Brushaloader 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (60)

タイムライン

言語

en50
de6
pl4

国・地域

us38
cn6
ir2

アクター

Brushaloader5
Xtreme RAT1
GhostDNS Exploit Kit1
Gootkit1
ISFB1

アクティビティ

関心

タイムライン

タイプ

Not Defined12
Content Management System6
Web Server4
SCADA Software2
Network Utility Software2

ベンダー

Not Defined14
Expinion.net2
Siemens2
Citrix2
Microsoft2

製品

Expinion.net News Manager Lite2
Siemens SIMATIC Drive Controller2
Siemens SIMATIC ET 200SP Open Controller CPU 1515S ...2
Siemens SIMATIC ET 200SP Open Controller CPU 1515S ...2
Siemens SIMATIC S7-1200 CPU2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.98CVE-2010-0966
3DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.68CVE-2007-1167
4Siemens SIMATIC Drive Controller Service Port 102 メモリ破損7.37.1$5k-$25k$5k-$25kNot DefinedWorkaround0.005260.02CVE-2020-15782
5Siemens SIMATIC S7-1200 PLC メモリ破損7.57.5$5k-$25k$0-$5kNot DefinedNot Defined0.002610.02CVE-2013-0700
6Devilz Clanportal File Upload 未知の脆弱性5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.04CVE-2006-6338
7MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.98CVE-2007-0354
8nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.91CVE-2020-12440
9PHP Proxy 弱い認証6.45.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.034700.00CVE-2018-19458
10Apple watchOS Font Remote Code Execution7.06.9$0-$5k$0-$5kHighOfficial Fix0.000730.07CVE-2023-41990
11Filebrowser 未知の脆弱性6.96.4$0-$5k$0-$5kFunctionalOfficial Fix0.007010.03CVE-2021-46398
12cURL SOCKS5 Proxy メモリ破損4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001800.02CVE-2023-38545
13Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.17CVE-2011-0643
14LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.18
15Xoops URL Filter index.php Redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.05CVE-2017-12138
16PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
17Digium Asterisk SDP Negotiation res_pjsip_session.c サービス拒否5.15.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001930.00CVE-2021-26906
18Siemens SIMATIC S7-300 PN/SIMATIC S7-400 PN 特権昇格6.46.3$5k-$25k$0-$5kNot DefinedWorkaround0.003730.02CVE-2016-9158
19BloodHound GenericAll.jsx 特権昇格7.97.9$0-$5k$0-$5kNot DefinedOfficial Fix0.005370.02CVE-2021-3210
20Microsoft IIS 特権昇格9.99.9$25k-$100k$5k-$25kNot DefinedNot Defined0.088750.02CVE-2010-1256

IOC - Indicator of Compromise (40)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
164.110.25.146webmail.jqluvhost.netBrushaloader2022年04月12日verified
264.110.25.147webmail.jqluvhost.netBrushaloader2022年04月12日verified
364.110.25.148xaeoi7a.npermit.topBrushaloader2022年04月12日verified
464.110.25.150webmail.jqluvhost.netBrushaloader2022年04月12日verified
564.110.25.151moiu0ae.lplaced.topBrushaloader2022年04月12日verified
664.110.25.152h2iuode.hairrestoredfast.topBrushaloader2022年04月12日verified
764.110.25.153vaxoiu5.shadego.topBrushaloader2022年04月12日verified
864.110.25.154nae2oiu.sidedgo.topBrushaloader2022年04月12日verified
9XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
10XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
11XXX.XXX.XXX.XXXxxxxxxxxxxx2022年04月12日verified
12XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
13XXX.XXX.XX.XXXXxxxxxxxxxxx2022年04月12日verified
14XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
15XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
16XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
17XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
18XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
19XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
20XXX.X.XX.XXxxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
21XXX.X.XXX.XXXxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
22XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
23XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
24XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
25XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
26XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
27XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
28XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
29XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
30XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
31XXX.X.XXX.XXXxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
32XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
33XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
34XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
35XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
36XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
37XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
38XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
39XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified
40XXX.X.XXX.XXXxxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxx2022年04月12日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/forum/away.phppredictive
2File/horde/util/go.phppredictive
3File/modules/profile/index.phppredictive
4Fileadmin/conf_users_edit.phppredictive
5Filexxxxxxx_xxx.xxxpredictive
6Filexxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictive
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
8Filexxxxx.xxxpredictive
9Filexxxx.xxxpredictive
10Filexxx/xxxxxx.xxxpredictive
11Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
12Filexxxxx.xxxpredictive
13Filexxxxx.xxx?x=xxxx://predictive
14Filexxxx/xxxxxx/xxxxx.xxxpredictive
15Filexxxx/xxxxxxxxxxx-xxxxxx-xxxxx.xxxpredictive
16Filexxx_xxxx.xxxpredictive
17Filexxxxxxxx.xxxpredictive
18Filexxx_xxxxx_xxxxxxx.xpredictive
19Argumentxxxxxxpredictive
20Argumentxxxxxxxxpredictive
21Argumentxxxxxxxpredictive
22Argumentxxxxpredictive
23Argumentxxxx_xxxxxpredictive
24Argumentxxpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxxx_xxxxpredictive
27Argumentxxxpredictive
28Network Portxxx/xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!