Buer تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (346)

التسلسل الزمني

اللغة

en334
zh4
de4
pl4

البلد

us212
at86
ru2
cn2
gb2

الفاعلين

Buer5
IcedID2
Cobalt Strike1
PhotoLoader1
Locky1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined60
Operating System56
Web Browser40
Smartphone Operating System14
Document Reader Software12

المجهز

Microsoft52
Not Defined46
Apple36
Mozilla18
Linux12

منتج

Microsoft Windows30
Mozilla Firefox14
Apple iOS14
Microsoft Edge12
Linux Kernel12

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25kجاري الحسابHighWorkaround0.020160.00CVE-2007-1192
2Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.08CVE-2020-1927
3SAP Solution Manager تجاوز الصلاحيات9.49.4$5k-$25k$0-$5kHighNot Defined0.974390.05CVE-2020-6207
4Cisco IP Phone Discovery Protocol تجاوز الصلاحيات8.88.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2020-3111
5EOS Camera Picture Transfer Protocol تلف الذاكرة8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006720.00CVE-2019-6000
6Linux Kernel USB Device technisat-usb2.c الكشف عن المعلومات8.58.5$5k-$25k$5k-$25kNot DefinedOfficial Fix0.007130.03CVE-2019-15505
7Microsoft Windows JET Database Engine تلف الذاكرة7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.015230.02CVE-2019-1358
8Dell EMC iDRAC6 Web-based Diagnostics Console تجاوز الصلاحيات7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2018-1212
9Tenable Nessus Reflected سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001050.02CVE-2019-3961
10DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.50CVE-2010-0966
11PHP Blowfish Hash password_verify Remote Code Execution6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.00CVE-2023-0567
12PHP SOAP HTTP Digest Authentication php_http.c php_random_bytes_throw الكشف عن المعلومات2.62.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2023-3247
13TRENDnet TEW-811DRU httpd security.asp تلف الذاكرة7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.04CVE-2023-0613
14Ubuntu Linux overlayfs ovl_copy_up_meta_inode_data تجاوز الصلاحيات7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.00CVE-2023-32629
15laravel تجاوز الصلاحيات4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001600.05CVE-2022-2870
16Huawei SXXX VRP MPLS LSP Ping الكشف عن المعلومات5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.04CVE-2014-8570
17WordPress حقن إس كيو إل6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.08CVE-2022-21664
18nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.03CVE-2020-12440
19Apache Commons Text Variable Interpolation تجاوز الصلاحيات8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.971660.04CVE-2022-42889
20Alkacon OpenCms سكربتات مشتركة6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004340.03CVE-2005-4294

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
1142.93.102.244dev.dotyeti.comBuer23/08/2021verifiedعالي
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxx16/12/2020verifiedعالي
3XXX.XXX.XXX.XXXxxx23/08/2021verifiedعالي
4XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxx23/08/2021verifiedعالي
5XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxxxxxxxxxx.xxxXxxx23/08/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-22Path Traversalpredictiveعالي
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveعالي
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/backups/predictiveمتوسط
2File/cgi-bin/admin/testserver.cgipredictiveعالي
3File/cgi-bin/editBookmarkpredictiveعالي
4File/dev/kvmpredictiveمتوسط
5File/goform/RgDdnspredictiveعالي
6File/goform/RgDhcppredictiveعالي
7File/goform/RGFirewallELpredictiveعالي
8File/goform/RgTimepredictiveعالي
9File/goform/RgUrlBlock.asppredictiveعالي
10File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveعالي
11File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
12File/xxxxxxxx/xxxxxxxx.xxxpredictiveعالي
13File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveعالي
14Filexxx_xxxxxxx.xxxpredictiveعالي
15Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveعالي
16Filexxxx/xxxxxxx/xxxxxx/xxxx_xxxxxx.xpredictiveعالي
17Filexxxxxxx.xxxpredictiveمتوسط
18Filexxxxxx.xpredictiveمتوسط
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
20Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.xpredictiveعالي
21Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxxxx_xxx.xpredictiveعالي
22Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveعالي
23Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictiveعالي
24Filexxx/xxxx/xxx_xxxx.xpredictiveعالي
25Filexxxxx/xxxxxxxxxx.xxxpredictiveعالي
26Filexxx/xxxx_xxxx.xpredictiveعالي
27Filexxxx/xxxxxxx.xpredictiveعالي
28Filexxxx/xxxxxxx.xpredictiveعالي
29Filexxx/xxxxxx.xxxpredictiveعالي
30Filexxxxxxx/xxxxx/xxxxxx/xxxx.xpredictiveعالي
31Filexxxxxx/xxxxx/xxxxx.xpredictiveعالي
32Filexxxxxxxxxx.xxxpredictiveعالي
33Filexxx_xxxxx_xxxx.xpredictiveعالي
34Filexxx/xxx/xxxx.xpredictiveعالي
35Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictiveعالي
36Filexxxxxxxxxx.xxxpredictiveعالي
37Filexxxxxxxxpredictiveمتوسط
38Filexxxxxxxxx.xxxpredictiveعالي
39Filexxxxxxpredictiveواطئ
40Libraryxxxxxx.xxxxxxx.xxxxxxxpredictiveعالي
41Libraryxxxxx.xxxpredictiveمتوسط
42Libraryxxxxxxxx/xxx/xxxx/xxx/xxxxxx/xxxxxx.xpredictiveعالي
43Argument--xxxxxpredictiveواطئ
44Argumentxxxxxxxxpredictiveمتوسط
45Argumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveعالي
46Argumentxxxxxx[xxxxx_xxxxxxxxx]predictiveعالي
47Argumentxxxxxxxxxxxxpredictiveمتوسط
48Argumentxxxxxx_xxx_xxpredictiveعالي
49Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveعالي
50Argumentxxxxpredictiveواطئ
51Argumentxxpredictiveواطئ
52Argumentxxxxxxxxxxxxpredictiveمتوسط
53Argumentxxxxx_xxxxxxx_xxxxpredictiveعالي
54Argumentxxxxxpredictiveواطئ
55Argumentxxxxxxxxxxxpredictiveمتوسط
56Argumentxxxxxxxxpredictiveمتوسط
57Argumentxxxxxxxxxxxpredictiveمتوسط
58Argumentxxxxxxxxxxxxxxxxxxxxpredictiveعالي
59Argumentxxxxxxpredictiveواطئ
60Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictiveعالي
61Argumentxxxpredictiveواطئ
62Argumentxxxxxxxxpredictiveمتوسط
63Argumentxxxxxxxxpredictiveمتوسط
64Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveعالي
65Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveعالي
66Input Valuexxxxxxxxxxpredictiveمتوسط
67Network Portxxx/xxxxxpredictiveمتوسط
68Network Portxxx/xxxxxpredictiveمتوسط
69Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!