FF-Rat Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Curso de tempo

Idioma

en16
zh10

País

cn18
us6

Actores

FF-Rat2
Kuluoz1
PlugX1
Cobalt Strike1
UNC48411

Actividades

Interesse

Curso de tempo

Tipo

Not Defined8
Mail Server Software4
Firewall Software4
Cloud Software2
Application Server Software2

Fabricante

ONLYOFFICE6
Alt-N4
Not Defined4
Barracuda Networks2
Western Digital2

Produto

Alt-N MDaemon4
Barracuda Networks Barracuda Spam Firewall2
Western Digital My Cloud Cloud2
Western Digital Mirror Gen22
Western Digital EX2 Ultra2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Cisco Unity Connection direitos alargados8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00127CVE-2024-20272
2KeyCloak Password Reset direitos alargados6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00293CVE-2017-12161
3ONLYOFFICE Document Server FontFileBase.h Excesso de tampão5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00211CVE-2022-29777
4ONLYOFFICE Server User Name direitos alargados4.54.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00071CVE-2021-43448
5ONLYOFFICE Server Document Editor Service direitos alargados6.86.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00100CVE-2021-43449
6ONLYOFFICE Document Server Example editor Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00116CVE-2022-24229
7ONLYOFFICE Document Server WebSocket API Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00174CVE-2020-11537
8ONLYOFFICE Server Document Editor Fraca autenticação6.96.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00076CVE-2021-43447
9ONLYOFFICE Community Server UploadProgress.ashx direitos alargados8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00633CVE-2023-34939
10vsftpd deny_file vulnerabilidade desconhecida3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00312CVE-2015-1419
11Atlassian Confluence Server/Confluence Data Center Webwork OGNL direitos alargados6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.97448CVE-2021-26084
12PHPMailer Phar Deserialization addAttachment direitos alargados5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.150.00748CVE-2020-36326
13Squid Proxy HTTP Header Divulgação de Informação6.66.6$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00735CVE-2019-12529
14PHP com_print_typeinfo Excesso de tampão10.09.4$25k-$100k$0-$5kProof-of-ConceptNot Defined0.040.25603CVE-2012-2376
15Oracle WebLogic Server Console Remote Code Execution9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.97493CVE-2020-14882
16PbootCMS direitos alargados8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.04022CVE-2018-19595
17Microsoft Windows Win32k direitos alargados7.97.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00058CVE-2019-0623
18Western Digital PR4100 webfile_mgr.cgi direitos alargados7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01702CVE-2019-9949
19PHP Scripts Mall Professional Service Script review.php Injecção SQL8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00212CVE-2017-17928
20Alt-N MDaemon Worldclient direitos alargados7.37.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00000

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
159.188.16.147FF-Rat10/03/2022verifiedAlto
2XX.XX.XX.XXXxxx.xx.xx.xx.xxxxxx.xxxxxx.xxxxxxxx.xxxxxxx.xxxXx-xxx10/03/2022verifiedAlto
3XXX.XX.XXX.XXXXx-xxx10/03/2022verifiedAlto
4XXX.XX.XX.XXXx-xxx10/03/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/example/editorpredictiveAlto
2Fileadmin/review.phppredictiveAlto
3Filecgi-bin/webfile_mgr.cgipredictiveAlto
4Filexxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx.xpredictiveAlto
5Filexxx.xxpredictiveBaixo
6Filexxxxx.xxx/xxxx/x/predictiveAlto
7Filexxxxxxxxxxxxxx.xxxxpredictiveAlto
8Libraryxxxxxxxxxxx.xxxpredictiveAlto
9ArgumentxxxxxxxpredictiveBaixo
10ArgumentxxxxxpredictiveBaixo
11ArgumentxxpredictiveBaixo
12ArgumentxxxxpredictiveBaixo
13ArgumentxxxxxxxpredictiveBaixo
14ArgumentxxxxpredictiveBaixo
15Argumentxxxx->xxxxxxxpredictiveAlto
16Input Value<xxx xxx="xxxx://x"; xx xxxxxxx="$(’x').xxxx(’xxxxxx’)" />predictiveAlto
17Input Value{xxxxx:xx(xxxx($_xxx[x]))}x{/xxxxx:xx}predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!