BelialDemon Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Linguaggio

en	22

Nazione

tt	8

Attori

BelialDemon	1

Interesse

Genere

Not Defined	12
Packet Analyzer Software	2
Web Browser	2
Ticket Tracking Software	2

Fornitore

Not Defined	10
Tenda	2
United Planet	2
Google	2
Star	2

Prodotto

uppy Package	2
Tenda W30E	2
Sympa	2
WPG Plugin	2
United Planet Intrexx Professional	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	SonicBOOM riscv-boom escalazione di privilegi	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.00	CVE-2020-29561
2	United Planet Intrexx Professional cross site scripting	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.00	CVE-2020-24188
3	Huawei Mate 20 Digital Balance escalazione di privilegi	3.9	3.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00058	0.00	CVE-2020-1831
4	Aviatrix Controller Web Interface cross site request forgery	5.4	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00053	0.00	CVE-2020-13416
5	Tenda Tenda W30E NatStaticSetting buffer overflow	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.00	CVE-2022-45516
6	Tenda W30E CertListInfo buffer overflow	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.00	CVE-2022-45525
7	thinkphp-bjyblog AdminBaseController.class.php exit cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2021-43682
8	WPG Plugin buffer overflow	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01367	0.00	CVE-2021-27362
9	ownCloud escalazione di privilegi	6.8	6.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.00	CVE-2020-28645
10	Star Practice Management Web WIP Detail escalazione di privilegi	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.00	CVE-2020-28401
11	Microsoft .NET Framework XML denial of service	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00410	0.00	CVE-2018-0764
12	Wireshark Dissection Engine denial of service	4.2	4.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00334	0.00	CVE-2020-26419
13	Sympa SOAP API authenticateAndRun escalazione di privilegi	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00266	0.00	CVE-2020-29668
14	Symantec Messaging Gateway Web UI rivelazione di un 'informazione	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00065	0.02	CVE-2020-12595
15	Google Chrome Omnibox autenticazione debole	6.4	6.1	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00542	0.00	CVE-2020-6565
16	osTicket ajax.draft.php _uploadInlineImage cross site scripting	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00078	0.00	CVE-2020-24917
17	uppy Package escalazione di privilegi	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00327	0.00	CVE-2020-8205

Campagne (1)

These are the campaigns that can be associated with the actor:

Matanbuchus

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	34.94.151.129	129.151.94.34.bc.googleusercontent.com	BelialDemon	Matanbuchus	29/08/2021	verified	Media
2	XX.XXX.XX.XX	xx.xx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	Xxxxxxxxxxx	29/08/2021	verified	Media
3	XX.XXX.XXX.XXX	xxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	Xxxxxxxxxxx	29/08/2021	verified	Media

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
2	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
3	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/goform/CertListInfo	predictive	Alto
2	File	/goform/NatStaticSetting	predictive	Alto
3	File	xxxxxxxxxxxxxxxxxxx.xxxxx.xxx	predictive	Alto
4	File	xxxxxxx/xxxx.xxxxx.xxx	predictive	Alto
5	Argument	xxxxxxxxxx	predictive	Media
6	Argument	xxxx	predictive	Basso
7	Argument	xxxxxxx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!