Brunhilda تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

اللغة

en	20
fr	2

البلد

us	10
fr	2

الفاعلين

Brunhilda	3
MuddyWater	1
RedLine	1
FTP Info Stealer	1
FIN7	1

الاهتمام

النوع

Operating System	6
Not Defined	4
Programming Language Software	2
Content Management System	2
Network Encryption Software	2

المجهز

Microsoft	8
HP	4
Not Defined	4
tinc	2
Thomas R. Pasawicz	2

منتج

Microsoft Windows	4
HP HP-UX	2
Microsoft .NET Framework	2
Drupal	2
tinc VPN	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	VICIdial vicidial.php سكربتات مشتركة	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00069	CVE-2021-35377
2	tinc VPN net_packet.c receive_tcppacket تلف الذاكرة	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.00	0.05468	CVE-2013-1428
3	Joomla CMS File Upload media.php تجاوز الصلاحيات	6.3	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.04	0.78471	CVE-2013-5576
4	Microsoft .NET Framework Array Copy تلف الذاكرة	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.24512	CVE-2015-2504
5	Bottle Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00690	CVE-2022-31799
6	Solar appScreener License تجاوز الصلاحيات	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00221	CVE-2022-24449
7	Caddy X.509 Certificate الكشف عن المعلومات	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00136	CVE-2018-19148
8	Drupal Phar Stream Wrapper تجاوز الصلاحيات	8.5	8.4	$0-$5k	جاري الحساب	Not Defined	Official Fix	0.03	0.92709	CVE-2019-6339
9	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
10	Microsoft Windows PowerShell تجاوز الصلاحيات	6.3	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00	0.00000
11	HP HP-UX FTP Server تجاوز الصلاحيات	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00000
12	Microsoft Windows VHD Driver File تجاوز الصلاحيات	6.1	5.8	$25k-$100k	جاري الحساب	Proof-of-Concept	Official Fix	0.00	0.00051	CVE-2016-7224
13	Microsoft Edge تجاوز الصلاحيات	3.1	3.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.06004	CVE-2016-3274
14	NASM Netwide Assembler preproc.c tokenize تلف الذاكرة	6.3	6.2	$0-$5k	جاري الحساب	Not Defined	Official Fix	0.00	0.00059	CVE-2018-8881
15	windows-selenium-chromedriver Download تشفير ضعيف	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00173	CVE-2016-10687
16	QEMU NVM Express Controller Emulator الكشف عن المعلومات	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00062	CVE-2018-16847
17	HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Reflected سكربتات مشتركة	5.2	5.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	0.00058	CVE-2019-6323
18	Microsoft Windows Physical Installation تجاوز الصلاحيات	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00369	CVE-2018-8592
19	IBM Kenexa LCMS Premier on Cloud تجاوز الصلاحيات	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00049	CVE-2016-5949
20	Microsoft Internet Explorer الكشف عن المعلومات	4.8	4.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.89073	CVE-2016-3267

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	45.142.212.216	vm324137.pq.hosting	Brunhilda	31/05/2021	verified	عالي
2	95.142.40.68	vm482228.eurodir.ru	Brunhilda	31/05/2021	verified	عالي
3	185.177.92.213	ip-185-177-92-213.ah-server.com	Brunhilda	31/05/2021	verified	عالي
4	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
5	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
6	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
7	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
8	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
9	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
10	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
11	XXX.XXX.XX.XXX		Xxxxxxxxx	31/05/2021	verified	عالي
12	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي
13	XXX.XX.XXX.XXX	xxxxxxxxxx-x.xxx-xxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	عالي

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1059	CWE-94	Argument Injection	predictive	عالي
2	T1059.007	CWE-79	Cross Site Scripting	predictive	عالي
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	عالي
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	عالي

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/agc/vicidial.php	predictive	عالي
2	File	administrator/components/com_media/helpers/media.php	predictive	عالي
3	File	xxx/xxxxxxx.x	predictive	عالي
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	عالي
5	File	xxx_xxxxxx.x	predictive	متوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!