Brunhilda Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Langue

en	20
de	2

De campagne

us	8
de	2

Acteurs

Brunhilda	2

Intérêt

Taper

Operating System	6
Not Defined	6
Network Encryption Software	2
JavaScript Library	2
Web Browser	2

Fournisseur

Microsoft	8
Not Defined	6
Solar	2
Thomas R. Pasawicz	2
tinc	2

Produit

Microsoft Windows	6
Solar appScreener	2
Thomas R. Pasawicz HyperBook Guestbook	2
Bottle	2
tinc VPN	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	VICIdial vicidial.php cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.04	CVE-2021-35377
2	tinc VPN net_packet.c receive_tcppacket buffer overflow	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.05468	0.02	CVE-2013-1428
3	Joomla CMS File Upload media.php elévation de privilèges	6.3	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.78471	0.04	CVE-2013-5576
4	Microsoft .NET Framework Array Copy buffer overflow	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.24098	0.04	CVE-2015-2504
5	Bottle Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00690	0.03	CVE-2022-31799
6	Solar appScreener License elévation de privilèges	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00221	0.00	CVE-2022-24449
7	Caddy X.509 Certificate divulgation de l'information	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.00	CVE-2018-19148
8	Drupal Phar Stream Wrapper elévation de privilèges	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.92709	0.02	CVE-2019-6339
9	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
10	Microsoft Windows PowerShell elévation de privilèges	6.3	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
11	HP HP-UX FTP Server elévation de privilèges	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
12	Microsoft Windows VHD Driver File elévation de privilèges	6.1	5.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00051	0.00	CVE-2016-7224
13	Microsoft Edge elévation de privilèges	3.1	3.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.06567	0.00	CVE-2016-3274
14	NASM Netwide Assembler preproc.c tokenize buffer overflow	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00059	0.00	CVE-2018-8881
15	windows-selenium-chromedriver Download chiffrement faible	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.00	CVE-2016-10687
16	QEMU NVM Express Controller Emulator divulgation de l'information	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.02	CVE-2018-16847
17	HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Reflected cross site scripting	5.2	5.2	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2019-6323
18	Microsoft Windows Physical Installation elévation de privilèges	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00248	0.00	CVE-2018-8592
19	IBM Kenexa LCMS Premier on Cloud elévation de privilèges	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2016-5949
20	Microsoft Internet Explorer divulgation de l'information	4.8	4.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.89073	0.00	CVE-2016-3267

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	45.142.212.216	vm324137.pq.hosting	Brunhilda	31/05/2021	verified	Élevé
2	95.142.40.68	vm482228.eurodir.ru	Brunhilda	31/05/2021	verified	Élevé
3	185.177.92.213	ip-185-177-92-213.ah-server.com	Brunhilda	31/05/2021	verified	Élevé
4	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
5	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
6	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
7	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
8	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
9	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
10	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
11	XXX.XXX.XX.XXX		Xxxxxxxxx	31/05/2021	verified	Élevé
12	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé
13	XXX.XX.XXX.XXX	xxxxxxxxxx-x.xxx-xxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1059	CWE-94	Argument Injection	predictive	Élevé
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/agc/vicidial.php	predictive	Élevé
2	File	administrator/components/com_media/helpers/media.php	predictive	Élevé
3	File	xxx/xxxxxxx.x	predictive	Élevé
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
5	File	xxx_xxxxxx.x	predictive	Moyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!