Buhtrap Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Sequenza temporale

Linguaggio

en104
ru14
de10
zh2

Nazione

ru114
us16

Attori

Buhtrap3
Gamaredon2
DCRat2
Rig Exploit Kit1
Redaman1

Attività

Interesse

Sequenza temporale

Genere

Not Defined40
Operating System16
E-Commerce Management Software8
Web Browser6
Content Management System6

Fornitore

Not Defined38
Microsoft18
Apple6
PortSwigger4
Benjamin Lefevre2

Prodotto

Microsoft Windows10
Apple Mac OS X4
EspoCRM2
Benjamin Lefevre Dobermann Forum2
Tor Browser2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Siemens SIMATIC HMI United Comfort Panel autenticazione debole7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.008740.00CVE-2020-15787
2Microsoft Windows Advanced Local Procedure Call Privilege Escalation9.28.7$25k-$100k$5k-$25kFunctionalOfficial Fix0.006830.02CVE-2023-21674
3Microsoft Windows Kernel Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.000530.00CVE-2022-21881
4Microsoft Windows SMB Witness Service escalazione di privilegi8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.001200.00CVE-2023-21549
5Microsoft SQL Server Privilege Escalation8.17.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000430.05CVE-2022-23276
6Select2 cross site scripting5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000940.04CVE-2016-10744
7HP 3PAR Service Processor SP rivelazione di un 'informazione4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.001100.02CVE-2015-5443
8Oracle Java SE/Java SE Embedded Deployment buffer overflow10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.011950.03CVE-2013-5788
9WooCommerce PayU India Payment Gateway Plugin Purchase Price escalazione di privilegi6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001140.05CVE-2019-14978
10WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price escalazione di privilegi7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002410.00CVE-2019-14977
11Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.08CVE-2017-0055
12Apache HTTP Server smbvalid/smbval authensmb buffer overflow10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.001330.02CVE-1999-1237
13Netgate pfSense XML File config.xml restore_rrddata escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.459280.01CVE-2023-27253
14Joomla Webservice Endpoint escalazione di privilegi5.45.4$5k-$25k$5k-$25kNot DefinedNot Defined0.952140.04CVE-2023-23752
15Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.21CVE-2005-4222
16MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.91CVE-2007-0354
17Cloudflare WARP Client warp-cli Subcommand escalazione di privilegi7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-2225
18Siemens SIMATIC PCS 7/SIMATIC S7-PM/SIMATIC STEP 7 V5 escalazione di privilegi9.29.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000840.02CVE-2023-25910
19Next.js next.config.js escalazione di privilegi5.15.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.02CVE-2022-23646
20Linux Kernel buffer overflow5.95.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2011-1477

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.63.159.325-63-159-32.cloudvps.regruhosting.ruBuhtrap23/12/2020verifiedAlto
237.140.195.165console.teonet.cloudBuhtrap23/12/2020verifiedAlto
337.143.12.190hosted-by.ihc.ruBuhtrap23/12/2020verifiedAlto
4XX.XXX.XXX.XXXxxxxxx25/03/2019verifiedAlto
5XXX.XXX.XXX.XXXxxxx.xxxxxxxxx.xxxxxXxxxxxx23/12/2020verifiedAlto
6XXX.XX.XX.XXxxx-xx-xx-xx.xxx.xxx.xxxxxxxxxxxx.xxXxxxxxx23/12/2020verifiedAlto
7XXX.XXX.XX.XXXxxxxxx.xxx.xxxxxxxxx.xxXxxxxxx23/12/2020verifiedAlto
8XXX.XX.XX.XXXxxxxxxxxx.xxXxxxxxx23/12/2020verifiedAlto
9XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxx.xxxxxxxxxxxx.xxXxxxxxx23/12/2020verifiedAlto
10XXX.XXX.XXX.XXXXxxxxxx23/12/2020verifiedAlto
11XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxxXxxxxxx25/03/2019verifiedAlto

