Brushaloader Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en43
de6
pl2
ar1
fr1

Country

us44
ir4

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.37CVE-2010-0966
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.11CVE-2007-1167
4Siemens SIMATIC Drive Controller Service Port 102 memory corruption7.37.1$5k-$25k$5k-$25kNot DefinedWorkaround0.04CVE-2020-15782
5Siemens SIMATIC S7-1200 PLC memory corruption7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.07CVE-2013-0700
6Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2006-6338
7MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.08CVE-2007-0354
8Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.37CVE-2011-0643
9LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.22
10Xoops URL Filter index.php redirect6.66.2$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2017-12138
11PHP phpinfo cross site scriting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2007-1287
12Digium Asterisk SDP Negotiation res_pjsip_session.c denial of service5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-26906
13Siemens SIMATIC S7-300 PN/SIMATIC S7-400 PN input validation6.46.2$5k-$25k$0-$5kNot DefinedWorkaround0.06CVE-2016-9158
14BloodHound GenericAll.jsx command injection7.97.9$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-3210
15Microsoft IIS code injection9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.04CVE-2010-1256
16Sophos SFOS Administration Service/User Portal sql injection9.18.7$5k-$25k$0-$5kHighOfficial Fix0.04CVE-2020-12271
17Citrix ShareFile StorageZones path traversal7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2020-8983
18Vesta Control Panel index.php os command injection7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2015-4117
19CARE2X diagnostics-report-index.php privileges management7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2007-1458
20Readdle Documents App Stored cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-20802

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
164.110.25.146webmail.jqluvhost.netBrushaloaderverifiedHigh
264.110.25.147webmail.jqluvhost.netBrushaloaderverifiedHigh
364.110.25.148xaeoi7a.npermit.topBrushaloaderverifiedHigh
464.110.25.150webmail.jqluvhost.netBrushaloaderverifiedHigh
564.110.25.151moiu0ae.lplaced.topBrushaloaderverifiedHigh
664.110.25.152h2iuode.hairrestoredfast.topBrushaloaderverifiedHigh
764.110.25.153vaxoiu5.shadego.topBrushaloaderverifiedHigh
864.110.25.154nae2oiu.sidedgo.topBrushaloaderverifiedHigh
9107.173.193.242107-173-193-242-host.colocrossing.comBrushaloaderverifiedHigh
10107.173.193.243107-173-193-243-host.colocrossing.comBrushaloaderverifiedHigh
11XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
12XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
13XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
14XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
16XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
18XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
19XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
20XXX.XXX.XXX.XXXxxxxxxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
22XXX.XXX.XX.XXXXxxxxxxxxxxxverifiedHigh
23XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
24XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
25XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
26XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
27XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
28XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
29XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
30XXX.X.XXX.XXXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
31XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
32XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
33XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
34XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
35XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
36XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
37XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
38XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
39XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
40XXX.X.XXX.XXXxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
41XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
42XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
43XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
44XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
45XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
46XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
47XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
48XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
49XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/horde/util/go.phppredictiveHigh
3File/modules/profile/index.phppredictiveHigh
4Fileadmin/conf_users_edit.phppredictiveHigh
5Filexxxxxxx_xxx.xxxpredictiveHigh
6Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxx/xxxxxx/xxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxxx-xxxxxx-xxxxx.xxxpredictiveHigh
15Filexxx_xxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxx_xxxxx_xxxxxxx.xpredictiveHigh
18ArgumentxxxxxxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxxxpredictiveLow
22Argumentxxxx_xxxxxpredictiveMedium
23ArgumentxxpredictiveLow
24ArgumentxxxxxxxxpredictiveMedium
25Argumentxxxx_xxxxpredictiveMedium
26ArgumentxxxpredictiveLow
27Network Portxxx/xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!