FBot Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (18)

Язык

en	16
es	2

Страна

us	8
io	4
ir	2
at	2

Акторы

Moobot	1
Moobot_fbot_handymanny	1
Chthonic	1
FIN7	1
APT28	1

Интерес

Тип

Not Defined	6
Router Operating System	2
Web Browser	2
Mailing List Software	2
Content Management System	2

Поставщик

Not Defined	4
Cisco	2
Google	2
Huawei	2
SMC Networks	2

Продукт

Cisco NX-OS	2
Google Chrome	2
Huawei Anne-AL00	2
Huawei Berkeley-L09	2
Huawei CD16-10	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	TypeStack class-validator validate sql-инъекция	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00163	CVE-2019-18413
2	Google Chrome WebView Remote Code Execution	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00107	CVE-2021-37990
3	Mozilla Firefox/Firefox ESR/Thunderbird IonMonkey JIT Compiler повреждение памяти	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.12285	CVE-2019-9792
4	Fortinet FortiOS/FortiProxy Proxy Mode Remote Code Execution	9.8	8.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.07	0.00233	CVE-2023-33308
5	Cisco NX-OS NX-API эскалация привилегий	7.8	7.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2019-1605
6	PHPList Subscription sql-инъекция	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.00152	CVE-2017-20032
7	PHPList Edit Subscription index.php sql-инъекция	7.9	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.06	0.00152	CVE-2017-20029
8	Huawei TC5200-16 раскрытие информации	5.4	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00070	CVE-2020-9069
9	Microsoft Exchange Server Outlook Web Access неизвестная уязвимость	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00102	CVE-2019-0817
10	Microsoft Exchange Server Outlook Web Access эскалация привилегий	7.2	6.8	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00327	CVE-2017-11932
11	Microsoft Office Common Controls TabStrip ActiveX MSCOMCTL.OCX эскалация привилегий	9.6	8.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.93796	CVE-2012-1856
12	AuYou Wireless Smart Outlet Socket Remote Control Straisand слабая аутентификация	6.3	5.8	$5k-$25k	Расчет	Proof-of-Concept	Workaround	0.00	0.00000
13	SMC Networks D3G0804W Network Diagnostic Tools formSetDiagnosticToolsFmPing эскалация привилегий	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.01224	CVE-2020-8087
14	Apache HTTP Server ap_get_basic_auth_pw слабая аутентификация	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.01399	CVE-2017-3167
15	WordPress Press This class-wp-press-this.php раскрытие информации	6.3	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00527	CVE-2017-5610
16	Xlightftpd Xlight FTP Server обход каталога	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00407	CVE-2010-2695

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	89.248.174.219		FBot		11.02.2022	verified	Высокий
2	XXX.XX.XXX.XX	xx.xxxxxx.xxxx	Xxxx		11.02.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Высокий
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/lists/index.php	predictive	Высокий
2	File	goform/formSetDiagnosticToolsFmPing	predictive	Высокий
3	File	xxxxxxxx.xxx	predictive	Средний
4	File	xx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxx	predictive	Высокий
5	Argument	xxxxxxxxxxxxxxxxxxx	predictive	Высокий
6	Argument	xxx_xxxxxxxxxx_xxxxx__xxxx_xxxxxxx	predictive	Высокий
7	Network Port	xx xxxxxxx xxx.xx.xx.xx	predictive	Высокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you need the next level of professionalism?

Upgrade your account now!