Buhtrap Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Sprache

en	96
ru	16
de	12
zh	4
es	2

Land

ru	118
us	10
ga	2

Akteure

Buhtrap	5
Gamaredon	2
DCRat	2
Rig Exploit Kit	1
Shuckworm	1

Interesse

Typ

Not Defined	46
Operating System	12
Content Management System	6
Programming Language Software	4
Web Browser	4

Hersteller

Not Defined	38
Microsoft	14
Apple	6
Linux	4
HP	4

Produkt

Apple Mac OS X	4
Linux Kernel	4
Microsoft Windows	4
Calibre-Web	4
Netgate pfSense	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Siemens SIMATIC HMI United Comfort Panel schwache Authentisierung	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00874	CVE-2020-15787
2	Microsoft Windows Advanced Local Procedure Call Privilege Escalation	9.2	8.7	$25k-$100k	$5k-$25k	Functional	Official Fix	0.03	0.00651	CVE-2023-21674
3	Microsoft Windows Kernel Privilege Escalation	7.2	6.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.05	0.00053	CVE-2022-21881
4	Microsoft Windows SMB Witness Service erweiterte Rechte	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.00120	CVE-2023-21549
5	Microsoft SQL Server Privilege Escalation	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.04	0.00043	CVE-2022-23276
6	Select2 Cross Site Scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00094	CVE-2016-10744
7	HP 3PAR Service Processor SP Information Disclosure	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.02	0.00110	CVE-2015-5443
8	Oracle Java SE/Java SE Embedded Deployment Pufferüberlauf	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02	0.01195	CVE-2013-5788
9	WooCommerce PayU India Payment Gateway Plugin Purchase Price erweiterte Rechte	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00114	CVE-2019-14978
10	WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price erweiterte Rechte	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00241	CVE-2019-14977
11	Microsoft IIS Cross Site Scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00548	CVE-2017-0055
12	Apache HTTP Server smbvalid/smbval authensmb Pufferüberlauf	10.0	9.5	$25k-$100k	Wird berechnet	Not Defined	Official Fix	0.02	0.00133	CVE-1999-1237
13	Netgate pfSense XML File config.xml restore_rrddata erweiterte Rechte	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.45928	CVE-2023-27253
14	Joomla Webservice Endpoint erweiterte Rechte	5.4	5.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.95214	CVE-2023-23752
15	Lars Ellingsen Guestserver guestbook.cgi Cross Site Scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00169	CVE-2005-4222
16	MGB OpenSource Guestbook email.php SQL Injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.46	0.01302	CVE-2007-0354
17	Cloudflare WARP Client warp-cli Subcommand erweiterte Rechte	7.7	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00044	CVE-2022-2225
18	Siemens SIMATIC PCS 7/SIMATIC S7-PM/SIMATIC STEP 7 V5 erweiterte Rechte	9.2	9.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00084	CVE-2023-25910
19	Next.js next.config.js erweiterte Rechte	5.1	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00118	CVE-2022-23646
20	Linux Kernel Pufferüberlauf	5.9	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2011-1477

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	5.63.159.32	5-63-159-32.cloudvps.regruhosting.ru	Buhtrap	23.12.2020	verifiziert	High
2	37.140.195.165	console.teonet.cloud	Buhtrap	23.12.2020	verifiziert	High
3	37.143.12.190	hosted-by.ihc.ru	Buhtrap	23.12.2020	verifiziert	High
4	XX.XXX.XXX.XX		Xxxxxxx	25.03.2019	verifiziert	High
5	XXX.XXX.XXX.XXX	xxxx.xxxxxxxxx.xxxxx	Xxxxxxx	23.12.2020	verifiziert	High
6	XXX.XX.XX.XX	xxx-xx-xx-xx.xxx.xxx.xxxxxxxxxxxx.xx	Xxxxxxx	23.12.2020	verifiziert	High
7	XXX.XXX.XX.XXX	xxxxxx.xxx.xxxxxxxxx.xx	Xxxxxxx	23.12.2020	verifiziert	High
8	XXX.XX.XX.XXX	xxxxxxxxx.xx	Xxxxxxx	23.12.2020	verifiziert	High
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxx.xxxxxxxxxxxx.xx	Xxxxxxx	23.12.2020	verifiziert	High
10	XXX.XXX.XXX.XXX		Xxxxxxx	23.12.2020	verifiziert	High
11	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xxx	Xxxxxxx	25.03.2019	verifiziert	High

