Dacls RAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (108)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en104
ja4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us92
me12
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Dacls RAT7
Cobalt Strike5
Lazarus5
STRRAT3
Raccoon2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Operating System14
Not Defined14
Content Management System8
Programming Language Software4
Application Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft18
Not Defined12
LogicBoard2
Douzone2
JBoss2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
LMS Plugin2
PHP2
LogicBoard CMS2
Douzone NeoRS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1BD Totalys MultiProcessor hard-coded credentials8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
2Watchdog Anti-Virus IoControlCode wsdk-driver.sys 0x80002008 access control5.35.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000470.00CVE-2023-1453
3WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507
4Microsoft Windows HMAC Key Derivation Local Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.03CVE-2023-36400
5RARLabs WinRAR ZIP Archive Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.443730.04CVE-2023-38831
6Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001370.05CVE-2008-4879
7PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.03CVE-2015-4134
8LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.40
9phpMyAdmin Redirect url.php 7pk security7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.007640.06CVE-2015-7873
10Microsoft Windows Internet Shortcut File Remote Code Execution7.57.1$25k-$100k$5k-$25kHighOfficial Fix0.003630.03CVE-2024-21412
11Microsoft Windows MSHTML Platform Remote Code Execution7.97.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.015450.03CVE-2023-35628
12Microsoft Windows Common Log File System Driver Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001970.00CVE-2023-36424
13Twister Antivirus IoControlCode filmfd.sys 0x801120E4 access control6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.03CVE-2023-1007
14JBoss KeyCloak Incomplete Fix CVE-2020-10748 cross site scripting4.54.5$0-$5k$0-$5kNot DefinedNot Defined0.001140.02CVE-2023-6134
15LMS Plugin sql injection8.18.0$0-$5k$0-$5kNot DefinedNot Defined0.000800.05CVE-2022-45820
16CodeAstro Internet Banking System pages_system_settings.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.03CVE-2023-5694
17Gambio GX gv_mail.php sql injection4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000690.02CVE-2020-10982
18Microsoft Visual Studio Remote Code Execution6.15.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000530.05CVE-2023-36759
19PHP pdo_mysql buffer overflow7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007920.03CVE-2022-31626
20Microsoft SQL Server Privilege Escalation7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.012570.00CVE-2022-29143

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.125.125.5Dacls RAT12/17/2019verifiedHigh
223.81.246.179Dacls RAT12/17/2019verifiedHigh
323.227.196.11623-227-196-116.static.hvvc.usDacls RAT12/17/2019verifiedHigh
4XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxxx.xxxx.xxXxxxx Xxx12/17/2019verifiedHigh
5XX.XXX.XXX.XXXxxxx Xxx12/17/2019verifiedHigh
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxx.xxxx.xxXxxxx Xxx12/17/2019verifiedHigh
7XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxx Xxx12/17/2019verifiedHigh
8XX.XXX.XXX.XXXXxxxx Xxx12/17/2019verifiedHigh
9XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx Xxx12/17/2019verifiedHigh
10XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxxx Xxx12/17/2019verifiedHigh
11XXX.XXX.XXX.XXXxxxxx.xxxxxxxx.xxxXxxxx Xxx12/17/2019verifiedHigh
12XXX.XX.XXX.XXxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xxxXxxxx Xxx12/17/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/out.phppredictiveMedium
3File/uncpath/predictiveMedium
4Fileadclick.phppredictiveMedium
5Filexxxxx/xx_xxxx.xxxpredictiveHigh
6Filexxxx.xxxpredictiveMedium
7Filexxxx.xxxpredictiveMedium
8Filexxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
9Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
10Filexxxx.xxxpredictiveMedium
11Filexxxxxxxx.xxpredictiveMedium
12Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
13Filexxx.xxxpredictiveLow
14Libraryxxxxxx.xxxpredictiveMedium
15Libraryxxx_xxxxxxx.xxxpredictiveHigh
16Libraryxxxx-xxxxxx.xxxpredictiveHigh
17ArgumentxxxpredictiveLow
18ArgumentxxxxxxxxxpredictiveMedium
19ArgumentxxpredictiveLow
20ArgumentxxxxxxxxpredictiveMedium
21Argumentxxxxxxxx_xxxpredictiveMedium
22Argumentxxxx_xxxpredictiveMedium
23Argumentxxx_xxxxpredictiveMedium
24ArgumentxxxpredictiveLow
25Input Value<xxxxxx >xxxxx(xxx)</xxxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!