Bushido Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (38)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en22
zh12
ru2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China20
AU: Australia12
RU: Russia4
US: USA2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Bashlite4
Bushido4
Cobalt Strike3
Azorult1
APT411

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Content Management System4
Operating System2
Web Server2
Chip Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Siemens2
Linux2
HelpSystems2
Apache2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Siemens SINUMERIK 828D2
Siemens SINUMERIK 840D sl2
Linux Kernel2
HelpSystems Cobalt Strike2
Apollo2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1xerial SQLite JDBC URL temp file7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.035120.08CVE-2023-32697
2Untangle NG Firewall injection6.76.7$0-$5k$0-$5kNot definedNot defined 0.014510.00CVE-2019-18647
3Huawei E6878-370 WAN authorization7.27.2$5k-$25k$5k-$25kNot definedNot defined 0.001730.00CVE-2020-9241
4Siemens SINUMERIK 828D/SINUMERIK 840D sl CRAMFS Archive access control7.87.8$5k-$25k$5k-$25kNot definedNot defined 0.000430.00CVE-2018-11460
5MediaTek MT6833/MT6853/MT6855/MT6873/MT6877/MT6893/MT8791 isp out-of-bounds write6.76.5$0-$5k$0-$5kNot definedOfficial fix 0.000240.09CVE-2022-32629
6Microsoft Office MSCOMCTL.OCX code injection8.07.9$5k-$25k$0-$5kAttackedOfficial fixverified0.942950.07CVE-2012-0158
7Apache CloudStack User Key information disclosure5.65.6$0-$5k$0-$5kNot definedOfficial fix 0.005870.05CVE-2024-42062
8XiongMai uc-httpd path traversal7.57.5$0-$5k$0-$5kNot definedNot defined 0.043930.00CVE-2017-7577
9D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials9.89.7$5k-$25k$0-$5kAttackedWorkaroundverified0.934110.04CVE-2024-3272
10Forminator Plugin unrestricted upload8.58.4$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.934850.07CVE-2023-4596
11Keycloak mTLS Authentication certificate validation4.64.6$0-$5k$0-$5kNot definedNot defined 0.002170.00CVE-2023-2422
12ActiveNews Manager default.asp sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000000.05
13Atlassian JIRA Server/Data Center Velocity Template code injection6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.034280.05CVE-2022-36799
14GitLab Community Edition/Enterprise Edition GraphQL Endpoint permission assignment7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.004660.00CVE-2023-2478
15Linux Kernel xgene-hwmon.c xgene_hwmon_remove use after free5.45.4$0-$5k$5k-$25kNot definedNot defined 0.000090.00CVE-2023-1855
16Linux Kernel XFS Subsystem out-of-bounds3.33.2$0-$5k$0-$5kNot definedOfficial fix 0.000190.00CVE-2023-2124
17H2 Console JDBC URL argument injection8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.275050.08CVE-2022-23221
18Moodle Shibboleth Authentication Plugin session fixiation7.77.7$5k-$25k$5k-$25kNot definedNot defined 0.203270.04CVE-2021-36394
19MyBatis PageHelper sql injection5.04.8$0-$5k$0-$5kNot definedNot defined 0.001940.05CVE-2022-28111
20HelpSystems Cobalt Strike cross site scripting5.25.2$0-$5k$0-$5kAttackedOfficial fixverified0.102520.00CVE-2022-39197

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
16.43.51.17Bushido10/27/2018verifiedLow
2XX.XX.XX.XXXxxxx.xxxxxxxxxx.xxXxxxxxx10/27/2018verifiedLow
3XX.XX.XXX.XXXxxxxxx.xxXxxxxxx10/27/2018verifiedLow
4XXX.XX.XX.XXXxxxxxx.xxXxxxxxx10/27/2018verifiedLow
5XXX.XX.XXX.XXxxxxxx10/27/2018verifiedLow

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/nas_sharing.cgipredictiveHigh
2Filecomments/feedpredictiveHigh
3Filedefault.asppredictiveMedium
4Filexxxxxxx/xxxxx/xxxxx-xxxxx.xpredictiveHigh
5Filexxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxx.xxpredictiveMedium
7Filexxxxxxx.xpredictiveMedium
8Libraryxxxxxxxx.xxxpredictiveMedium
9ArgumentxxxxxxxpredictiveLow
10ArgumentxxxxpredictiveLow
11ArgumentxxxxpredictiveLow
12ArgumentxxxxxxxpredictiveLow
13ArgumentxxxxpredictiveLow
14ArgumentxxxxpredictiveLow
15ArgumentxxxxxxxxpredictiveMedium
16Input ValuexxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!