FBot Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Langue

en	16
es	2

De campagne

io	6
ir	4
us	2
at	2

Acteurs

Moobot	1
Moobot_fbot_handymanny	1
Chthonic	1
FIN7	1
APT28	1

Intérêt

Taper

Not Defined	4
Firewall Software	2
File Transfer Software	2
Web Browser	2
Router Operating System	2

Fournisseur

Not Defined	4
Fortinet	2
Xlightftpd	2
SMC Networks	2
Google	2

Produit

Fortinet FortiOS	2
Fortinet FortiProxy	2
Xlightftpd Xlight FTP Server	2
SMC Networks D3G0804W	2
Google Chrome	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	TypeStack class-validator validate sql injection	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00163	0.02	CVE-2019-18413
2	Google Chrome WebView Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00107	0.00	CVE-2021-37990
3	Mozilla Firefox/Firefox ESR/Thunderbird IonMonkey JIT Compiler buffer overflow	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.09096	0.03	CVE-2019-9792
4	Fortinet FortiOS/FortiProxy Proxy Mode Remote Code Execution	9.8	8.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00233	0.07	CVE-2023-33308
5	Cisco NX-OS NX-API elévation de privilèges	7.8	7.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.03	CVE-2019-1605
6	PHPList Subscription sql injection	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00152	0.04	CVE-2017-20032
7	PHPList Edit Subscription index.php sql injection	7.9	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00152	0.08	CVE-2017-20029
8	Huawei TC5200-16 divulgation de l'information	5.4	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00070	0.02	CVE-2020-9069
9	Microsoft Exchange Server Outlook Web Access vulnérabilité inconnue	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00102	0.00	CVE-2019-0817
10	Microsoft Exchange Server Outlook Web Access elévation de privilèges	7.2	6.8	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00327	0.00	CVE-2017-11932
11	Microsoft Office Common Controls TabStrip ActiveX MSCOMCTL.OCX elévation de privilèges	9.6	8.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.93796	0.02	CVE-2012-1856
12	AuYou Wireless Smart Outlet Socket Remote Control Straisand authentification faible	6.3	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
13	SMC Networks D3G0804W Network Diagnostic Tools formSetDiagnosticToolsFmPing elévation de privilèges	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01224	0.00	CVE-2020-8087
14	Apache HTTP Server ap_get_basic_auth_pw authentification faible	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01399	0.00	CVE-2017-3167
15	WordPress Press This class-wp-press-this.php divulgation de l'information	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00527	0.02	CVE-2017-5610
16	Xlightftpd Xlight FTP Server directory traversal	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00407	0.02	CVE-2010-2695

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	89.248.174.219		FBot		11/02/2022	verified	Élevé
2	XXX.XX.XXX.XX	xx.xxxxxx.xxxx	Xxxx		11/02/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Élevé
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/lists/index.php	predictive	Élevé
2	File	goform/formSetDiagnosticToolsFmPing	predictive	Élevé
3	File	xxxxxxxx.xxx	predictive	Moyen
4	File	xx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxx	predictive	Élevé
5	Argument	xxxxxxxxxxxxxxxxxxx	predictive	Élevé
6	Argument	xxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxx	predictive	Élevé
7	Network Port	xx xxxxxxx xxx.xx.xx.xx	predictive	Élevé

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!