FBot Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Idioma

en	16
es	2

País

us	6
ir	2
io	2

Actores

Moobot	1
Moobot_fbot_handymanny	1
Chthonic	1
FIN7	1
APT28	1

Interesar

Escribe

Not Defined	8
Web Server	2
Content Management System	2
Office Suite Software	2
File Transfer Software	2

Proveedor

Apache	2
SMC Networks	2
Huawei	2
Not Defined	2
TypeStack	2

Producto

Apache HTTP Server	2
SMC Networks D3G0804W	2
Huawei Anne-AL00	2
Huawei Berkeley-L09	2
Huawei CD16-10	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	TypeStack class-validator validate sql injection	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00163	0.02	CVE-2019-18413
2	Google Chrome WebView Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00107	0.00	CVE-2021-37990
3	Mozilla Firefox/Firefox ESR/Thunderbird IonMonkey JIT Compiler desbordamiento de búfer	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.09065	0.03	CVE-2019-9792
4	Fortinet FortiOS/FortiProxy Proxy Mode Remote Code Execution	9.8	8.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00233	0.07	CVE-2023-33308
5	Cisco NX-OS NX-API escalada de privilegios	7.8	7.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2019-1605
6	PHPList Subscription sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00152	0.04	CVE-2017-20032
7	PHPList Edit Subscription index.php sql injection	7.9	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00152	0.08	CVE-2017-20029
8	Huawei TC5200-16 divulgación de información	5.4	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00070	0.02	CVE-2020-9069
9	Microsoft Exchange Server Outlook Web Access vulnerabilidad desconocida	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00102	0.00	CVE-2019-0817
10	Microsoft Exchange Server Outlook Web Access escalada de privilegios	7.2	6.8	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00327	0.00	CVE-2017-11932
11	Microsoft Office Common Controls TabStrip ActiveX MSCOMCTL.OCX escalada de privilegios	9.6	8.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.93796	0.02	CVE-2012-1856
12	AuYou Wireless Smart Outlet Socket Remote Control Straisand autenticación débil	6.3	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
13	SMC Networks D3G0804W Network Diagnostic Tools formSetDiagnosticToolsFmPing escalada de privilegios	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01224	0.00	CVE-2020-8087
14	Apache HTTP Server ap_get_basic_auth_pw autenticación débil	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01399	0.04	CVE-2017-3167
15	WordPress Press This class-wp-press-this.php divulgación de información	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00527	0.02	CVE-2017-5610
16	Xlightftpd Xlight FTP Server directory traversal	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00407	0.02	CVE-2010-2695

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	89.248.174.219		FBot		2022-02-11	verified	Alto
2	XXX.XX.XXX.XX	xx.xxxxxx.xxxx	Xxxx		2022-02-11	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/lists/index.php	predictive	Alto
2	File	goform/formSetDiagnosticToolsFmPing	predictive	Alto
3	File	xxxxxxxx.xxx	predictive	Medio
4	File	xx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxx	predictive	Alto
5	Argument	xxxxxxxxxxxxxxxxxxx	predictive	Alto
6	Argument	xxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxx	predictive	Alto
7	Network Port	xx xxxxxxx xxx.xx.xx.xx	predictive	Alto

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!