FFDroider Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Lang

en	36
ru	10

Land

us	22
ru	20
ar	4

Skådespelare

Unknown	1

Intressera

Typ

Not Defined	16
Router Operating System	4
Hosting Control Software	4
Web Server	4
Programming Language Software	4

Säljare

Not Defined	22
Juniper	4
Apache	4
Avaya	2
Rexroth	2

Produkt

cPanel	4
Apache HTTP Server	4
PHP	4
Avaya Cajun P550R	2
Avaya P580	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	PHP UTF-32LE Encoding mb_strtolower minneskorruption	7.3	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00495	0.04	CVE-2020-7065
2	Moment.js kataloggenomgång	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.08	CVE-2022-24785
3	Actian Zen PSQL privilegier eskalering	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00093	0.00	CVE-2022-40756
4	Supermicro X10DRH-iT Web Interface config_user.cgi förfalskning på begäran över webbplatsen	7.0	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00475	0.00	CVE-2020-15046
5	cloud-init cc_set_passwords.py rand_user_password Policy informationsgivning	4.2	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.03	CVE-2020-8632
6	PHP PHAR phar_dir_read minneskorruption	8.2	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00126	0.05	CVE-2023-3824
7	Rexroth Nexo Cordless Nutrunner svag autentisering	8.7	8.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00141	0.00	CVE-2023-48250
8	Lanner IAC-AST2500A spx_restservice KillDupUsr_func minneskorruption	9.9	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00239	0.03	CVE-2021-26728
9	VMware vCenter Server informationsgivning	4.3	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.04	CVE-2023-34056
10	Red Hat rpcbind libtirpc svc_dg_getargs förnekande av tjänsten	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.17112	0.00	CVE-2013-1950
11	PHP cgi_main.c privilegier eskalering	7.3	6.6	$25k-$100k	$0-$5k	High	Official Fix	0.97363	0.05	CVE-2012-1823
12	chart.js Options Parameter privilegier eskalering	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01807	0.03	CVE-2020-7746
13	Yii Yii2 Gii cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2022-34297
14	DataTables Plugin 6776.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00214	0.00	CVE-2015-6584
15	Yii Framework runAction sql injektion	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00364	0.04	CVE-2023-26750
16	Portainer privilegier eskalering	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01314	0.02	CVE-2020-24264
17	Apache HTTP Server mod_session minneskorruption	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.68938	0.00	CVE-2021-26691
18	Best Practical Request Tracker Ticket Search Redirect	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.03	CVE-2022-25803
19	Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget privilegier eskalering	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.08	CVE-2021-24914
20	Atlassian JIRA Server/Data Center Email Template Privilege Escalation	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00199	0.05	CVE-2021-43947

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	152.32.228.19		FFDroider		29/07/2022	verified	Hög
2	XXX.X.XXX.XX	xxxx-xxxxx.xxx	Xxxxxxxxx		29/07/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/var/log/nginx	predictive	Hög
2	File	cgi/config_user.cgi	predictive	Hög
3	File	cloudinit/config/cc_set_passwords.py	predictive	Hög
4	File	xxx_xxxxxx.x	predictive	Medium
5	File	xxxxx.xxx	predictive	Medium
6	File	xxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxx	predictive	Hög
7	File	xxx/xxxxxxxxx/xx_xxxxxx_xxx.x	predictive	Hög
8	File	xxxx/xxx/xxx_xxxx.x	predictive	Hög
9	Library	xxxxxxxx	predictive	Medium
10	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	Hög
11	Argument	xx	predictive	Låg
12	Argument	xxx	predictive	Låg
13	Argument	xxxxx	predictive	Låg
14	Argument	xxxxxxx	predictive	Låg
15	Argument	xx	predictive	Låg
16	Input Value	-x	predictive	Låg
17	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!