Buer Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (346)

Sequenza temporale

Linguaggio

en334
de6
pl4
it2

Nazione

us224
at84
gb4
ru2
ch2

Attori

Buer5
IcedID2
Cobalt Strike1
PhotoLoader1
Locky1

Attività

Interesse

Sequenza temporale

Genere

Operating System60
Not Defined44
Web Browser42
Smartphone Operating System12
Document Reader Software12

Fornitore

Microsoft58
Not Defined52
Apple30
Linux16
Mozilla14

Prodotto

Microsoft Windows26
Linux Kernel16
Microsoft Edge14
Mozilla Firefox12
Foxit Reader12

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
3SAP Solution Manager escalazione di privilegi9.49.4$5k-$25k$0-$5kHighNot Defined0.974390.05CVE-2020-6207
4Cisco IP Phone Discovery Protocol escalazione di privilegi8.88.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2020-3111
5EOS Camera Picture Transfer Protocol buffer overflow8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006720.00CVE-2019-6000
6Linux Kernel USB Device technisat-usb2.c rivelazione di un 'informazione8.58.5$5k-$25k$5k-$25kNot DefinedOfficial Fix0.007130.03CVE-2019-15505
7Microsoft Windows JET Database Engine buffer overflow7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.014920.02CVE-2019-1358
8Dell EMC iDRAC6 Web-based Diagnostics Console escalazione di privilegi7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2018-1212
9Tenable Nessus Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.02CVE-2019-3961
10DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.69CVE-2010-0966
11PHP Blowfish Hash password_verify Remote Code Execution6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.03CVE-2023-0567
12PHP SOAP HTTP Digest Authentication php_http.c php_random_bytes_throw rivelazione di un 'informazione2.62.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2023-3247
13TRENDnet TEW-811DRU httpd security.asp buffer overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.04CVE-2023-0613
14Ubuntu Linux overlayfs ovl_copy_up_meta_inode_data escalazione di privilegi7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.02CVE-2023-32629
15laravel escalazione di privilegi4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001600.07CVE-2022-2870
16Huawei SXXX VRP MPLS LSP Ping rivelazione di un 'informazione5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.04CVE-2014-8570
17WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
18nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.30CVE-2020-12440
19Apache Commons Text Variable Interpolation escalazione di privilegi8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.971500.04CVE-2022-42889
20Alkacon OpenCms cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004340.00CVE-2005-4294

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1142.93.102.244dev.dotyeti.comBuer23/08/2021verifiedAlto
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxx16/12/2020verifiedAlto
3XXX.XXX.XXX.XXXxxx23/08/2021verifiedAlto
4XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxx23/08/2021verifiedAlto
5XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxxxxxxxxxx.xxxXxxx23/08/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
17TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/backups/predictiveMedia
2File/cgi-bin/admin/testserver.cgipredictiveAlto
3File/cgi-bin/editBookmarkpredictiveAlto
4File/dev/kvmpredictiveMedia
5File/goform/RgDdnspredictiveAlto
6File/goform/RgDhcppredictiveAlto
7File/goform/RGFirewallELpredictiveAlto
8File/goform/RgTimepredictiveAlto
9File/goform/RgUrlBlock.asppredictiveAlto
10File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveAlto
11File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
12File/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
13File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveAlto
14Filexxx_xxxxxxx.xxxpredictiveAlto
15Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveAlto
16Filexxxx/xxxxxxx/xxxxxx/xxxx_xxxxxx.xpredictiveAlto
17Filexxxxxxx.xxxpredictiveMedia
18Filexxxxxx.xpredictiveMedia
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.xpredictiveAlto
21Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxxxx_xxx.xpredictiveAlto
22Filexxxxxxx/xxx/xxx/xxxxx.xpredictiveAlto
23Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictiveAlto
24Filexxx/xxxx/xxx_xxxx.xpredictiveAlto
25Filexxxxx/xxxxxxxxxx.xxxpredictiveAlto
26Filexxx/xxxx_xxxx.xpredictiveAlto
27Filexxxx/xxxxxxx.xpredictiveAlto
28Filexxxx/xxxxxxx.xpredictiveAlto
29Filexxx/xxxxxx.xxxpredictiveAlto
30Filexxxxxxx/xxxxx/xxxxxx/xxxx.xpredictiveAlto
31Filexxxxxx/xxxxx/xxxxx.xpredictiveAlto
32Filexxxxxxxxxx.xxxpredictiveAlto
33Filexxx_xxxxx_xxxx.xpredictiveAlto
34Filexxx/xxx/xxxx.xpredictiveAlto
35Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictiveAlto
36Filexxxxxxxxxx.xxxpredictiveAlto
37FilexxxxxxxxpredictiveMedia
38Filexxxxxxxxx.xxxpredictiveAlto
39FilexxxxxxpredictiveBasso
40Libraryxxxxxx.xxxxxxx.xxxxxxxpredictiveAlto
41Libraryxxxxx.xxxpredictiveMedia
42Libraryxxxxxxxx/xxx/xxxx/xxx/xxxxxx/xxxxxx.xpredictiveAlto
43Argument--xxxxxpredictiveBasso
44ArgumentxxxxxxxxpredictiveMedia
45ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
46Argumentxxxxxx[xxxxx_xxxxxxxxx]predictiveAlto
47ArgumentxxxxxxxxxxxxpredictiveMedia
48Argumentxxxxxx_xxx_xxpredictiveAlto
49Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveAlto
50ArgumentxxxxpredictiveBasso
51ArgumentxxpredictiveBasso
52ArgumentxxxxxxxxxxxxpredictiveMedia
53Argumentxxxxx_xxxxxxx_xxxxpredictiveAlto
54ArgumentxxxxxpredictiveBasso
55ArgumentxxxxxxxxxxxpredictiveMedia
56ArgumentxxxxxxxxpredictiveMedia
57ArgumentxxxxxxxxxxxpredictiveMedia
58ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveAlto
59ArgumentxxxxxxpredictiveBasso
60Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictiveAlto
61ArgumentxxxpredictiveBasso
62ArgumentxxxxxxxxpredictiveMedia
63ArgumentxxxxxxxxpredictiveMedia
64Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
65Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
66Input ValuexxxxxxxxxxpredictiveMedia
67Network Portxxx/xxxxxpredictiveMedia
68Network Portxxx/xxxxxpredictiveMedia
69Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!