FFDroider Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	40
ru	6

Country

us	22
ru	16
ar	8

Actors

Unknown	1

Activities

Interest

Timeline

Type

Not Defined	18
Hosting Control Software	6
Programming Language Software	4
Web Server	4
Cloud Software	2

Vendor

Not Defined	28
Linux	2
Apache	2
Actian	2
Supermicro	2

Product

cPanel	6
PHP	4
cloud-init	2
Linux Kernel	2
cmsimple	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	PHP UTF-32LE Encoding mb_strtolower stack-based overflow	7.3	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00495	0.04	CVE-2020-7065
2	Moment.js path traversal	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.12	CVE-2022-24785
3	Actian Zen PSQL permission	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00104	0.00	CVE-2022-40756
4	Supermicro X10DRH-iT Web Interface config_user.cgi cross-site request forgery	7.0	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00475	0.04	CVE-2020-15046
5	cloud-init cc_set_passwords.py rand_user_password Policy insufficiently protected credentials	4.2	4.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.03	CVE-2020-8632
6	PHP PHAR phar_dir_read buffer overflow	8.2	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00083	0.05	CVE-2023-3824
7	Rexroth Nexo Cordless Nutrunner hard-coded credentials	8.7	8.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00141	0.00	CVE-2023-48250
8	Lanner IAC-AST2500A spx_restservice KillDupUsr_func out-of-bounds write	9.9	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00239	0.03	CVE-2021-26728
9	VMware vCenter Server information disclosure	4.3	4.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.03	CVE-2023-34056
10	Red Hat rpcbind libtirpc svc_dg_getargs resource management	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.17112	0.00	CVE-2013-1950
11	PHP cgi_main.c input validation	7.3	7.0	$25k-$100k	$0-$5k	High	Official Fix	0.97363	0.00	CVE-2012-1823
12	chart.js Options Parameter code injection	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01807	0.04	CVE-2020-7746
13	Yii Yii2 Gii cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00056	0.03	CVE-2022-34297
14	DataTables Plugin 6776.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00214	0.00	CVE-2015-6584
15	Yii Framework runAction sql injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00364	0.00	CVE-2023-26750
16	Portainer access control	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01314	0.02	CVE-2020-24264
17	Apache HTTP Server mod_session heap-based overflow	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.69823	0.04	CVE-2021-26691
18	Best Practical Request Tracker Ticket Search redirect	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.03	CVE-2022-25803
19	Tawk.To Live Chat Plugin AJAX Action tawkto_removewidget authorization	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.04	CVE-2021-24914
20	Atlassian JIRA Server/Data Center Email Template Privilege Escalation	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00199	0.00	CVE-2021-43947

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	152.32.228.19		FFDroider		07/29/2022	verified	High
2	XXX.X.XXX.XX	xxxx-xxxxx.xxx	Xxxxxxxxx		07/29/2022	verified	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX	CAPEC-102	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/var/log/nginx	predictive	High
2	File	cgi/config_user.cgi	predictive	High
3	File	cloudinit/config/cc_set_passwords.py	predictive	High
4	File	xxx_xxxxxx.x	predictive	Medium
5	File	xxxxx.xxx	predictive	Medium
6	File	xxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxx	predictive	High
7	File	xxx/xxxxxxxxx/xx_xxxxxx_xxx.x	predictive	High
8	File	xxxx/xxx/xxx_xxxx.x	predictive	High
9	Library	xxxxxxxx	predictive	Medium
10	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	High
11	Argument	xx	predictive	Low
12	Argument	xxx	predictive	Low
13	Argument	xxxxx	predictive	Low
14	Argument	xxxxxxx	predictive	Low
15	Argument	xx	predictive	Low
16	Input Value	-x	predictive	Low
17	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!