexxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxxxxxx_xxxx.xxxpredictiveHigh
12Filexxxx-xxxxx.xxxpredictiveHigh
13Filexxxx-xxxxxxxx.xxxpredictiveHigh
14Filexxxx.xxpredictiveLow
15ArgumentxxxxxxxxpredictiveMedium
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxxxxxxpredictiveMedium
18Argumentxxxxx_xx/xxxx_xxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxpredictiveHigh
19ArgumentxxxxpredictiveLow
20ArgumentxxpredictiveLow
21ArgumentxxxxpredictiveLow
22ArgumentxxxxpredictiveLow
23Input Valuexxxx.xxx::$xxxxpredictiveHigh
24Input ValuexxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!