BuerLoader Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us4
gb2
ch2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Buer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Peer-to-Peer Software4
Web Browser4
NPM Package2
Vehicle Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Thomson8
PHPGurukul2
Dreambox2
Daimler2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Thomson TCW7108
uTorrent4
PHPGurukul Zoo Management System2
ua-parser-js2
Dreambox DM5002

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1TRENDnet TEW-811DRU httpd security.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00137CVE-2023-0613
2laravel deserialization4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00160CVE-2022-2870
3Huawei SXXX VRP MPLS LSP Ping information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00096CVE-2014-8570
4Apache Commons Text Variable Interpolation code injection8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.96829CVE-2022-42889
5Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.00107CVE-2022-30209
6Alkacon OpenCms cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00434CVE-2005-4294
7Microsoft Internet Explorer Embedded Content cross site scripting6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.82340CVE-2005-3312
8Mozilla Firefox String unknown vulnerability4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.030.00202CVE-2005-2602
9Netegrity SiteMinder Login smpwservicescgi.exe redirect5.45.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00072CVE-2005-10001
10Dreambox DM500 Web Server input validation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.040.02506CVE-2008-3936
11D-Link DIR URL Filter input validation5.35.1$25k-$100k$0-$5kHighOfficial Fix0.000.02265CVE-2008-4133
12Pro2col Stingray FTS cross site scripting5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.00087CVE-2008-10001
13FFmpeg denial of service7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00186CVE-2012-2805
14Netgear WGR614 Authentication Code improper authentication4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.030.00078CVE-2012-6340
15NVIDIA Graphics Drivers registry memory corruption7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.190.00044CVE-2012-0951
16DD-WRT Web Interface cross-site request forgery7.56.9$0-$5k$0-$5kUnprovenNot Defined0.040.00312CVE-2012-6297
17Dell SonicWall Secure Remote Access Appliance editBookmark cross-site request forgery6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.01589CVE-2015-2248
18FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00052CVE-2015-10003
19Kiddoware Kids Place Home Button Protection denial of service5.45.3$0-$5k$0-$5kHighOfficial Fix0.060.00042CVE-2015-10002
20uTorrent memory corruption6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00250CVE-2018-25042

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1104.248.83.13BuerLoader08/10/2022verifiedHigh
2XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxxxxxx06/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/backups/predictiveMedium
2File/cgi-bin/editBookmarkpredictiveHigh
3File/goform/RgDdnspredictiveHigh
4File/goform/RgDhcppredictiveHigh
5File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
6File/xxxxxx/xxxxxxpredictiveHigh
7File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
8File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
9File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
10File/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictiveHigh
14ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
15ArgumentxxxxxxxxxxxxpredictiveMedium
16Argumentxxxxxx_xxx_xxpredictiveHigh
17Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
18ArgumentxxpredictiveLow
19ArgumentxxxxxpredictiveLow
20ArgumentxxxxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
22ArgumentxxxxxxpredictiveLow
23Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
24ArgumentxxxxxxxxpredictiveMedium
25Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
26Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
27Network Portxxx/xxxxxpredictiveMedium
28Network Portxxx/xxxxxpredictiveMedium
29Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!