Brunhilda Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Sequenza temporale

Linguaggio

en20
fr2

Nazione

us10
ru2
fr2

Attori

Brunhilda4
Cobalt Strike2
MuddyWater1
RedLine1
FTP Info Stealer1

Attività

Interesse

Sequenza temporale

Genere

Operating System6
Content Management System4
Web Browser2
Cloud Software2
JavaScript Library2

Fornitore

Microsoft10
Not Defined6
IBM2
HP2
Joomla2

Prodotto

Microsoft Windows6
Microsoft Edge2
IBM Kenexa LCMS Premier on Cloud2
windows-selenium-chromedriver2
Drupal2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1VICIdial vicidial.php cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2021-35377
2tinc VPN net_packet.c receive_tcppacket buffer overflow6.36.0$0-$5k$0-$5kHighOfficial Fix0.054680.02CVE-2013-1428
3Joomla CMS File Upload media.php escalazione di privilegi6.36.0$5k-$25k$0-$5kHighOfficial Fix0.784710.04CVE-2013-5576
4Microsoft .NET Framework Array Copy buffer overflow7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.240980.05CVE-2015-2504
5Bottle Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.006900.03CVE-2022-31799
6Solar appScreener License escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.002210.00CVE-2022-24449
7Caddy X.509 Certificate rivelazione di un 'informazione4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001380.00CVE-2018-19148
8Drupal Phar Stream Wrapper escalazione di privilegi8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.927090.02CVE-2019-6339
9Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
10Microsoft Windows PowerShell escalazione di privilegi6.35.7$25k-$100k$0-$5kProof-of-ConceptUnavailable0.000000.00
11HP HP-UX FTP Server escalazione di privilegi7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.00
12Microsoft Windows VHD Driver File escalazione di privilegi6.15.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000510.04CVE-2016-7224
13Microsoft Edge escalazione di privilegi3.13.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.065670.00CVE-2016-3274
14NASM Netwide Assembler preproc.c tokenize buffer overflow6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000590.00CVE-2018-8881
15windows-selenium-chromedriver Download crittografia debole6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001730.00CVE-2016-10687
16QEMU NVM Express Controller Emulator rivelazione di un 'informazione6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2018-16847
17HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Reflected cross site scripting5.25.2$5k-$25k$0-$5kNot DefinedNot Defined0.000580.00CVE-2019-6323
18Microsoft Windows Physical Installation escalazione di privilegi6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002480.00CVE-2018-8592
19IBM Kenexa LCMS Premier on Cloud escalazione di privilegi4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.000490.00CVE-2016-5949
20Microsoft Internet Explorer rivelazione di un 'informazione4.84.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.890730.00CVE-2016-3267

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
145.142.212.216vm324137.pq.hostingBrunhilda31/05/2021verifiedAlto
295.142.40.68vm482228.eurodir.ruBrunhilda31/05/2021verifiedAlto
3185.177.92.213ip-185-177-92-213.ah-server.comBrunhilda31/05/2021verifiedAlto
4XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
5XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
6XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
7XXX.XXX.XX.XXxx-xxx-xxx-xx-xx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
8XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
9XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
10XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
11XXX.XXX.XX.XXXXxxxxxxxx31/05/2021verifiedAlto
12XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx-xxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto
13XXX.XX.XXX.XXXxxxxxxxxxx-x.xxx-xxxxxxx.xxxXxxxxxxxx31/05/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/agc/vicidial.phppredictiveAlto
2Fileadministrator/components/com_media/helpers/media.phppredictiveAlto
3Filexxx/xxxxxxx.xpredictiveAlto
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
5Filexxx_xxxxxx.xpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!