Brushaloader Analysis

IOB - Indicator of Behavior (55)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en40
de8
pl4
it2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us42
ir4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
Devilz Clanportal4
BloodHound2
Esoftpro Online Guestbook Pro2
Thomas R. Pasawicz HyperBook Guestbook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.420.04187CVE-2010-0966
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.200.06790CVE-2007-1167
4Siemens SIMATIC Drive Controller Service Port 102 memory corruption7.37.1$5k-$25k$5k-$25kNot DefinedWorkaround0.060.01136CVE-2020-15782
5Siemens SIMATIC S7-1200 PLC memory corruption7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.01055CVE-2013-0700
6Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.06790CVE-2006-6338
7MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.770.02800CVE-2007-0354
8Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.04187CVE-2011-0643
9LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.190.00000
10Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2017-12138
11PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.260.03129CVE-2007-1287
12Digium Asterisk SDP Negotiation res_pjsip_session.c denial of service5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02051CVE-2021-26906
13Siemens SIMATIC S7-300 PN/SIMATIC S7-400 PN input validation6.46.3$5k-$25k$0-$5kNot DefinedWorkaround0.010.01018CVE-2016-9158
14BloodHound GenericAll.jsx command injection7.97.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01136CVE-2021-3210
15Microsoft IIS code injection9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.050.53588CVE-2010-1256
16Sophos SFOS Administration Service/User Portal sql injection9.18.7$5k-$25k$0-$5kHighOfficial Fix0.040.86372CVE-2020-12271
17Citrix ShareFile StorageZones path traversal7.47.4$5k-$25k$5k-$25kNot DefinedNot Defined0.040.05634CVE-2020-8983
18Vesta Control Panel index.php os command injection7.56.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010.08078CVE-2015-4117
19CARE2X diagnostics-report-index.php privileges management7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.030.12567CVE-2007-1458
20Readdle Documents App Stored cross site scripting5.24.9$0-$5kCalculatingNot DefinedOfficial Fix0.000.00885CVE-2019-20802

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
164.110.25.146webmail.jqluvhost.netBrushaloaderverifiedHigh
264.110.25.147webmail.jqluvhost.netBrushaloaderverifiedHigh
364.110.25.148xaeoi7a.npermit.topBrushaloaderverifiedHigh
464.110.25.150webmail.jqluvhost.netBrushaloaderverifiedHigh
564.110.25.151moiu0ae.lplaced.topBrushaloaderverifiedHigh
664.110.25.152h2iuode.hairrestoredfast.topBrushaloaderverifiedHigh
764.110.25.153vaxoiu5.shadego.topBrushaloaderverifiedHigh
864.110.25.154nae2oiu.sidedgo.topBrushaloaderverifiedHigh
9107.173.193.242107-173-193-242-host.colocrossing.comBrushaloaderverifiedHigh
10107.173.193.243107-173-193-243-host.colocrossing.comBrushaloaderverifiedHigh
11XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
12XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
13XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
14XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
15XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
16XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
18XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
19XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
20XXX.XXX.XXX.XXXxxxxxxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
22XXX.XXX.XX.XXXXxxxxxxxxxxxverifiedHigh
23XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
24XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
25XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
26XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
27XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
28XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
29XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
30XXX.X.XXX.XXXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
31XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
32XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
33XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
34XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
35XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
36XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
37XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
38XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
39XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
40XXX.X.XXX.XXXxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
41XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
42XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
43XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
44XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
45XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
46XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
47XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
48XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh
49XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/horde/util/go.phppredictiveHigh
3File/modules/profile/index.phppredictiveHigh
4Fileadmin/conf_users_edit.phppredictiveHigh
5Filexxxxxxx_xxx.xxxpredictiveHigh
6Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxx/xxxxxx/xxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxxx-xxxxxx-xxxxx.xxxpredictiveHigh
15Filexxx_xxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxx_xxxxx_xxxxxxx.xpredictiveHigh
18ArgumentxxxxxxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxxxpredictiveLow
22Argumentxxxx_xxxxxpredictiveMedium
23ArgumentxxpredictiveLow
24ArgumentxxxxxxxxpredictiveMedium
25Argumentxxxx_xxxxpredictiveMedium
26ArgumentxxxpredictiveLow
27Network Portxxx/xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!