BuerLoader Analysis

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

uTorrent4
Angular2
Alkacon OpenCms2
Microsoft Internet Explorer2
Daimler Mercedes Comand2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TRENDnet TEW-811DRU httpd security.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.04CVE-2023-0613
2laravel deserialization4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001600.00CVE-2022-2870
3Huawei SXXX VRP MPLS LSP Ping information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.05CVE-2014-8570
4Apache Commons Text Variable Interpolation code injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.971620.04CVE-2022-42889
5Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001180.00CVE-2022-30209
6Alkacon OpenCms cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004340.05CVE-2005-4294
7Microsoft Internet Explorer Embedded Content cross site scripting6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.823400.04CVE-2005-3312
8Mozilla Firefox String unknown vulnerability4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.002070.04CVE-2005-2602
9Netegrity SiteMinder Login smpwservicescgi.exe redirect5.45.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000720.30CVE-2005-10001
10Dreambox DM500 Web Server input validation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.025060.04CVE-2008-3936
11D-Link DIR URL Filter input validation5.35.1$25k-$100k$0-$5kHighOfficial Fix0.025010.02CVE-2008-4133
12Pro2col Stingray FTS cross site scripting5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000870.20CVE-2008-10001
13FFmpeg denial of service7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001860.04CVE-2012-2805
14Netgear WGR614 Authentication Code improper authentication4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.000780.00CVE-2012-6340
15NVIDIA Graphics Drivers registry memory corruption7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2012-0951
16DD-WRT Web Interface cross-site request forgery7.56.9$0-$5k$0-$5kUnprovenNot Defined0.003120.08CVE-2012-6297
17Dell SonicWall Secure Remote Access Appliance editBookmark cross-site request forgery6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.018020.00CVE-2015-2248
18FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.15CVE-2015-10003
19Kiddoware Kids Place Home Button Protection denial of service5.45.3$0-$5k$0-$5kHighOfficial Fix0.000420.00CVE-2015-10002
20uTorrent memory corruption6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.10CVE-2018-25042

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1104.248.83.13BuerLoader08/10/2022verifiedMedium
2XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxxxxxx06/11/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/backups/predictiveMedium
2File/cgi-bin/editBookmarkpredictiveHigh
3File/goform/RgDdnspredictiveHigh
4File/goform/RgDhcppredictiveHigh
5File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
6File/xxxxxx/xxxxxxpredictiveHigh
7File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
8File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
9File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
10File/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictiveHigh
14ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
15ArgumentxxxxxxxxxxxxpredictiveMedium
16Argumentxxxxxx_xxx_xxpredictiveHigh
17Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
18ArgumentxxpredictiveLow
19ArgumentxxxxxpredictiveLow
20ArgumentxxxxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
22ArgumentxxxxxxpredictiveLow
23Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
24ArgumentxxxxxxxxpredictiveMedium
25Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
26Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
27Network Portxxx/xxxxxpredictiveMedium
28Network Portxxx/xxxxxpredictiveMedium
29Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!