FFDroider 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

时间轴

语言

en36
ru10

国家/地区

ru20
us20
ar6

演员

Unknown1

活动

利益

时间轴

类型

Not Defined18
Programming Language Software4
Web Server4
JavaScript Library2
Ticket Tracking Software2

供应商

Not Defined24
Actian2
Best Practical2
Linux2
Apache2

产品

PHP4
Portainer2
Actian Zen PSQL2
cmsimple2
Moment.js2

漏洞

#漏洞BaseTemp0day今天修正CTIEPSSCVE
1PHP UTF-32LE Encoding mb_strtolower 内存损坏7.37.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00495CVE-2020-7065
2Moment.js 目录遍历6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00330CVE-2022-24785
3Actian Zen PSQL 权限升级7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00093CVE-2022-40756
4Supermicro X10DRH-iT Web Interface config_user.cgi 跨网站请求伪造7.06.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00341CVE-2020-15046
5cloud-init cc_set_passwords.py rand_user_password Policy 信息公开4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00045CVE-2020-8632
6PHP PHAR phar_dir_read 内存损坏8.28.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00126CVE-2023-3824
7Rexroth Nexo Cordless Nutrunner 弱身份验证8.78.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00141CVE-2023-48250
8Lanner IAC-AST2500A spx_restservice KillDupUsr_func 内存损坏9.99.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00239CVE-2021-26728
9VMware vCenter Server 信息公开4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00043CVE-2023-34056
10Red Hat rpcbind libtirpc svc_dg_getargs 拒绝服务7.56.7$5k-$25k计算Proof-of-ConceptOfficial Fix0.000.17112CVE-2013-1950
11PHP cgi_main.c 权限升级7.36.6$25k-$100k$0-$5kHighOfficial Fix0.000.97363CVE-2012-1823
12chart.js Options Parameter 权限升级5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.070.01807CVE-2020-7746
13Yii Yii2 Gii 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00056CVE-2022-34297
14DataTables Plugin 6776.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00214CVE-2015-6584
15Yii Framework runAction SQL注入6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00191CVE-2023-26750
16Portainer 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01314CVE-2020-24264
17Apache HTTP Server mod_session 内存损坏7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.68938CVE-2021-26691
18Best Practical Request Tracker Ticket Search Redirect5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00073CVE-2022-25803
19Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget 权限升级5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00074CVE-2021-24914
20Atlassian JIRA Server/Data Center Email Template Privilege Escalation4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00199CVE-2021-43947

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1152.32.228.19FFDroider2022-07-29verified
2XXX.X.XXX.XXxxxx-xxxxx.xxxXxxxxxxxx2022-07-29verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/var/log/nginxpredictive
2Filecgi/config_user.cgipredictive
3Filecloudinit/config/cc_set_passwords.pypredictive
4Filexxx_xxxxxx.xpredictive
5Filexxxxx.xxxpredictive
6Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictive
7Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictive
8Filexxxx/xxx/xxx_xxxx.xpredictive
9Libraryxxxxxxxxpredictive
10Argument$_xxxxxx['xxxxx_xxxxxx']predictive
11Argumentxxpredictive
12Argumentxxxpredictive
13Argumentxxxxxpredictive
14Argumentxxxxxxxpredictive
15Argumentxxpredictive
16Input Value-xpredictive
17Network Portxxx/xx (xxx xxxxxxxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!