Butter Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (38)

Langue

en	32
zh	6

De campagne

cn	24
us	14

Acteurs

Butter	3

Intérêt

Taper

Not Defined	18
Application Server Software	4
Content Management System	4
Web Server	2
Software Management Software	2

Fournisseur

Not Defined	20
Apache	4
Cisco	4
IBM	2
Inspur	2

Produit

IBM WebSphere Application Server	2
Inspur ClusterEngine	2
Apache HTTP Server	2
Webmin	2
Twisted	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Webmin UI Command apt-lib.pl cross site scripting	6.6	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.96925	0.09	CVE-2022-36446
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	MajorDoMo thumb.php elévation de privilèges	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.73739	0.00	CVE-2023-50917
4	phpMyAdmin divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00136	0.03	CVE-2022-0813
5	phpMyAdmin Two-factor Authentication authentification faible	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.04	CVE-2022-23807
6	Codoforum Admin Panel elévation de privilèges	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.17108	0.04	CVE-2022-31854
7	Inspur ClusterEngine Control Server elévation de privilèges	8.0	7.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04664	0.07	CVE-2020-21224
8	Maianscriptworld Maian Cart Elfinder Plugin elévation de privilèges	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.26906	0.00	CVE-2021-32172
9	Snap Creek Duplicator installer.php elévation de privilèges	8.5	8.2	$0-$5k	$0-$5k	High	Official Fix	0.83833	0.00	CVE-2018-17207
10	Cisco SD-WAN Software/SD-WAN vManage Software MPLS buffer overflow	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00171	0.00	CVE-2021-1614
11	Webmin User cross site request forgery	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01275	0.00	CVE-2021-31762
12	Webmin Process cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96024	0.00	CVE-2021-31761
13	Alt-N MDaemon Worldclient elévation de privilèges	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00090	0.06	CVE-2021-27182
14	php-fusion downloads.php elévation de privilèges	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.95494	0.00	CVE-2020-24949
15	Twisted twisted.web elévation de privilèges	6.6	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00240	0.00	CVE-2019-12387
16	Apache HTTP Server mod_proxy_http dénie de service	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00619	0.03	CVE-2020-13950
17	Apache Tomcat NTFS File System File.getCanonicalPath divulgation de l'information	5.1	5.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00232	0.03	CVE-2021-24122
18	Webmin Default Configuration shadow directory traversal	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00149	0.00	CVE-2018-8712
19	Webmin Package Updates Module update.cgi elévation de privilèges	8.8	8.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.12331	0.06	CVE-2019-12840
20	spring-boot-actuator-logview directory traversal	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.96787	0.00	CVE-2021-21234

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	37.187.154.79	ns320600.ip-37-187-154.eu	Butter	13/02/2022	verified	Élevé
2	46.105.103.169	ns383264.ip-46-105-103.eu	Butter	13/02/2022	verified	Élevé
3	XXX.XX.XXX.XXX		Xxxxxx	13/02/2022	verified	Élevé
4	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxx.xxxxx.xxx	Xxxxxx	13/02/2022	verified	Élevé
5	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxxx.xxxxx.xxx	Xxxxxx	13/02/2022	verified	Élevé
6	XXX.XXX.XX.XXX	xxx.xxx.xx.xxx.xxxxxx.xxxxx.xxx	Xxxxxx	13/02/2022	verified	Élevé
7	XXX.X.XXX.XXX		Xxxxxx	13/02/2022	verified	Élevé
8	XXX.XX.XXX.XX		Xxxxxx	13/02/2022	verified	Élevé
9	XXX.XX.XXX.XXX		Xxxxxx	13/02/2022	verified	Élevé
10	XXX.XXX.XXX.XX		Xxxxxx	13/02/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Élevé
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/etc/shadow	predictive	Moyen
2	File	awstats.pl	predictive	Moyen
3	File	cjson.c	predictive	Faible
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
5	File	xxxxxxxxx/xxxxxxxxx.xxx	predictive	Élevé
6	File	xxxxxxxxx.xxx	predictive	Élevé
7	File	xxx/xxxx/xxxx_xxxxxxxxxx_xxxx.x	predictive	Élevé
8	File	xxxxx.xxx	predictive	Moyen
9	File	xxxxxxx.xxx	predictive	Moyen
10	File	xxxxxx.xxx	predictive	Moyen
11	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	Élevé
12	Library	xxxxxxxx/xxx-xxx.xx	predictive	Élevé
13	Argument	xxxxxx	predictive	Faible
14	Argument	xxxx	predictive	Faible
15	Argument	xxxx/xxx_xxxxxxxxx	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!