FireBird RAT Analysisinfo

IOB - Indicator of Behavior (73)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en60
es6
de4
pl2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
My Little Forum2
Thomas R. Pasawicz HyperBook Guestbook2
MediaWiki2
Huawei AR32002

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.021470.00CVE-2007-1192
2Apache HTTP Server ap_strcmp_match integer overflow7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.014720.07CVE-2022-28615
3Fortinet FortiOS/FortiProxy FortiGate SSL-VPN heap-based overflow9.89.7$100k and more$25k-$100kHighOfficial Fix0.105970.03CVE-2023-27997
4FileOrbis File Management System path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.04CVE-2022-3693
5SourceCodester Online Student Management System edit-class-detail.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001730.05CVE-2023-1099
6Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.24
7Pacemaker 7pk security6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.022700.00CVE-2016-7797
8QNAP QTS command injection8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.650560.00CVE-2017-6359
9Firebird udf Subsystem fbudf.so access control7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005540.00CVE-2017-6369
10ImageMagick PushQuantumPixel memory corruption6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.012630.00CVE-2017-5508
11Huawei AR3200 input validation8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.017950.00CVE-2016-6206
12Stylish Text Ads advertise.php cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.022000.00CVE-2006-2508
13Google Play services SDK play-services-basement trust boundary violation7.37.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001090.00CVE-2022-1799
14Ovidentia CMS index.php sql injection4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.00CVE-2021-29343
15Atlassian JIRA Server/Data Center Email Template Privilege Escalation6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.03CVE-2021-43947
16nginx ngx_http_mp4_module information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845
17MediaWiki Special:GlobalRenameRequest infinite loop5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000930.00CVE-2021-36125
18WordPress pluggable.php wp_validate_redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.002510.00CVE-2019-16220
19WordPress sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003750.05CVE-2017-14723
20DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.190180.07CVE-2017-17731

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.206.227.37server.bataboom.betFireBird RAT03/16/2022verifiedMedium
234.211.234.228ec2-34-211-234-228.us-west-2.compute.amazonaws.comFireBird RAT11/30/2021verifiedLow
3XX.XXX.XX.XXXXxxxxxxx Xxx01/22/2022verifiedMedium
4XX.XXX.XXX.XXxx-xxx-xxx-xx.xxx.xxxxxxxxxxx.xxXxxxxxxx Xxx11/15/2022verifiedLow
5XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxxxx Xxx08/15/2022verifiedMedium
6XXX.XX.XX.XXXxxxxxxxx.xx-xxx-xx-xx.xxxXxxxxxxx Xxx08/28/2022verifiedMedium
7XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx Xxx04/21/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/dev/block/mmcblk0rpmbpredictiveHigh
2Fileadd_comment.phppredictiveHigh
3Fileadvertise.phppredictiveHigh
4Filecategory.cfmpredictiveMedium
5Filedata/gbconfiguration.datpredictiveHigh
6Filexxxxxx.xxxpredictiveMedium
7Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
8Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
9Filexxxxx.xxpredictiveMedium
10Filexxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxxx/xxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxxxx:xxxxxxxxxxxxxxxxxxxpredictiveHigh
15Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
16Libraryxxxxxxx/xxxx/xxx-xxx/xxx/xxxxxxx-xxxxxxxxxxx-*.xxxpredictiveHigh
17Argument$xxxxpredictiveLow
18Argument$_xxxxxpredictiveLow
19ArgumentxxxpredictiveLow
20Argumentxxx_xxpredictiveLow
21ArgumentxxxxxxpredictiveLow
22ArgumentxxxxxxxxxxxxpredictiveMedium
23Argumentxxxx_xxxxxxxxpredictiveHigh
24ArgumentxxpredictiveLow
25ArgumentxxpredictiveLow
26Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
27Argumentxxxx_xxpredictiveLow
28ArgumentxxxxxxxpredictiveLow
29ArgumentxxxpredictiveLow
30Argumentxxxx->xxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!