Buer Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (346)

Langue

en	340
de	4
it	2

De campagne

us	224
at	86
gb	2
ch	2
ru	2

Acteurs

Buer	5
IcedID	2
Cobalt Strike	1
PhotoLoader	1
Locky	1

Intérêt

Taper

Operating System	68
Not Defined	48
Web Browser	30
Smartphone Operating System	18
Digital Media Player	10

Fournisseur

Microsoft	60
Apple	48
Not Defined	22
Linux	20
Cisco	12

Produit

Microsoft Windows	34
Linux Kernel	20
Apple iOS	16
Apple macOS	12
Apple Safari	10

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Apache HTTP Server mod_rewrite Redirect	6.7	6.7	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00258	0.04	CVE-2020-1927
3	SAP Solution Manager elévation de privilèges	9.4	9.4	$5k-$25k	$0-$5k	High	Not Defined	0.97439	0.05	CVE-2020-6207
4	Cisco IP Phone Discovery Protocol elévation de privilèges	8.8	8.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00074	0.00	CVE-2020-3111
5	EOS Camera Picture Transfer Protocol buffer overflow	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00672	0.00	CVE-2019-6000
6	Linux Kernel USB Device technisat-usb2.c divulgation de l'information	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00713	0.03	CVE-2019-15505
7	Microsoft Windows JET Database Engine buffer overflow	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.01492	0.02	CVE-2019-1358
8	Dell EMC iDRAC6 Web-based Diagnostics Console elévation de privilèges	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00110	0.00	CVE-2018-1212
9	Tenable Nessus Reflected cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00110	0.02	CVE-2019-3961
10	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.20	CVE-2010-0966
11	PHP Blowfish Hash password_verify Remote Code Execution	6.6	6.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00050	0.03	CVE-2023-0567
12	PHP SOAP HTTP Digest Authentication php_http.c php_random_bytes_throw divulgation de l'information	2.6	2.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00045	0.02	CVE-2023-3247
13	TRENDnet TEW-811DRU httpd security.asp buffer overflow	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.09	CVE-2023-0613
14	Ubuntu Linux overlayfs ovl_copy_up_meta_inode_data elévation de privilèges	7.8	7.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00042	0.02	CVE-2023-32629
15	laravel elévation de privilèges	4.1	3.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00160	0.07	CVE-2022-2870
16	Huawei SXXX VRP MPLS LSP Ping divulgation de l'information	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00096	0.04	CVE-2014-8570
17	WordPress sql injection	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00467	0.03	CVE-2022-21664
18	nginx elévation de privilèges	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	5.54	CVE-2020-12440
19	Apache Commons Text Variable Interpolation elévation de privilèges	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97150	0.04	CVE-2022-42889
20	Alkacon OpenCms cross site scripting	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00434	0.00	CVE-2005-4294

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	142.93.102.244	dev.dotyeti.com	Buer	23/08/2021	verified	Élevé
2	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xx-xxxx.xxxx	Xxxx	16/12/2020	verified	Élevé
3	XXX.XXX.XXX.XX		Xxxx	23/08/2021	verified	Élevé
4	XXX.XXX.XXX.XXX	xxxxxx.xxxxxxxxxxxxx.xxx	Xxxx	23/08/2021	verified	Élevé
5	XXX.XXX.XXX.XXX	xxxx.xxxxxxx.xxxxxxxxxxxx.xxx	Xxxx	23/08/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	T1059	CWE-94	Argument Injection	predictive	Élevé
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Élevé
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
13	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Élevé
15	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
16	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
17	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Élevé

