FunkyBot 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

时间轴

语言

zh34
en20

国家/地区

cn40
us14

演员

Cobalt Strike1
FunkyBot1

活动

利益

时间轴

类型

Not Defined22
SSH Server Software14
Operating System2
Application Server Software2

供应商

Not Defined22
Matt Johnston4
Microsoft2
Thomas R. Pasawicz2
Auto-Maskin2

产品

BusyBox6
Dropbear SSH6
Dropbear4
Matt Johnston Dropbear SSH Server4
Rapidleech2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Dropbear 信息公开3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000840.02CVE-2019-12953
3Mofi Network MOFI4500-4GXeLTE Dropbear SSH Daemon rom 权限升级7.67.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002250.00CVE-2020-15833
4Dropbear Filename scp.c Privilege Escalation6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.04CVE-2020-36254
5Apache RocketMQ Update Configuration 权限升级8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.972820.03CVE-2023-33246
6Apache Tomcat Form Authentication Example 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001090.02CVE-2022-34305
7BusyBox awk Applet 内存损坏5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002360.00CVE-2021-42386
8Vivotek FD8136 Busybox/wget 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003270.03CVE-2018-14494
9BusyBox gzip Data decompress_gunzip.c huft_build 权限升级5.35.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005570.04CVE-2021-28831
10BusyBox man Applet 拒绝服务5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2021-42373
11BusyBox unlzma Applet 信息公开7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001230.03CVE-2021-42374
12BusyBox ash Applet 拒绝服务5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2021-42375
13BusyBox netstat Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.011320.03CVE-2022-28391
14BusyBox awk Applet copyvar 内存损坏5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000670.03CVE-2022-30065
15Hikvision Hybrid SAN Web Module 权限升级8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.267700.00CVE-2022-28171
16Matt Johnston Dropbear SSH Server 拒绝服务9.99.9$0-$5k$0-$5kNot DefinedNot Defined0.010320.02CVE-2012-0920
17Dropbear SSH Shell Command Restriction 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028350.04CVE-2016-3116
18Dropbear SSH dropbearconvert 权限升级8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009560.02CVE-2016-7407
19Dropbear SSH dbclient 权限升级7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.009400.02CVE-2016-7408
20Dropbear SSH dbclient/server Memory 信息公开4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.01CVE-2016-7409

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
16.43.51.17FunkyBot2019-09-05verified
2XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx2019-09-05verified
3XXX.XX.XX.XXXXxxxxxxx2019-09-05verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/.ssh/authorized_keyspredictive
2File/rompredictive
3Filedata/gbconfiguration.datpredictive
4Filexxxxxxxxxx_xxxxxx.xpredictive
5Filexxxxx.xxxpredictive
6Filexxxxxxx/xxxx.xxxxx.xxxpredictive
7Filexxx_xxxx.xxxpredictive
8Filexxx.xpredictive
9Filexxxx_xxxxxxx.xpredictive
10Filexxx-xxxx.xpredictive
11Filexxxxxx.xxxpredictive
12Argument$xxxxxxxpredictive
13Argument-x/-xpredictive
14Argument-xpredictive
15Argumentxxxxxxxpredictive
16Argumentxxxxpredictive
17Argumentxxxxxxpredictive
18Argumentxxxxxxxx/xxxxpredictive
19Argumentxxxxxxxx/xxxxxxxxpredictive
20Input Valuexxxx:xxxxxxpredictive
21Network Portxxx/xx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!