BuerLoader Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Sequenza temporale

Linguaggio

en36
de2
ar2

Nazione

us4
ru2
ar2
ch2

Attori

Buer1
Emotet1

Attività

Interesse

Sequenza temporale

Genere

Not Defined26
Peer-to-Peer Software4
Hardware Driver Software2
File Transfer Software2
Multimedia Processing Software2

Fornitore

Not Defined14
Thomson6
NVIDIA2
TRENDnet2
FileZilla2

Prodotto

Thomson TCW7106
uTorrent4
NVIDIA Graphics Drivers2
TRENDnet TEW-811DRU2
Airfield Online2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1TRENDnet TEW-811DRU httpd security.asp buffer overflow7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.04CVE-2023-0613
2laravel escalazione di privilegi4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001600.13CVE-2022-2870
3Huawei SXXX VRP MPLS LSP Ping rivelazione di un 'informazione5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.04CVE-2014-8570
4Apache Commons Text Variable Interpolation escalazione di privilegi8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.971500.04CVE-2022-42889
5Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001040.06CVE-2022-30209
6Alkacon OpenCms cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004340.00CVE-2005-4294
7Microsoft Internet Explorer Embedded Content cross site scripting6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.823400.03CVE-2005-3312
8Mozilla Firefox String vulnerabilità sconosciuta4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.002020.03CVE-2005-2602
9Netegrity SiteMinder Login smpwservicescgi.exe Redirect5.45.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000720.04CVE-2005-10001
10Dreambox DM500 Web Server escalazione di privilegi7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.025060.04CVE-2008-3936
11D-Link DIR URL Filter escalazione di privilegi5.35.1$25k-$100k$0-$5kHighOfficial Fix0.022650.02CVE-2008-4133
12Pro2col Stingray FTS cross site scripting5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2008-10001
13FFmpeg denial of service7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001860.02CVE-2012-2805
14Netgear WGR614 Authentication Code autenticazione debole4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.000780.03CVE-2012-6340
15NVIDIA Graphics Drivers registry buffer overflow7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2012-0951
16DD-WRT Web Interface cross site request forgery7.56.9$0-$5k$0-$5kUnprovenNot Defined0.003120.02CVE-2012-6297
17Dell SonicWall Secure Remote Access Appliance editBookmark cross site request forgery6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.018020.00CVE-2015-2248
18FileZilla Server PORT escalazione di privilegi4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.04CVE-2015-10003
19Kiddoware Kids Place Home Button Protection denial of service5.45.3$0-$5k$0-$5kHighOfficial Fix0.000420.04CVE-2015-10002
20uTorrent buffer overflow6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.04CVE-2018-25042

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
1104.248.83.13BuerLoader10/08/2022verifiedAlto
2XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxxxxxx11/06/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/backups/predictiveMedia
2File/cgi-bin/editBookmarkpredictiveAlto
3File/goform/RgDdnspredictiveAlto
4File/goform/RgDhcppredictiveAlto
5File/xxxxxx/xxxxxxxxxxxxpredictiveAlto
6File/xxxxxx/xxxxxxpredictiveAlto
7File/xxxxxx/xxxxxxxxxx.xxxpredictiveAlto
8File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveAlto
9File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
10File/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
11Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveAlto
12Filexxxxxxx.xxxpredictiveMedia
13Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictiveAlto
14ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveAlto
15ArgumentxxxxxxxxxxxxpredictiveMedia
16Argumentxxxxxx_xxx_xxpredictiveAlto
17Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveAlto
18ArgumentxxpredictiveBasso
19ArgumentxxxxxpredictiveBasso
20ArgumentxxxxxxxxxxxpredictiveMedia
21ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveAlto
22ArgumentxxxxxxpredictiveBasso
23Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictiveAlto
24ArgumentxxxxxxxxpredictiveMedia
25Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
26Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
27Network Portxxx/xxxxxpredictiveMedia
28Network Portxxx/xxxxxpredictiveMedia
29Network Portxxx xxxxxx xxxxpredictiveAlto

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!