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
12TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/objects/getImageMP4.phppredictiveAlto
2File/payu/icpcheckout/predictiveAlto
3File/uncpath/predictiveMedia
4Fileadclick.phppredictiveMedia
5Fileadmin.phppredictiveMedia
6Fileadrotate.pmpredictiveMedia
7Filearticle.phppredictiveMedia
8Fileasn1fix_retrieve.cpredictiveAlto
9Filebigsam_guestbook.phppredictiveAlto
10Filexxxxx.xxxpredictiveMedia
11Filexxxx/xxx/.../xxxxxxpredictiveAlto
12Filexxxxxxxx.xxxpredictiveMedia
13Filexxxxx.xxxpredictiveMedia
14Filexxxxxx.xxxpredictiveMedia
15Filexxxxxxx.xxxxpredictiveMedia
16Filexxxxxx.xxxpredictiveMedia
17Filexx/xx_xxxxxxx.xxxpredictiveAlto
18Filexxxxxxxx.xxxpredictiveMedia
19Filexxxxxxx/xxxx/xxxxxx/xxxxxxx.xpredictiveAlto
20Filexxxxx.xxxpredictiveMedia
21Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
22Filexxxxxxx.xxxpredictiveMedia
23Filexxxxxxxxx.xxxpredictiveAlto
24Filexxx/xxxxxx.xxxpredictiveAlto
25Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveAlto
26Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveAlto
27Filexxxx_xxxx.xxxpredictiveAlto
28Filexxxxxxxx.xxxpredictiveMedia
29Filexxx/xxxx/xxxx_xxxx.xpredictiveAlto
30Filexxxx.xxxxxx.xxpredictiveAlto
31Filexxx/xxxxx.xxxxpredictiveAlto
32Filexxxxxxx.xxxpredictiveMedia
33Filexxxx.xxxpredictiveMedia
34Filexxxxxxx.xxxpredictiveMedia
35Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictiveAlto
36Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
37Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveAlto
38Filexxxxxxx-xxxxxxx.xxxpredictiveAlto
39Filexx/xx/xxxxxxxxx_xxxxxxxxxxx.xxxpredictiveAlto
40Filexxxx.xxxpredictiveMedia
41Filexxxx/xxxxxxxxxxxx.xxxpredictiveAlto
42Filexxxxxxxxxxxx.xxxpredictiveAlto
43Filexxx.xxxxxxxx.xxxpredictiveAlto
44Filexxxxxxxx.xxxpredictiveMedia
45File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveAlto
46Libraryxxxxxx.xxxpredictiveMedia
47Libraryxxxxxxxx.xxx.xxxpredictiveAlto
48ArgumentxxxxxxxxxpredictiveMedia
49ArgumentxxxxxxxxpredictiveMedia
50ArgumentxxxxxxpredictiveBasso
51Argumentxxx_xxxpredictiveBasso
52ArgumentxxxpredictiveBasso
53Argumentxxx_xxpredictiveBasso
54ArgumentxxxpredictiveBasso
55Argumentxxxx_xxpredictiveBasso
56ArgumentxxxxxxxpredictiveBasso
57ArgumentxxxxpredictiveBasso
58ArgumentxxxxxxxxpredictiveMedia
59Argumentxxxxxxxxx->xxxxxxxxxpredictiveAlto
60ArgumentxxpredictiveBasso
61Argumentxxxx_xxpredictiveBasso
62ArgumentxxxpredictiveBasso
63ArgumentxxpredictiveBasso
64ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
65Argumentxxxxxx/xxxxxx_xxxxxxpredictiveAlto
66ArgumentxxxxxxpredictiveBasso
67ArgumentxxxpredictiveBasso
68ArgumentxxxxpredictiveBasso
69ArgumentxxxxxxxpredictiveBasso
70ArgumentxxxpredictiveBasso
71ArgumentxxxxxpredictiveBasso
72ArgumentxxxpredictiveBasso
73ArgumentxxxxxxpredictiveBasso
74ArgumentxxxxxxxxpredictiveMedia
75ArgumentxxxxxxxxpredictiveMedia
76Argumentxxxxxxxx/xxxxpredictiveAlto
77Argumentxxxxxxxx:xxxxxxxxpredictiveAlto
78Input Valuexxx[…]predictiveMedia
79Input Valuexxxxxxxxx:xxxxxxxxpredictiveAlto
80Network PortxxxpredictiveBasso

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!