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-22	Path Traversal	prädiktiv	High
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CWE-94	Argument Injection	prädiktiv	High
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
12	TXXXX	CWE-XXX	Xxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
14	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	prädiktiv	High
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
16	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
17	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/objects/getImageMP4.php	prädiktiv	High
2	File	/payu/icpcheckout/	prädiktiv	High
3	File	/uncpath/	prädiktiv	Medium
4	File	adclick.php	prädiktiv	Medium
5	File	admin.php	prädiktiv	Medium
6	File	adrotate.pm	prädiktiv	Medium
7	File	article.php	prädiktiv	Medium
8	File	asn1fix_retrieve.c	prädiktiv	High
9	File	bigsam_guestbook.php	prädiktiv	High
10	File	xxxxx.xxx	prädiktiv	Medium
11	File	xxxx/xxx/.../xxxxxx	prädiktiv	High
12	File	xxxxxxxx.xxx	prädiktiv	Medium
13	File	xxxxx.xxx	prädiktiv	Medium
14	File	xxxxxx.xxx	prädiktiv	Medium
15	File	xxxxxxx.xxxx	prädiktiv	Medium
16	File	xxxxxx.xxx	prädiktiv	Medium
17	File	xx/xx_xxxxxxx.xxx	prädiktiv	High
18	File	xxxxxxxx.xxx	prädiktiv	Medium
19	File	xxxxxxx/xxxx/xxxxxx/xxxxxxx.x	prädiktiv	High
20	File	xxxxx.xxx	prädiktiv	Medium
21	File	xxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxx	prädiktiv	High
22	File	xxxxxxx.xxx	prädiktiv	Medium
23	File	xxxxxxxxx.xxx	prädiktiv	High
24	File	xxx/xxxxxx.xxx	prädiktiv	High
25	File	xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx	prädiktiv	High
26	File	xxxxxxx/xxxxxxxxxxxxx.xxxx	prädiktiv	High
27	File	xxxx_xxxx.xxx	prädiktiv	High
28	File	xxxxxxxx.xxx	prädiktiv	Medium
29	File	xxx/xxxx/xxxx_xxxx.x	prädiktiv	High
30	File	xxxx.xxxxxx.xx	prädiktiv	High
31	File	xxx/xxxxx.xxxx	prädiktiv	High
32	File	xxxxxxx.xxx	prädiktiv	Medium
33	File	xxxx.xxx	prädiktiv	Medium
34	File	xxxxxxx.xxx	prädiktiv	Medium
35	File	xxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxx	prädiktiv	High
36	File	xxxx_xxxxxxx_xxxxxxxx.xxx	prädiktiv	High
37	File	xxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxx	prädiktiv	High
38	File	xxxxxxx-xxxxxxx.xxx	prädiktiv	High
39	File	xx/xx/xxxxxxxxx_xxxxxxxxxxx.xxx	prädiktiv	High
40	File	xxxx.xxx	prädiktiv	Medium
41	File	xxxx/xxxxxxxxxxxx.xxx	prädiktiv	High
42	File	xxxxxxxxxxxx.xxx	prädiktiv	High
43	File	xxx.xxxxxxxx.xxx	prädiktiv	High
44	File	xxxxxxxx.xxx	prädiktiv	Medium
45	File	_xxxxxxxxx_xxxxxx_xxxxx___.xxx	prädiktiv	High
46	Library	xxxxxx.xxx	prädiktiv	Medium
47	Library	xxxxxxxx.xxx.xxx	prädiktiv	High
48	Argument	xxxxxxxxx	prädiktiv	Medium
49	Argument	xxxxxxxx	prädiktiv	Medium
50	Argument	xxxxxx	prädiktiv	Low
51	Argument	xxx_xxx	prädiktiv	Low
52	Argument	xxx	prädiktiv	Low
53	Argument	xxx_xx	prädiktiv	Low
54	Argument	xxx	prädiktiv	Low
55	Argument	xxxx_xx	prädiktiv	Low
56	Argument	xxxxxxx	prädiktiv	Low
57	Argument	xxxx	prädiktiv	Low
58	Argument	xxxxxxxx	prädiktiv	Medium
59	Argument	xxxxxxxxx->xxxxxxxxx	prädiktiv	High
60	Argument	xx	prädiktiv	Low
61	Argument	xxxx_xx	prädiktiv	Low
62	Argument	xxx	prädiktiv	Low
63	Argument	xx	prädiktiv	Low
64	Argument	xxxxxxxxxxxxxxxx	prädiktiv	High
65	Argument	xxxxxx/xxxxxx_xxxxxx	prädiktiv	High
66	Argument	xxxxxx	prädiktiv	Low
67	Argument	xxx	prädiktiv	Low
68	Argument	xxxx	prädiktiv	Low
69	Argument	xxxxxxx	prädiktiv	Low
70	Argument	xxx	prädiktiv	Low
71	Argument	xxxxx	prädiktiv	Low
72	Argument	xxx	prädiktiv	Low
73	Argument	xxxxxx	prädiktiv	Low
74	Argument	xxxxxxxx	prädiktiv	Medium
75	Argument	xxxxxxxx	prädiktiv	Medium
76	Argument	xxxxxxxx/xxxx	prädiktiv	High
77	Argument	xxxxxxxx:xxxxxxxx	prädiktiv	High
78	Input Value	xxx[…]	prädiktiv	Medium
79	Input Value	xxxxxxxxx:xxxxxxxx	prädiktiv	High
80	Network Port	xxx	prädiktiv	Low

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!