Brata Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (58)

Język

en	48
de	4
it	4
ja	2

Kraj

us	54
ch	2
ru	2

Aktorzy

Brata	2
BumbleBee	2
BRATA	1
IcedID	1
BlackCat	1

Wysiłek

Rodzaj

Not Defined	10
Content Management System	8
Operating System	4
Calendar Software	2
Auction Software	2

Sprzedawca

Not Defined	16
Ivanti	2
Apple	2
Oracle	2
dayrui	2

Produkt

Spiffy Calendar Plugin	2
TikiWiki	2
Ivanti Endpoint Manager Mobile	2
Apple Mac OS X Server	2
Oracle Solaris	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.33	CVE-2010-0966
3	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01058	0.00	CVE-2023-28223
4	Apple Mac OS X Server Wiki Server sql injection	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00339	0.42	CVE-2015-5911
5	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.39
6	Tiki TikiWiki tiki-editpage.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01194	0.03	CVE-2004-1386
7	dayrui FineCMS Linkage.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00067	0.00	CVE-2018-7476
8	PharStreamWrapper Protection Mechanism directory traversal	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02748	0.03	CVE-2019-11831
9	jQuery Property extend Pollution cross site scripting	6.6	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03535	0.16	CVE-2019-11358
10	Ivanti Endpoint Manager Mobile weak authentication	9.9	9.7	$0-$5k	$0-$5k	High	Official Fix	0.96584	0.00	CVE-2023-35078
11	Hitachi Vantara Pentaho Business Analytics Server Data Lineage weak encryption	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00145	0.00	CVE-2021-45447
12	SAP NetWeaver/ABAP Platform Route saprouttab privilege escalation	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00576	0.04	CVE-2022-27668
13	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.05	CVE-2023-21985
14	TikiWiki tiki-register.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.02	CVE-2006-6168
15	Francisco Burzi PHP-Nuke File case.filemanager.php privilege escalation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00575	0.00	CVE-2001-0854
16	Mattermost API Endpoint denial of service	4.2	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.03	CVE-2022-4045
17	libdwarf ELF File denial of service	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00272	0.00	CVE-2015-8750
18	Lanner IAC-AST2500A spx_restservice KillDupUsr_func memory corruption	9.9	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00239	0.03	CVE-2021-26728
19	Spiffy Calendar Plugin Event privilege escalation	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00068	0.00	CVE-2022-29434
20	Armada Design Master Index search.cgi directory traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02236	0.02	CVE-2000-0924

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	51.83.225.224		Brata	2022-08-04	verified	Wysoki
2	XX.XX.XXX.XXX		Xxxxx	2022-08-04	verified	Wysoki
3	XXX.XX.XXX.XXX		Xxxxx	2022-10-07	verified	Wysoki
4	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxx	2022-08-14	verified	Wysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Wysoki
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	add_comment.php	predictive	Wysoki
2	File	case.filemanager.php	predictive	Wysoki
3	File	cloud.php	predictive	Medium
4	File	xxxxxxxxxxx/xxxxx/xxxxxxx.xxx	predictive	Wysoki
5	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
6	File	xxx/xxxxxx.xxx	predictive	Wysoki
7	File	xxxxxxxxxx	predictive	Medium
8	File	xxxxxx.xxx	predictive	Medium
9	File	xxxxxx.xxx	predictive	Medium
10	File	xxxx-xxxxxxxx.xxx	predictive	Wysoki
11	File	xxxx-xxxxxxxx.xxx	predictive	Wysoki
12	File	xxxxxxxxx.xxx	predictive	Wysoki
13	File	xxxxxx.xxx	predictive	Medium
14	Argument	$xxx_xxxx	predictive	Medium
15	Argument	--xxx	predictive	Niski
16	Argument	xxxxxxxx	predictive	Medium
17	Argument	xxxxxxxx	predictive	Medium
18	Argument	xxxxxxxxxx	predictive	Medium
19	Argument	xxx_xx	predictive	Niski
20	Argument	xx	predictive	Niski
21	Argument	xx/xxx	predictive	Niski
22	Input Value	xxxxx.xxx	predictive	Medium

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/400cdf9d2ba1c5b5ffb511f840c9e174dbd35de2ddf58bd33392901a6c0f20ce/

◂ PoprzedniPrzeglądKolejny ▸

Do you know our Splunk app?

Download it now for free!