FFDroider تحليل

IOB - Indicator of Behavior (45)

التسلسل الزمني

اللغة

en40
ru6

البلد

us24
ru16
ar6

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Linux Kernel4
Portainer2
HTTP22
Red Hat rpcbind2
nginx2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1PHP UTF-32LE Encoding mb_strtolower تلف الذاكرة7.37.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00495CVE-2020-7065
2Moment.js اجتياز الدليل6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00330CVE-2022-24785
3Actian Zen PSQL تجاوز الصلاحيات7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00093CVE-2022-40756
4Supermicro X10DRH-iT Web Interface config_user.cgi طلب تزوير مشترك7.06.7$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00341CVE-2020-15046
5cloud-init cc_set_passwords.py rand_user_password Policy الكشف عن المعلومات4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.290.00045CVE-2020-8632
6PHP PHAR phar_dir_read تلف الذاكرة8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00126CVE-2023-3824
7Rexroth Nexo Cordless Nutrunner توثيق ضعيف8.78.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00141CVE-2023-48250
8Lanner IAC-AST2500A spx_restservice KillDupUsr_func تلف الذاكرة9.99.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00227CVE-2021-26728
9VMware vCenter Server الكشف عن المعلومات4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00043CVE-2023-34056
10Red Hat rpcbind libtirpc svc_dg_getargs الحرمان من الخدمة7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.17112CVE-2013-1950
11PHP cgi_main.c تجاوز الصلاحيات7.36.6$25k-$100k$0-$5kHighOfficial Fix0.020.97411CVE-2012-1823
12chart.js Options Parameter تجاوز الصلاحيات5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01807CVE-2020-7746
13Yii Yii2 Gii سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00056CVE-2022-34297
14DataTables Plugin 6776.php سكربتات مشتركة4.34.3$0-$5kجاري الحسابNot DefinedNot Defined0.020.00214CVE-2015-6584
15Yii Framework runAction حقن إس كيو إل6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00165CVE-2023-26750
16Portainer تجاوز الصلاحيات8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01314CVE-2020-24264
17Apache HTTP Server mod_session تلف الذاكرة7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.73777CVE-2021-26691
18Best Practical Request Tracker Ticket Search Redirect5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2022-25803
19Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget تجاوز الصلاحيات5.75.7$0-$5kجاري الحسابNot DefinedOfficial Fix0.070.00074CVE-2021-24914
20Atlassian JIRA Server/Data Center Email Template Privilege Escalation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00181CVE-2021-43947

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
1152.32.228.19FFDroider29/07/2022verifiedعالي
2XXX.X.XXX.XXxxxx-xxxxx.xxxXxxxxxxxx29/07/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/var/log/nginxpredictiveعالي
2Filecgi/config_user.cgipredictiveعالي
3Filecloudinit/config/cc_set_passwords.pypredictiveعالي
4Filexxx_xxxxxx.xpredictiveمتوسط
5Filexxxxx.xxxpredictiveمتوسط
6Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveعالي
7Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveعالي
8Filexxxx/xxx/xxx_xxxx.xpredictiveعالي
9Libraryxxxxxxxxpredictiveمتوسط
10Argument$_xxxxxx['xxxxx_xxxxxx']predictiveعالي
11Argumentxxpredictiveواطئ
12Argumentxxxpredictiveواطئ
13Argumentxxxxxpredictiveواطئ
14Argumentxxxxxxxpredictiveواطئ
15Argumentxxpredictiveواطئ
16Input Value-xpredictiveواطئ
17Network Portxxx/xx (xxx xxxxxxxx)predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!