Brushaloader Analysisinfo

IOB - Indicator of Behavior (60)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
de10
ar2
fr2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Devilz Clanportal4
BloodHound2
Siemens SIMATIC Drive Controller2
Siemens SIMATIC ET 200SP Open Controller CPU 1515S ...2
Siemens SIMATIC ET 200SP Open Controller CPU 1515S ...2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.021470.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.021950.62CVE-2010-0966
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.57CVE-2007-1167
4Siemens SIMATIC Drive Controller Service Port 102 memory corruption7.37.1$5k-$25k$5k-$25kNot DefinedWorkaround0.005260.03CVE-2020-15782
5Siemens SIMATIC S7-1200 PLC memory corruption7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.002610.00CVE-2013-0700
6Devilz Clanportal File Upload5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.14CVE-2006-6338
7MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.58CVE-2007-0354
8nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.34CVE-2020-12440
9PHP Proxy ndex.php improper authentication6.45.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.067290.03CVE-2018-19458
10Apple watchOS Font Remote Code Execution7.06.9$0-$5k$0-$5kHighOfficial Fix0.000860.06CVE-2023-41990
11Filebrowser cross-site request forgery6.96.4$0-$5k$0-$5kFunctionalOfficial Fix0.007060.00CVE-2021-46398
12cURL SOCKS5 Proxy heap-based overflow7.77.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004560.03CVE-2023-38545
13Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.14CVE-2011-0643
14LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.00
15Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.04CVE-2017-12138
16PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.017440.00CVE-2007-1287
17Digium Asterisk SDP Negotiation res_pjsip_session.c denial of service5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.07CVE-2021-26906
18Siemens SIMATIC S7-300 PN/SIMATIC S7-400 PN input validation6.46.3$5k-$25k$0-$5kNot DefinedWorkaround0.003730.02CVE-2016-9158
19BloodHound GenericAll.jsx command injection7.97.9$0-$5k$0-$5kNot DefinedOfficial Fix0.007910.00CVE-2021-3210
20Microsoft IIS code injection9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.145320.09CVE-2010-1256

IOC - Indicator of Compromise (40)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.110.25.146webmail.jqluvhost.netBrushaloader04/12/2022verifiedMedium
264.110.25.147webmail.jqluvhost.netBrushaloader04/12/2022verifiedMedium
364.110.25.148xaeoi7a.npermit.topBrushaloader04/12/2022verifiedMedium
464.110.25.150webmail.jqluvhost.netBrushaloader04/12/2022verifiedMedium
564.110.25.151moiu0ae.lplaced.topBrushaloader04/12/2022verifiedMedium
664.110.25.152h2iuode.hairrestoredfast.topBrushaloader04/12/2022verifiedLow
764.110.25.153vaxoiu5.shadego.topBrushaloader04/12/2022verifiedMedium
864.110.25.154nae2oiu.sidedgo.topBrushaloader04/12/2022verifiedMedium
9XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
10XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
11XXX.XXX.XXX.XXXxxxxxxxxxxx04/12/2022verifiedMedium
12XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
13XXX.XXX.XX.XXXXxxxxxxxxxxx04/12/2022verifiedMedium
14XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
15XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
16XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
17XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
18XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
19XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
20XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
21XXX.X.XXX.XXXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
22XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
23XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
24XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
25XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
26XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
27XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
28XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
29XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
30XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
31XXX.X.XXX.XXXxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
32XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
33XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
34XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
35XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
36XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
37XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
38XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
39XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium
40XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx04/12/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/horde/util/go.phppredictiveHigh
3File/modules/profile/index.phppredictiveHigh
4Fileadmin/conf_users_edit.phppredictiveHigh
5Filexxxxxxx_xxx.xxxpredictiveHigh
6Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxxx.xxx?x=xxxx://predictiveHigh
14Filexxxx/xxxxxx/xxxxx.xxxpredictiveHigh
15Filexxxx/xxxxxxxxxxx-xxxxxx-xxxxx.xxxpredictiveHigh
16Filexxx_xxxx.xxxpredictiveMedium
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxx_xxxxx_xxxxxxx.xpredictiveHigh
19ArgumentxxxxxxpredictiveLow
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxpredictiveLow
22ArgumentxxxxpredictiveLow
23Argumentxxxx_xxxxxpredictiveMedium
24ArgumentxxpredictiveLow
25ArgumentxxxxxxxxpredictiveMedium
26Argumentxxxx_xxxxpredictiveMedium
27ArgumentxxxpredictiveLow
28Network Portxxx/xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!