FF-Rat Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Lang

en	18
zh	8

Land

cn	18
us	4
gb	2

Skådespelare

FF-Rat	2
Kuluoz	1
PlugX	1
Cobalt Strike	1
UNC4841	1

Intressera

Typ

Not Defined	16
File Transfer Software	2
Mail Server Software	2
Operating System	2
Cloud Software	2

Säljare

ONLYOFFICE	10
Not Defined	6
Alt-N	2
Microsoft	2
Atlassian	2

Produkt

ONLYOFFICE Document Server	4
ONLYOFFICE Server	4
vsftpd	2
Alt-N MDaemon	2
PHPMailer	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Cisco Unity Connection privilegier eskalering	8.1	8.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00127	0.04	CVE-2024-20272
2	KeyCloak Password Reset privilegier eskalering	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00293	0.00	CVE-2017-12161
3	ONLYOFFICE Document Server FontFileBase.h minneskorruption	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00211	0.00	CVE-2022-29777
4	ONLYOFFICE Server User Name privilegier eskalering	4.5	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00071	0.03	CVE-2021-43448
5	ONLYOFFICE Server Document Editor Service privilegier eskalering	6.8	6.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.04	CVE-2021-43449
6	ONLYOFFICE Document Server Example editor cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00116	0.03	CVE-2022-24229
7	ONLYOFFICE Document Server WebSocket API sql injektion	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00174	0.00	CVE-2020-11537
8	ONLYOFFICE Server Document Editor svag autentisering	6.9	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00076	0.04	CVE-2021-43447
9	ONLYOFFICE Community Server UploadProgress.ashx privilegier eskalering	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00633	0.04	CVE-2023-34939
10	vsftpd deny_file okänd sårbarhet	3.7	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00312	0.04	CVE-2015-1419
11	Atlassian Confluence Server/Confluence Data Center Webwork OGNL privilegier eskalering	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.97446	0.04	CVE-2021-26084
12	PHPMailer Phar Deserialization addAttachment privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00748	0.00	CVE-2020-36326
13	Squid Proxy HTTP Header informationsgivning	6.6	6.6	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00735	0.00	CVE-2019-12529
14	PHP com_print_typeinfo minneskorruption	10.0	9.4	$25k-$100k	$0-$5k	Proof-of-Concept	Not Defined	0.25603	0.04	CVE-2012-2376
15	Oracle WebLogic Server Console Remote Code Execution	9.8	9.4	$5k-$25k	$0-$5k	High	Official Fix	0.97498	0.00	CVE-2020-14882
16	PbootCMS privilegier eskalering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04022	0.00	CVE-2018-19595
17	Microsoft Windows Win32k privilegier eskalering	7.9	7.7	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00058	0.00	CVE-2019-0623
18	Western Digital PR4100 webfile_mgr.cgi privilegier eskalering	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01702	0.03	CVE-2019-9949
19	PHP Scripts Mall Professional Service Script review.php sql injektion	8.5	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.00	CVE-2017-17928
20	Alt-N MDaemon Worldclient privilegier eskalering	7.3	7.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	59.188.16.147		FF-Rat	10/03/2022	verified	Hög
2	XX.XX.XX.XXX	xxx.xx.xx.xx.xxxxxx.xxxxxx.xxxxxxxx.xxxxxxx.xxx	Xx-xxx	10/03/2022	verified	Hög
3	XXX.XX.XXX.XXX		Xx-xxx	10/03/2022	verified	Hög
4	XXX.XX.XX.XX		Xx-xxx	10/03/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-59, CWE-119, CWE-122, CWE-287, CWE-502, CWE-918, CWE-1018	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	TXXXX	CAPEC-10	CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxxx Xx Xxxx Xxxxxx Xxxxx Xxxxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-50	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
10	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/example/editor	predictive	Hög
2	File	admin/review.php	predictive	Hög
3	File	cgi-bin/webfile_mgr.cgi	predictive	Hög
4	File	xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx.x	predictive	Hög
5	File	xxx.xx	predictive	Låg
6	File	xxxxx.xxx/xxxx/x/	predictive	Hög
7	File	xxxxxxxxxxxxxx.xxxx	predictive	Hög
8	Library	xxxxxxxxxxx.xxx	predictive	Hög
9	Argument	xxxxxxx	predictive	Låg
10	Argument	xxxxx	predictive	Låg
11	Argument	xx	predictive	Låg
12	Argument	xxxx	predictive	Låg
13	Argument	xxxxxxx	predictive	Låg
14	Argument	xxxx	predictive	Låg
15	Argument	xxxx->xxxxxxx	predictive	Hög
16	Input Value	<xxx xxx="xxxx://x"; xx xxxxxxx="$(’x').xxxx(’xxxxxx’)" />	predictive	Hög
17	Input Value	{xxxxx:xx(xxxx($_xxx[x]))}x{/xxxxx:xx}	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!