Butter Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (38)

Sequenza temporale

Linguaggio

en34
zh4

Nazione

cn30
us8

Attori

Butter3

Attività

Interesse

Sequenza temporale

Genere

Not Defined12
Software Management Software6
Content Management System4
Firewall Software2
File Transfer Software2

Fornitore

Not Defined20
Apache4
Cisco2
FileZilla2
Joomla2

Prodotto

Webmin6
Cisco ASA2
FileZilla Server2
Joomla CMS2
Alt-N MDaemon2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Webmin UI Command apt-lib.pl cross site scripting6.66.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.969250.00CVE-2022-36446
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3MajorDoMo thumb.php escalazione di privilegi5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.737390.04CVE-2023-50917
4phpMyAdmin rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001360.03CVE-2022-0813
5phpMyAdmin Two-factor Authentication autenticazione debole6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.05CVE-2022-23807
6Codoforum Admin Panel escalazione di privilegi5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.171080.04CVE-2022-31854
7Inspur ClusterEngine Control Server escalazione di privilegi8.07.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.046640.07CVE-2020-21224
8Maianscriptworld Maian Cart Elfinder Plugin escalazione di privilegi6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.269060.00CVE-2021-32172
9Snap Creek Duplicator installer.php escalazione di privilegi8.58.2$0-$5k$0-$5kHighOfficial Fix0.838330.00CVE-2018-17207
10Cisco SD-WAN Software/SD-WAN vManage Software MPLS buffer overflow5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001710.00CVE-2021-1614
11Webmin User cross site request forgery3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.012750.00CVE-2021-31762
12Webmin Process cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.960240.00CVE-2021-31761
13Alt-N MDaemon Worldclient escalazione di privilegi4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000900.06CVE-2021-27182
14php-fusion downloads.php escalazione di privilegi7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.949640.00CVE-2020-24949
15Twisted twisted.web escalazione di privilegi6.66.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002400.00CVE-2019-12387
16Apache HTTP Server mod_proxy_http denial of service5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006190.03CVE-2020-13950
17Apache Tomcat NTFS File System File.getCanonicalPath rivelazione di un 'informazione5.15.1$5k-$25k$5k-$25kNot DefinedNot Defined0.002320.03CVE-2021-24122
18Webmin Default Configuration shadow directory traversal7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001490.00CVE-2018-8712
19Webmin Package Updates Module update.cgi escalazione di privilegi8.88.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.123310.06CVE-2019-12840
20spring-boot-actuator-logview directory traversal6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.967870.00CVE-2021-21234

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
137.187.154.79ns320600.ip-37-187-154.euButter13/02/2022verifiedAlto
246.105.103.169ns383264.ip-46-105-103.euButter13/02/2022verifiedAlto
3XXX.XX.XXX.XXXXxxxxx13/02/2022verifiedAlto
4XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxxxx.xxxXxxxxx13/02/2022verifiedAlto
5XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxx.xxxxx.xxxXxxxxx13/02/2022verifiedAlto
6XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxx.xxxXxxxxx13/02/2022verifiedAlto
7XXX.X.XXX.XXXXxxxxx13/02/2022verifiedAlto
8XXX.XX.XXX.XXXxxxxx13/02/2022verifiedAlto
9XXX.XX.XXX.XXXXxxxxx13/02/2022verifiedAlto
10XXX.XXX.XXX.XXXxxxxx13/02/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/etc/shadowpredictiveMedia
2Fileawstats.plpredictiveMedia
3Filecjson.cpredictiveBasso
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
5Filexxxxxxxxx/xxxxxxxxx.xxxpredictiveAlto
6Filexxxxxxxxx.xxxpredictiveAlto
7Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveAlto
8Filexxxxx.xxxpredictiveMedia
9Filexxxxxxx.xxxpredictiveMedia
10Filexxxxxx.xxxpredictiveMedia
11Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
12Libraryxxxxxxxx/xxx-xxx.xxpredictiveAlto
13ArgumentxxxxxxpredictiveBasso
14ArgumentxxxxpredictiveBasso
15Argumentxxxx/xxx_xxxxxxxxxpredictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Interested in the pricing of exploits?

See the underground prices here!