FireBird RAT 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

タイムライン

言語

en58
es6
pl2
it2
fr2

国・地域

us54
fr10
br2
ru2
cn2

アクター

FireBird RAT4
Loda1
Candiru1
RedLine Stealer1
Bashlite1

アクティビティ

関心

タイムライン

タイプ

Not Defined12
Content Management System10
Forum Software4
Blog Software2
Database Administration Software2

ベンダー

Not Defined18
Alcatel-Lucent2
Huawei2
Google2
Joomla2

製品

WordPress4
Alcatel-Lucent Voice Mail System2
Huawei AR32002
PHPWind2
Google Play services SDK play-services-basement2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2Fortinet FortiOS/FortiProxy FortiGate SSL-VPN メモリ破損9.89.6$25k-$100k$25k-$100kHighOfficial Fix0.154070.05CVE-2023-27997
3FileOrbis File Management System Privilege Escalation6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000960.02CVE-2022-3693
4SourceCodester Online Student Management System edit-class-detail.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.05CVE-2023-1099
5Joomla CMS com_easyblog SQLインジェクション6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.73
6Pacemaker 特権昇格6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020120.00CVE-2016-7797
7QNAP QTS 特権昇格8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.765130.03CVE-2017-6359
8Firebird udf Subsystem fbudf.so 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005540.05CVE-2017-6369
9ImageMagick PushQuantumPixel メモリ破損6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.010300.00CVE-2017-5508
10Huawei AR3200 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.017950.03CVE-2016-6206
11Stylish Text Ads advertise.php クロスサイトスクリプティング5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.022000.00CVE-2006-2508
12Google Play services SDK play-services-basement Privilege Escalation7.37.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001090.02CVE-2022-1799
13Ovidentia CMS index.php SQLインジェクション4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.07CVE-2021-29343
14Atlassian JIRA Server/Data Center Email Template Privilege Escalation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2021-43947
15nginx ngx_http_mp4_module 情報の漏洩5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845
16MediaWiki Special:GlobalRenameRequest サービス拒否5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000930.00CVE-2021-36125
17WordPress pluggable.php wp_validate_redirect Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001780.02CVE-2019-16220
18WordPress SQLインジェクション8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003750.00CVE-2017-14723
19DeDeCMS recommend.php SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.024880.00CVE-2017-17731
20Alcatel-Lucent Voice Mail System 弱い認証9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.008560.02CVE-2007-1822

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.206.227.37server.bataboom.betFireBird RAT2022年03月16日verified
234.211.234.228ec2-34-211-234-228.us-west-2.compute.amazonaws.comFireBird RAT2021年11月30日verified
3XX.XXX.XX.XXXXxxxxxxx Xxx2022年01月22日verified
4XX.XXX.XXX.XXxx-xxx-xxx-xx.xxx.xxxxxxxxxxx.xxXxxxxxxx Xxx2022年11月15日verified
5XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxxxx Xxx2022年08月15日verified
6XXX.XX.XX.XXXxxxxxxxx.xx-xxx-xx-xx.xxxXxxxxxxx Xxx2022年08月28日verified
7XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx Xxx2022年04月21日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CWE-35Path Traversalpredictive
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/dev/block/mmcblk0rpmbpredictive
2Fileadd_comment.phppredictive
3Fileadvertise.phppredictive
4Filecategory.cfmpredictive
5Filedata/gbconfiguration.datpredictive
6Filexxxxxx.xxxpredictive
7Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictive
8Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictive
9Filexxxxx.xxpredictive
10Filexxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxx/xxxxxxxxx.xxxpredictive
13Filexxxxxxxx.xxxpredictive
14Filexxxxxxx:xxxxxxxxxxxxxxxxxxxpredictive
15Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
16Libraryxxxxxxx/xxxx/xxx-xxx/xxx/xxxxxxx-xxxxxxxxxxx-*.xxxpredictive
17Argument$xxxxpredictive
18Argument$_xxxxxpredictive
19Argumentxxxpredictive
20Argumentxxx_xxpredictive
21Argumentxxxxxxpredictive
22Argumentxxxxxxxxxxxxpredictive
23Argumentxxxx_xxxxxxxxpredictive
24Argumentxxpredictive
25Argumentxxpredictive
26Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictive
27Argumentxxxx_xxpredictive
28Argumentxxxxxxxpredictive
29Argumentxxxpredictive
30Argumentxxxx->xxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!