Add RisePro

[corumir]

https://www.shodan.io/search?query=http.favicon.hash%3A350958836 Corroborating: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=services.software.product%3A+RisePro

Rise Pro: http.favicon.hash:350958836

[montysecurity]

I would be happy to add it, just trying to double check for fidelity. Please help me understand how you got from the Censys search to the Shodan favicon hash. What steps did you take?

[corumir]

My apologies. I got tired and took an easy route with the info I provided to show my work.

Pulled a list of RisePro hits from Censys. Realized the same IP Addresses were not flagged in Shodan. I cross correlated the IP ranges in Fofa:

• https://en.fofa.info/result?qbase64=YXBwPSJSaXNlUHJvIg%3D%3D Most of the hits I reviewed had Shodan crawls a few days prior to the discovered RisePro on Censys (example would be IP:77.91.77.65). RisePro would have the following attributes: "title": "Login — RisePro", "directory": [ ":8081/login", ":8081/libscripts.bundle.js" ] I wanted to use a favicon match, so I sought out examples in Github:
• https://github.com/noke6262/RisePro-Stealer/blob/beaf04d24b639da40c9f668fc956ece8d2150a34/README.md?plain=1#L4 Fofa gave a the Favicon match, which made sense to the images as well as the few instances I could navigate to directly via UrlScan. Example:
• https://urlscan.io/result/cc9dc2c3-4ccc-4f75-a2b3-99bcfe32b725/

To tighten this down, I would likely flag it with the tag:c2 in Shodan to make sure and only get the most correct hits.

[montysecurity]

Thanks for the breakdown! I did some more some research on that favicon and it does not appear to be unique to RisePro so I am electing not to use it here. However the HTTP server response is unique so I added the following to the tracker. I will still credit you for bringing this tool to my attention. Thank you!

Reference: https://news.kaduu.io/blog/2023/07/27/fraudgpt-the-latest-ai-tool-for-sophisticated-cyber-attacks/

Shodan Search --- 'Server: RisePro'