FFDroider Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Cronología

Idioma

en44
ru2

País

us34
ar6
ru6

Actores

Unknown1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined20
Programming Language Software4
Hosting Control Software4
JavaScript Library2
Chat Software2

Proveedor

Not Defined24
Rexroth2
Actian2
Red Hat2
Linux2

Producto

PHP4
cPanel4
Rexroth Nexo Cordless Nutrunner2
Rexroth Nexo Special Cordless Nutrunner2
Actian Zen PSQL2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1PHP UTF-32LE Encoding mb_strtolower desbordamiento de búfer7.37.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004950.04CVE-2020-7065
2Moment.js directory traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.04CVE-2022-24785
3Actian Zen PSQL escalada de privilegios7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.00CVE-2022-40756
4Supermicro X10DRH-iT Web Interface config_user.cgi cross site request forgery7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004750.00CVE-2020-15046
5cloud-init cc_set_passwords.py rand_user_password Policy divulgación de información4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.03CVE-2020-8632
6PHP PHAR phar_dir_read desbordamiento de búfer8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001260.05CVE-2023-3824
7Rexroth Nexo Cordless Nutrunner autenticación débil8.78.7$0-$5k$0-$5kNot DefinedNot Defined0.001410.00CVE-2023-48250
8Lanner IAC-AST2500A spx_restservice KillDupUsr_func desbordamiento de búfer9.99.8$0-$5k$0-$5kNot DefinedNot Defined0.002390.03CVE-2021-26728
9VMware vCenter Server divulgación de información4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2023-34056
10Red Hat rpcbind libtirpc svc_dg_getargs denegación de servicio7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.171120.00CVE-2013-1950
11PHP cgi_main.c escalada de privilegios7.36.6$25k-$100k$0-$5kHighOfficial Fix0.973630.00CVE-2012-1823
12chart.js Options Parameter escalada de privilegios5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.018070.02CVE-2020-7746
13Yii Yii2 Gii cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000560.03CVE-2022-34297
14DataTables Plugin 6776.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002140.00CVE-2015-6584
15Yii Framework runAction sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003640.04CVE-2023-26750
16Portainer escalada de privilegios8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.013140.02CVE-2020-24264
17Apache HTTP Server mod_session desbordamiento de búfer7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.689380.00CVE-2021-26691
18Best Practical Request Tracker Ticket Search Redirect5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.03CVE-2022-25803
19Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget escalada de privilegios5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.08CVE-2021-24914
20Atlassian JIRA Server/Data Center Email Template Privilege Escalation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.03CVE-2021-43947

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
1152.32.228.19FFDroider2022-07-29verifiedAlto
2XXX.X.XXX.XXxxxx-xxxxx.xxxXxxxxxxxx2022-07-29verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/var/log/nginxpredictiveAlto
2Filecgi/config_user.cgipredictiveAlto
3Filecloudinit/config/cc_set_passwords.pypredictiveAlto
4Filexxx_xxxxxx.xpredictiveMedio
5Filexxxxx.xxxpredictiveMedio
6Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveAlto
7Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveAlto
8Filexxxx/xxx/xxx_xxxx.xpredictiveAlto
9LibraryxxxxxxxxpredictiveMedio
10Argument$_xxxxxx['xxxxx_xxxxxx']predictiveAlto
11ArgumentxxpredictiveBajo
12ArgumentxxxpredictiveBajo
13ArgumentxxxxxpredictiveBajo
14ArgumentxxxxxxxpredictiveBajo
15ArgumentxxpredictiveBajo
16Input Value-xpredictiveBajo
17Network Portxxx/xx (xxx xxxxxxxx)predictiveAlto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!