Horabot Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Curso de tempo

Idioma

en40
ru4
zh2

País

us26
ru8
cn6
io4
gb2

Actores

Horabot5
Cobalt Strike2
IcedID2
BianLian1
BumbleBee1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined20
Web Server6
Mail Client Software6
Content Management System4
Firewall Software2

Fabricante

Not Defined22
Fortinet4
Dream42
Thomas R. Pasawicz2
SourceCodester2

Produto

Flamingo4
nginx4
RoundCube4
Dream4 Koobi CMS2
Fortinet FortiOS2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1RoundCube DBMail Driver direitos alargados8.88.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003090.01CVE-2015-2180
2phpMyAdmin Privileges.php Injecção SQL7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.05CVE-2020-10804
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25kCalculadoHighWorkaround0.020160.00CVE-2007-1192
4Fortinet FortiWeb add Reflected Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kHighOfficial Fix0.003130.00CVE-2013-7181
5Systemsoftware Erotik Auktionshaus news.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.001140.00CVE-2010-0720
6YourFreeWorld Blog Blaster Script tr.php Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.00CVE-2008-4883
7jshERP doFilter direitos alargados5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000490.03CVE-2023-48894
8KD Coming Soon Plugin direitos alargados7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-46615
9MediaTek EN7528/EN7580 Boa direitos alargados8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.03CVE-2022-32665
10RoundCube Webmail rcube_plugin_api.php Directório Traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
11Telligent Systems Zimbra Collaboration Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.007580.04CVE-2013-7217
12RoundCube Injecção SQL6.36.0$0-$5k$0-$5kHighOfficial Fix0.005960.05CVE-2021-44026
13Joomla CMS LDAP Authentication Password direitos alargados7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010390.04CVE-2017-14596
14NextGEN Gallery Falsificação de Pedido Cross Site5.04.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.02CVE-2020-35943
15WordPress get_the_generator Roteiro Cruzado de Sítios5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004510.00CVE-2018-10102
16OneWorldStore owProductDetail.asp Injecção SQL6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004670.00CVE-2005-1161
17Virtual Programming VP-ASP shopcurrency.asp Injecção SQL7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.006700.03CVE-2006-2263
18Postfix direitos alargados7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.011380.03CVE-2011-0411
19Flamingo updateUserInfoInDb Injecção SQL6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002120.02CVE-2020-35243
20Flamingo addUser Injecção SQL6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002120.00CVE-2020-35245

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
151.38.235.152vps-25cc9838.vps.ovh.netHorabot02/06/2023verifiedAlto
2137.220.53.87137.220.53.87.vultrusercontent.comHorabot02/06/2023verifiedAlto
3XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxx02/06/2023verifiedAlto
4XXX.XX.XXX.XXXXxxxxxx02/06/2023verifiedAlto
5XXX.XXX.X.XXXXxxxxxx02/06/2023verifiedAlto
6XXX.XX.XX.XXxxxxxxxx.xxxXxxxxxx02/06/2023verifiedAlto
7XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxx02/06/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCAPEC-242CWE-XX, CWE-XXXXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/about.phppredictiveMédio
2File/uncpath/predictiveMédio
3File/user/ldap_user/addpredictiveAlto
4Fileabook_database.phppredictiveAlto
5Filexxxxx/xxxxxxxx/xxxxxxxx/xxxxx/xxxxxxx/xxxx/xxx/xxxxxxxxxxxxpredictiveAlto
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxx-xxxxxxx.xxxpredictiveAlto
8Filexxxxx.xxxxpredictiveMédio
9Filexxxxx.xxxpredictiveMédio
10Filexxxx_xxxx.xxxpredictiveAlto
11Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveAlto
12Filexxxx.xxxpredictiveMédio
13Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
14Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveAlto
15Filexxxxx_xxxxxx_xxx.xxxpredictiveAlto
16Filexxxxxxxxxxxx.xxxpredictiveAlto
17Filexx.xxxpredictiveBaixo
18ArgumentxxxxxxxpredictiveBaixo
19ArgumentxxxpredictiveBaixo
20Argumentxxxx_xxpredictiveBaixo
21ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
22ArgumentxxpredictiveBaixo
23ArgumentxxpredictiveBaixo
24ArgumentxxxxxxxxxpredictiveMédio
25ArgumentxxxxpredictiveBaixo
26ArgumentxxxxxpredictiveBaixo
27ArgumentxxxxxxxxpredictiveMédio
28Argumentxxxxxx/xxxxxx_xxxxxxpredictiveAlto
29Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!