Horabot 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

タイムライン

言語

en36
zh6
es2
ru2

国・地域

us24
cn8
ru8
gb4
io2

アクター

Horabot5
IcedID2
Cobalt Strike2
BianLian1
BumbleBee1

アクティビティ

関心

タイムライン

タイプ

Not Defined18
Web Server6
Content Management System4
Mail Client Software2
Hosting Control Software2

ベンダー

Not Defined28
SourceCodester2
Plesk2
Telligent Systems2
Virtual Programming2

製品

nginx6
Flamingo4
WordPress2
SourceCodester Online Student Admission System2
RoundCube2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1RoundCube DBMail Driver 特権昇格8.88.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003090.01CVE-2015-2180
2phpMyAdmin Privileges.php SQLインジェクション7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.05CVE-2020-10804
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4Fortinet FortiWeb add Reflected クロスサイトスクリプティング4.34.1$0-$5k$0-$5kHighOfficial Fix0.003130.00CVE-2013-7181
5Systemsoftware Erotik Auktionshaus news.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001140.02CVE-2010-0720
6YourFreeWorld Blog Blaster Script tr.php SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.00CVE-2008-4883
7jshERP doFilter 特権昇格5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000490.03CVE-2023-48894
8KD Coming Soon Plugin 特権昇格7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-46615
9MediaTek EN7528/EN7580 Boa 特権昇格8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.02CVE-2022-32665
10RoundCube Webmail rcube_plugin_api.php ディレクトリトラバーサル8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
11Telligent Systems Zimbra Collaboration Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.007580.02CVE-2013-7217
12RoundCube SQLインジェクション6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.005940.05CVE-2021-44026
13Joomla CMS LDAP Authentication Password 特権昇格7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010390.04CVE-2017-14596
14NextGEN Gallery 未知の脆弱性5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.02CVE-2020-35943
15WordPress get_the_generator クロスサイトスクリプティング5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004510.00CVE-2018-10102
16OneWorldStore owProductDetail.asp SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004670.02CVE-2005-1161
17Virtual Programming VP-ASP shopcurrency.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.006700.04CVE-2006-2263
18Postfix 特権昇格7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.011380.03CVE-2011-0411
19Flamingo updateUserInfoInDb SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001980.02CVE-2020-35243
20Flamingo addUser SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001980.00CVE-2020-35245

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
151.38.235.152vps-25cc9838.vps.ovh.netHorabot2023年06月02日verified
2137.220.53.87137.220.53.87.vultrusercontent.comHorabot2023年06月02日verified
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx2023年06月02日verified
4XXX.XX.XXX.XXXXxxxxxx2023年06月02日verified
5XXX.XXX.X.XXXXxxxxxx2023年06月02日verified
6XXX.XX.XX.XXxxxxxxxx.xxxXxxxxxx2023年06月02日verified
7XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx2023年06月02日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXXCAPEC-242CWE-XX, CWE-XXXXXxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/about.phppredictive
2File/uncpath/predictive
3File/user/ldap_user/addpredictive
4Fileabook_database.phppredictive
5Filexxxxx/xxxxxxxx/xxxxxxxx/xxxxx/xxxxxxx/xxxx/xxx/xxxxxxxxxxxxpredictive
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
7Filexxxx-xxxxxxx.xxxpredictive
8Filexxxxx.xxxxpredictive
9Filexxxxx.xxxpredictive
10Filexxxx_xxxx.xxxpredictive
11Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
12Filexxxx.xxxpredictive
13Filexxxxxxxxxxxxxxx.xxxpredictive
14Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
15Filexxxxx_xxxxxx_xxx.xxxpredictive
16Filexxxxxxxxxxxx.xxxpredictive
17Filexx.xxxpredictive
18Argumentxxxxxxxpredictive
19Argumentxxxpredictive
20Argumentxxxx_xxpredictive
21Argumentxxxxxxxxxxxxxxxxpredictive
22Argumentxxpredictive
23Argumentxxpredictive
24Argumentxxxxxxxxxpredictive
25Argumentxxxxpredictive
26Argumentxxxxxpredictive
27Argumentxxxxxxxxpredictive
28Argumentxxxxxx/xxxxxx_xxxxxxpredictive
29Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!