Agent.BTZ Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
fr14
ar2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

FR: France16
AR: Argentina2
US: USA2
RU: Russia2
UA: Ukraine2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Agent.BTZ3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Web Server6
Operating System4
Programming Language Software2
Chat Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Apache6
Linux4
Softaculous2
Ruby2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server6
Linux Kernel4
RuoYi2
PHP2
Softaculous Webuzo2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1OpenSSH GSS2 auth-gss2.c Username information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.002930.00CVE-2018-15919
2Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.00
3Fortinet FortiOS/FortiProxy Requests authentication bypass9.89.8$0-$5k$0-$5kHighNot Defined0.026340.00CVE-2024-55591
4Tongda OA 2017 apply.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001380.11CVE-2024-10656
5Kashipara Food Management System item_type_submit.php sql injection6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.001170.03CVE-2024-0280
6FoxCMS API Endpoint Site.php improper authorization5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.06CVE-2024-12901
7SourceCodester Phone Contact Manager System User Menu MenuDisplayStart input validation4.84.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000600.05CVE-2024-12353
8Softaculous Webuzo Password Reset os command injection8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.000520.05CVE-2024-24622
9Duplicator Plugin/Duplicator Pro Plugin tmp exposure of information through directory listing6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.016810.03CVE-2023-6114
10Ruby Pure Chat Plugin cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2024-35673
11Google Android ActivityTaskManagerService.java startNextMatchingActivity access control6.86.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.03CVE-2024-0036
12Langflow HTTP POST Request utils.py redos3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-9277
13Linux Kernel ath11k ath11k_mhi_config_qca6390 allocation of resources4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.06CVE-2024-35938
14SEO-Board smilies_popup.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.003930.00CVE-2005-2333
15PHP TAR Archive tar.c memory corruption9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.083620.06CVE-2016-2554
16Linux Kernel resource management6.25.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000440.04CVE-2010-4169
17Microsoft SharePoint Server deserialization7.26.8$5k-$25k$0-$5kHighOfficial Fix0.004980.06CVE-2024-38094
18Project Worlds Student Project Allocation System Project Selection Page move_up_project.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001380.11CVE-2024-10425
19Zoho ManageEngine ServiceDesk Plus RestAPI Remote Code Execution7.37.0$0-$5k$0-$5kHighOfficial Fix0.972760.00CVE-2021-44077
20Linux Kernel Pipe Dirty Pipe Privilege Escalation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.031230.00CVE-2022-0847

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
141.223.91.217Agent.BTZ02/12/2024verifiedVery High
278.138.25.29Agent.BTZ02/12/2024verifiedVery High
3XX.XXX.XX.XXXXxxxx.xxx02/12/2024verifiedVery High
4XX.XXX.XXX.XXXxxxx.xxx02/12/2024verifiedVery High
5XX.XXX.XXX.XXXxxxx.xxx02/12/2024verifiedVery High
6XX.XX.XX.XXXxxxx-xx-xx-xx-xxx.xxxx.xxXxxxx.xxx02/12/2024verifiedHigh
7XXX.XXX.XXX.XXXXxxxx.xxx02/12/2024verifiedVery High
8XXX.XXX.XX.XXXXxxxx.xxx02/12/2024verifiedVery High
9XXX.XX.XXX.XXXXxxxx.xxx02/12/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-18CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/app/api/controller/Site.phppredictiveHigh
3File/goform/formSetQoSpredictiveHigh
4File/goform/formVirtualServpredictiveHigh
5File/xxx/xxxxxxx/xxxxx.xxxpredictiveHigh
6File/xxxxxxxpredictiveMedium
7File/xxxxxxx/xxxxxxx_xxxxxxxxx/xxxx_xx_xxxxxxx.xxxpredictiveHigh
8Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
9Filexxxx-xxxx.xpredictiveMedium
10Filexxxxxxx-xxx-xxxx/xxxpredictiveHigh
11Filexxx/xxxx/xxx.xpredictiveHigh
12Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
13Filexxxx-xxxxxx.xpredictiveHigh
14Filexxxxxxx_xxxxx.xxxpredictiveHigh
15File\xxx\xxxxxxx\xxxx\xxxxxxxx\xxxxxxxxx\xxxxx.xxpredictiveHigh
16Argumentxxx_xxxpredictiveLow
17ArgumentxxxxxxxpredictiveLow
18ArgumentxxxpredictiveLow
19Argumentxx_xxpredictiveLow
20ArgumentxxxxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxxxx_xxxxpredictiveHigh
23Argumentxxxx_xxxxpredictiveMedium
24ArgumentxxpredictiveLow
25Pattern|xx|predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!