FunkyBot Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Tidslinje

Lang

zh34
en20

Land

cn44
us10

Skådespelare

Cobalt Strike1
FunkyBot1

Aktiviteter

Intressera

Tidslinje

Typ

SSH Server Software16
Not Defined12
Application Server Software2
Operating System2
Remote Access Software2

Säljare

Not Defined16
Matt Johnston4
Apache2
Microsoft2
SolarWinds2

Produkt

Dropbear6
Dropbear SSH4
Matt Johnston Dropbear SSH Server4
Apache Tomcat2
BusyBox2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Dropbear informationsgivning3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000840.02CVE-2019-12953
3Mofi Network MOFI4500-4GXeLTE Dropbear SSH Daemon rom privilegier eskalering7.67.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002250.00CVE-2020-15833
4Dropbear Filename scp.c Privilege Escalation6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.04CVE-2020-36254
5Apache RocketMQ Update Configuration privilegier eskalering8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.973120.03CVE-2023-33246
6Apache Tomcat Form Authentication Example cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.02CVE-2022-34305
7BusyBox awk Applet minneskorruption5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002360.00CVE-2021-42386
8Vivotek FD8136 Busybox/wget privilegier eskalering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003270.03CVE-2018-14494
9BusyBox gzip Data decompress_gunzip.c huft_build privilegier eskalering5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007670.04CVE-2021-28831
10BusyBox man Applet förnekande av tjänsten5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2021-42373
11BusyBox unlzma Applet informationsgivning7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.03CVE-2021-42374
12BusyBox ash Applet förnekande av tjänsten5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-42375
13BusyBox netstat Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.011320.03CVE-2022-28391
14BusyBox awk Applet copyvar minneskorruption5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000670.04CVE-2022-30065
15Hikvision Hybrid SAN Web Module privilegier eskalering8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.267700.00CVE-2022-28171
16Matt Johnston Dropbear SSH Server förnekande av tjänsten9.99.9$0-$5k$0-$5kNot DefinedNot Defined0.010320.02CVE-2012-0920
17Dropbear SSH Shell Command Restriction privilegier eskalering6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028350.04CVE-2016-3116
18Dropbear SSH dropbearconvert privilegier eskalering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009560.02CVE-2016-7407
19Dropbear SSH dbclient privilegier eskalering7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.009400.02CVE-2016-7408
20Dropbear SSH dbclient/server Memory informationsgivning4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.01CVE-2016-7409

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
16.43.51.17FunkyBot05/09/2019verifiedHög
2XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx05/09/2019verifiedHög
3XXX.XX.XX.XXXXxxxxxxx05/09/2019verifiedHög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-74, CWE-93, CWE-119, CWE-125, CWE-287, CWE-399, CWE-404, CWE-415, CWE-416, CWE-476, CWE-610, CWE-611, CWE-707, CWE-755Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
9TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/.ssh/authorized_keyspredictiveHög
2File/rompredictiveLåg
3Filedata/gbconfiguration.datpredictiveHög
4Filexxxxxxxxxx_xxxxxx.xpredictiveHög
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxx/xxxx.xxxxx.xxxpredictiveHög
7Filexxx_xxxx.xxxpredictiveMedium
8Filexxx.xpredictiveLåg
9Filexxxx_xxxxxxx.xpredictiveHög
10Filexxx-xxxx.xpredictiveMedium
11Filexxxxxx.xxxpredictiveMedium
12Argument$xxxxxxxpredictiveMedium
13Argument-x/-xpredictiveLåg
14Argument-xpredictiveLåg
15ArgumentxxxxxxxpredictiveLåg
16ArgumentxxxxpredictiveLåg
17ArgumentxxxxxxpredictiveLåg
18Argumentxxxxxxxx/xxxxpredictiveHög
19Argumentxxxxxxxx/xxxxxxxxpredictiveHög
20Input Valuexxxx:xxxxxxpredictiveMedium
21Network Portxxx/xx (xxx)predictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!