FireBird RAT Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (72)

Lang

en	60
es	6
de	4
fr	2

Land

us	48
fr	8
ru	4
br	4
mk	2

Skådespelare

FireBird RAT	4
Loda	1
Candiru	1
RedLine Stealer	1
Bashlite	1

Intressera

Typ

Not Defined	12
Content Management System	6
Operating System	4
Programming Language Software	2
E-Commerce Management Software	2

Säljare

Not Defined	12
SourceCodester	2
Ovidentia	2
Google	2
Ubuntu	2

Produkt

WordPress	4
SourceCodester Online Student Management System	2
Ovidentia CMS	2
Google Play services SDK play-services-basement	2
Ubuntu Linux	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Fortinet FortiOS/FortiProxy FortiGate SSL-VPN minneskorruption	9.8	9.6	$25k-$100k	$25k-$100k	Not Defined	Official Fix	0.15407	0.04	CVE-2023-27997
3	FileOrbis File Management System Privilege Escalation	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00096	0.02	CVE-2022-3693
4	SourceCodester Online Student Management System edit-class-detail.php sql injektion	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00148	0.04	CVE-2023-1099
5	Joomla CMS com_easyblog sql injektion	6.3	6.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.38
6	Pacemaker privilegier eskalering	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02012	0.00	CVE-2016-7797
7	QNAP QTS privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.76513	0.03	CVE-2017-6359
8	Firebird udf Subsystem fbudf.so privilegier eskalering	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00554	0.05	CVE-2017-6369
9	ImageMagick PushQuantumPixel minneskorruption	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01030	0.00	CVE-2017-5508
10	Huawei AR3200 privilegier eskalering	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01795	0.03	CVE-2016-6206
11	Stylish Text Ads advertise.php cross site scripting	5.4	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02200	0.00	CVE-2006-2508
12	Google Play services SDK play-services-basement Privilege Escalation	7.3	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00109	0.02	CVE-2022-1799
13	Ovidentia CMS index.php sql injektion	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00089	0.07	CVE-2021-29343
14	Atlassian JIRA Server/Data Center Email Template Privilege Escalation	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00199	0.00	CVE-2021-43947
15	nginx ngx_http_mp4_module informationsgivning	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00198	0.05	CVE-2018-16845
16	MediaWiki Special:GlobalRenameRequest förnekande av tjänsten	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00093	0.00	CVE-2021-36125
17	WordPress pluggable.php wp_validate_redirect Redirect	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00178	0.02	CVE-2019-16220
18	WordPress sql injektion	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00375	0.04	CVE-2017-14723
19	DeDeCMS recommend.php sql injektion	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02834	0.04	CVE-2017-17731
20	Alcatel-Lucent Voice Mail System svag autentisering	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00856	0.02	CVE-2007-1822

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	5.206.227.37	server.bataboom.bet	FireBird RAT	16/03/2022	verified	Hög
2	34.211.234.228	ec2-34-211-234-228.us-west-2.compute.amazonaws.com	FireBird RAT	30/11/2021	verified	Medium
3	XX.XXX.XX.XXX		Xxxxxxxx Xxx	22/01/2022	verified	Hög
4	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxx.xxxxxxxxxxx.xx	Xxxxxxxx Xxx	15/11/2022	verified	Hög
5	XX.XXX.XXX.XX	xxxx.xx-xx-xxx-xxx.xx	Xxxxxxxx Xxx	15/08/2022	verified	Hög
6	XXX.XX.XX.XXX	xxxxxxxx.xx-xxx-xx-xx.xxx	Xxxxxxxx Xxx	28/08/2022	verified	Hög
7	XXX.XX.XXX.XX	xxxx.xx-xxx-xx-xxx.xxx	Xxxxxxxx Xxx	21/04/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-73, CWE-119, CWE-122, CWE-287, CWE-290, CWE-352, CWE-404, CWE-476, CWE-501, CWE-835, CWE-862, CWE-863	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22, CWE-23, CWE-35	Path Traversal	predictive	Hög
3	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/dev/block/mmcblk0rpmb	predictive	Hög
2	File	add_comment.php	predictive	Hög
3	File	advertise.php	predictive	Hög
4	File	category.cfm	predictive	Medium
5	File	data/gbconfiguration.dat	predictive	Hög
6	File	xxxxxx.xxx	predictive	Medium
7	File	xxxxxxx/xxxx-xxxxx-xxxxxx.xxx	predictive	Hög
8	File	xxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=x	predictive	Hög
9	File	xxxxx.xx	predictive	Medium
10	File	xxxx.xxx	predictive	Medium
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxx/xxxxxxxxx.xxx	predictive	Hög
13	File	xxxxxxxx.xxx	predictive	Medium
14	File	xxxxxxx:xxxxxxxxxxxxxxxxxxx	predictive	Hög
15	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	Hög
16	Library	xxxxxxx/xxxx/xxx-xxx/xxx/xxxxxxx-xxxxxxxxxxx-*.xxx	predictive	Hög
17	Argument	$xxxx	predictive	Låg
18	Argument	$_xxxxx	predictive	Låg
19	Argument	xxx	predictive	Låg
20	Argument	xxx_xx	predictive	Låg
21	Argument	xxxxxx	predictive	Låg
22	Argument	xxxxxxxxxxxx	predictive	Medium
23	Argument	xxxx_xxxxxxxx	predictive	Hög
24	Argument	xx	predictive	Låg
25	Argument	xx	predictive	Låg
26	Argument	xxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxx	predictive	Hög
27	Argument	xxxx_xx	predictive	Låg
28	Argument	xxxxxxx	predictive	Låg
29	Argument	xxx	predictive	Låg
30	Argument	xxxx->xxxxxxx	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Might our Artificial Intelligence support you?

Check our Alexa App!