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/backups/	predictive	Moyen
2	File	/cgi-bin/admin/testserver.cgi	predictive	Élevé
3	File	/cgi-bin/editBookmark	predictive	Élevé
4	File	/dev/kvm	predictive	Moyen
5	File	/goform/RgDdns	predictive	Élevé
6	File	/goform/RgDhcp	predictive	Élevé
7	File	/goform/RGFirewallEL	predictive	Élevé
8	File	/goform/RgTime	predictive	Élevé
9	File	/goform/RgUrlBlock.asp	predictive	Élevé
10	File	/xxxxxx/xxxxxxxxxxxxxxxxxx	predictive	Élevé
11	File	/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
12	File	/xxxxxxxx/xxxxxxxx.xxx	predictive	Élevé
13	File	/xx-xxxxx/xxxxx-xxxx.xxx	predictive	Élevé
14	File	xxx_xxxxxxx.xxx	predictive	Élevé
15	File	xxxxx/xxxxxx-xxxxxx.xxx	predictive	Élevé
16	File	xxxx/xxxxxxx/xxxxxx/xxxx_xxxxxx.x	predictive	Élevé
17	File	xxxxxxx.xxx	predictive	Moyen
18	File	xxxxxx.x	predictive	Moyen
19	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
20	File	xxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.x	predictive	Élevé
21	File	xxxxxxx/xxxxx/xxx/xxxxx/xxxxxxx_xxx.x	predictive	Élevé
22	File	xxxxxxx/xxx/xxx/xxxxx.x	predictive	Élevé
23	File	xxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.x	predictive	Élevé
24	File	xxx/xxxx/xxx_xxxx.x	predictive	Élevé
25	File	xxxxx/xxxxxxxxxx.xxx	predictive	Élevé
26	File	xxx/xxxx_xxxx.x	predictive	Élevé
27	File	xxxx/xxxxxxx.x	predictive	Élevé
28	File	xxxx/xxxxxxx.x	predictive	Élevé
29	File	xxx/xxxxxx.xxx	predictive	Élevé
30	File	xxxxxxx/xxxxx/xxxxxx/xxxx.x	predictive	Élevé
31	File	xxxxxx/xxxxx/xxxxx.x	predictive	Élevé
32	File	xxxxxxxxxx.xxx	predictive	Élevé
33	File	xxx_xxxxx_xxxx.x	predictive	Élevé
34	File	xxx/xxx/xxxx.x	predictive	Élevé
35	File	xxxx/xxxxxx/xxxxxx/xxxxxxxx	predictive	Élevé
36	File	xxxxxxxxxx.xxx	predictive	Élevé
37	File	xxxxxxxx	predictive	Moyen
38	File	xxxxxxxxx.xxx	predictive	Élevé
39	File	xxxxxx	predictive	Faible
40	Library	xxxxxx.xxxxxxx.xxxxxxx	predictive	Élevé
41	Library	xxxxx.xxx	predictive	Moyen
42	Library	xxxxxxxx/xxx/xxxx/xxx/xxxxxx/xxxxxx.x	predictive	Élevé
43	Argument	--xxxxx	predictive	Faible
44	Argument	xxxxxxxx	predictive	Moyen
45	Argument	xxxxxxxxxxxxxxxxxxxxxxx	predictive	Élevé
46	Argument	xxxxxx[xxxxx_xxxxxxxxx]	predictive	Élevé
47	Argument	xxxxxxxxxxxx	predictive	Moyen
48	Argument	xxxxxx_xxx_xx	predictive	Élevé
49	Argument	xxxxxxxxxxxx/xxxxxxxxxxxxxx	predictive	Élevé
50	Argument	xxxx	predictive	Faible
51	Argument	xx	predictive	Faible
52	Argument	xxxxxxxxxxxx	predictive	Moyen
53	Argument	xxxxx_xxxxxxx_xxxx	predictive	Élevé
54	Argument	xxxxx	predictive	Faible
55	Argument	xxxxxxxxxxx	predictive	Moyen
56	Argument	xxxxxxxx	predictive	Moyen
57	Argument	xxxxxxxxxxx	predictive	Moyen
58	Argument	xxxxxxxxxxxxxxxxxxxx	predictive	Élevé
59	Argument	xxxxxx	predictive	Faible
60	Argument	xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxx	predictive	Élevé
61	Argument	xxx	predictive	Faible
62	Argument	xxxxxxxx	predictive	Moyen
63	Argument	xxxxxxxx	predictive	Moyen
64	Input Value	<xxxxxx>xxxxx(x)</xxxxxx>	predictive	Élevé
65	Input Value	><xxxxxx>xxxxx(x)</xxxxxx>	predictive	Élevé
66	Input Value	xxxxxxxxxx	predictive	Moyen
67	Network Port	xxx/xxxxx	predictive	Moyen
68	Network Port	xxx/xxxxx	predictive	Moyen
69	Network Port	xxx xxxxxx xxxx	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you need the next level of professionalism?

Upgrade your account now!