Sorillus RAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (62)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en36
de10
es6
ru4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us52
fr4
hu2
gb2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ave Maria2
AsyncRAT1
Revenge RAT1
NjRAT1
Remcos1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Web Server6
Programming Language Software6
Photo Gallery Software4
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Microsoft6
BitTorrent2
Gallarific2
IBM2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
BitTorrent uTorrent2
Gallarific PHP Photo Gallery script2
Microsoft Windows2
IBM Doors Web Access2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1All Enthusiast Inc Reviewpost Php Pro showproduct.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005010.00CVE-2004-2175
2PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002760.04CVE-2004-0250
3Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.30CVE-2014-4078
4OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.15CVE-2016-6210
5BitTorrent uTorrent Bencoding Parser input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.008670.04CVE-2020-8437
6MDaemon Webmail cross site scripting5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.02CVE-2019-8983
7Synology DiskStation Manager Change Password password recovery7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.03CVE-2018-8916
8Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.11CVE-2017-0055
9Apache HTTP Server mod_userdir HTTP Response Splitting crlf injection6.76.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.003990.05CVE-2016-4975
10PHP mysqli mysqli_fetch_assoc sql injection7.37.3$5k-$25k$0-$5kNot DefinedNot Defined0.001750.04CVE-2010-4700
11polkit pkexec access control8.88.6$0-$5k$0-$5kHighWorkaround0.000460.06CVE-2021-4034
12Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.04CVE-2022-27228
13Ab Stealer Web Panel cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
14e-Quick Cart shoptellafriend.asp sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
15Virtual Programming VP-ASP shopexd.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001450.03CVE-2003-0560
16e-Quick Cart shopprojectlogin.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
17PHP EXIF exif_process_IFD_in_TIFF memory corruption9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.028630.03CVE-2019-9641
18Todd Miller sudo sudoedit sudoers access control7.87.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000610.05CVE-2015-5602
19Tim Kosse FileZilla format string7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.033390.04CVE-2007-2318
20BusyBox Terminal lineedit.c add_match code injection7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005220.07CVE-2017-16544

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
179.134.225.85Sorillus RAT09/27/2022verifiedHigh
2XXX.XXX.XXX.XXXxxxxxxx Xxx07/19/2023verifiedHigh
3XXX.XX.XXX.XXXXxxxxxxx Xxx09/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/uncpath/predictiveMedium
3File/usr/bin/pkexecpredictiveHigh
4Filecat.phppredictiveLow
5Filexxxxxx.xxxpredictiveMedium
6Filexxxxxxxxxxx/xxxxx.xxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxx/xxxxxxxx.xpredictiveHigh
9Filexxx.xxpredictiveLow
10Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
11Filexxxx_xxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxx.xxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
18ArgumentxxxpredictiveLow
19ArgumentxxxxxpredictiveLow
20Argumentxxx_xxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxpredictiveLow
23Argumentxxxx_xxpredictiveLow
24ArgumentxxxxxpredictiveLow
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!